JETTY-1281 Create new session after authentication

git-svn-id: svn+ssh://dev.eclipse.org/svnroot/rt/org.eclipse.jetty/jetty/trunk@2304 7e9141cc-0065-0410-87d8-b60c137991c4
author: Greg Wilkins 2010-09-28 04:28:38 +0000
committer: Greg Wilkins 2010-09-28 04:28:38 +0000
commit: 25446eb2216f146caefdcb0fbae7617dd7c5c6cf (patch)
tree: ec50f6bb6d3c4caae42fe463188369dcd882bafd /jetty-security/src/main/java/org/eclipse/jetty/security
parent: 0f292471904834e4c51b89a533b97a880df67670 (diff)
download: org.eclipse.jetty.project-25446eb2216f146caefdcb0fbae7617dd7c5c6cf.tar.gz
org.eclipse.jetty.project-25446eb2216f146caefdcb0fbae7617dd7c5c6cf.tar.xz
org.eclipse.jetty.project-25446eb2216f146caefdcb0fbae7617dd7c5c6cf.zip
9 files changed, 95 insertions, 26 deletions
diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/Authenticator.java b/jetty-security/src/main/java/org/eclipse/jetty/security/Authenticator.java
index 0852bf5f9b..ef18620371 100644
--- a/jetty-security/src/main/java/org/eclipse/jetty/security/Authenticator.java
+++ b/jetty-security/src/main/java/org/eclipse/jetty/security/Authenticator.java
@@ -22,6 +22,7 @@ import javax.servlet.ServletResponse;
 import org.eclipse.jetty.server.Authentication;
 import org.eclipse.jetty.server.Server;
 import org.eclipse.jetty.server.Authentication.User;
+import org.eclipse.jetty.server.SessionManager;
 
 /**
  * Authenticator Interface
@@ -40,7 +41,7 @@ public interface Authenticator
      * Configure the Authenticator
      * @param configuration
      */
-    void setConfiguration(Configuration configuration);
+    void setConfiguration(AuthConfiguration configuration);
     
     /* ------------------------------------------------------------ */
     /**
@@ -80,7 +81,7 @@ public interface Authenticator
     /** 
      * Authenticator Configuration
      */
-    interface Configuration
+    interface AuthConfiguration
     {
         String getAuthMethod();
         String getRealmName();
@@ -88,16 +89,17 @@ public interface Authenticator
         Set<String> getInitParameterNames();
         LoginService getLoginService();
         IdentityService getIdentityService();
+        boolean isSessionRenewedOnAuthentication();
     }
 
     /* ------------------------------------------------------------ */
     /* ------------------------------------------------------------ */
     /* ------------------------------------------------------------ */
     /** 
-     * Authenticator Facotory
+     * Authenticator Factory
      */
     interface Factory
     {
-        Authenticator getAuthenticator(Server server, ServletContext context, Configuration configuration, IdentityService identityService, LoginService loginService);
+        Authenticator getAuthenticator(Server server, ServletContext context, AuthConfiguration configuration, IdentityService identityService, LoginService loginService);
     }
 }
diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/ConstraintSecurityHandler.java b/jetty-security/src/main/java/org/eclipse/jetty/security/ConstraintSecurityHandler.java
index 2526b19d0d..bd783ce1f0 100644
--- a/jetty-security/src/main/java/org/eclipse/jetty/security/ConstraintSecurityHandler.java
+++ b/jetty-security/src/main/java/org/eclipse/jetty/security/ConstraintSecurityHandler.java
@@ -29,7 +29,10 @@ import org.eclipse.jetty.server.Connector;
 import org.eclipse.jetty.server.HttpConnection;
 import org.eclipse.jetty.server.Request;
 import org.eclipse.jetty.server.Response;
+import org.eclipse.jetty.server.SessionManager;
 import org.eclipse.jetty.server.UserIdentity;
+import org.eclipse.jetty.server.handler.ContextHandler;
+import org.eclipse.jetty.server.session.SessionHandler;
 import org.eclipse.jetty.util.StringMap;
 
 /* ------------------------------------------------------------ */
@@ -45,6 +48,7 @@ public class ConstraintSecurityHandler extends SecurityHandler implements Constr
     private final Set<String> _roles = new CopyOnWriteArraySet<String>();
     private final PathMap _constraintMap = new PathMap();
     private boolean _strict = true;
+    private SessionHandler _sessionHandler;
 
     
     /* ------------------------------------------------------------ */
@@ -93,13 +97,6 @@ public class ConstraintSecurityHandler extends SecurityHandler implements Constr
     }
     
     /* ------------------------------------------------------------ */
-    @Deprecated
-    public void setConstraintMappings(ConstraintMapping[] constraintMappings)
-    {
-        setConstraintMappings(Arrays.asList(constraintMappings),null);
-    }
-    
-    /* ------------------------------------------------------------ */
     /**
      * Process the constraints following the combining rules in Servlet 3.0 EA
      * spec section 13.7.1 Note that much of the logic is in the RoleInfo class.
@@ -112,14 +109,6 @@ public class ConstraintSecurityHandler extends SecurityHandler implements Constr
     {
         setConstraintMappings(constraintMappings,null);
     }
-
-    
-    /* ------------------------------------------------------------ */
-    @Deprecated
-    public void setConstraintMappings(ConstraintMapping[] constraintMappings, Set<String> roles)
-    {
-        setConstraintMappings(Arrays.asList(constraintMappings),roles);
-    }
     
     /* ------------------------------------------------------------ */
     /**
@@ -226,6 +215,10 @@ public class ConstraintSecurityHandler extends SecurityHandler implements Constr
                 processContraintMapping(mapping);
             }
         }
+        
+        if (ContextHandler.getCurrentContext()!=null)
+            _sessionHandler = ContextHandler.getCurrentContext().getContextHandler().getNestedHandlerByClass(SessionHandler.class);
+        
         super.doStart();
     }
 
diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/DefaultAuthenticatorFactory.java b/jetty-security/src/main/java/org/eclipse/jetty/security/DefaultAuthenticatorFactory.java
index bec4b347c1..3f3d12b83e 100644
--- a/jetty-security/src/main/java/org/eclipse/jetty/security/DefaultAuthenticatorFactory.java
+++ b/jetty-security/src/main/java/org/eclipse/jetty/security/DefaultAuthenticatorFactory.java
@@ -16,7 +16,7 @@ package org.eclipse.jetty.security;
 import javax.servlet.ServletContext;
 
 import org.eclipse.jetty.http.security.Constraint;
-import org.eclipse.jetty.security.Authenticator.Configuration;
+import org.eclipse.jetty.security.Authenticator.AuthConfiguration;
 import org.eclipse.jetty.security.authentication.BasicAuthenticator;
 import org.eclipse.jetty.security.authentication.ClientCertAuthenticator;
 import org.eclipse.jetty.security.authentication.DigestAuthenticator;
@@ -26,7 +26,7 @@ import org.eclipse.jetty.server.Server;
 /* ------------------------------------------------------------ */
 /**
  * The Default Authenticator Factory.
- * Uses the {@link Configuration#getAuthMethod()} to select an {@link Authenticator} from: <ul>
+ * Uses the {@link AuthConfiguration#getAuthMethod()} to select an {@link Authenticator} from: <ul>
  * <li>{@link org.eclipse.jetty.security.authentication.BasicAuthenticator}</li>
  * <li>{@link org.eclipse.jetty.security.authentication.DigestAuthenticator}</li>
  * <li>{@link org.eclipse.jetty.security.authentication.FormAuthenticator}</li>
@@ -48,7 +48,7 @@ public class DefaultAuthenticatorFactory implements Authenticator.Factory
 {
     LoginService _loginService;
     
-    public Authenticator getAuthenticator(Server server, ServletContext context, Configuration configuration, IdentityService identityService, LoginService loginService)
+    public Authenticator getAuthenticator(Server server, ServletContext context, AuthConfiguration configuration, IdentityService identityService, LoginService loginService)
     {
         String auth=configuration.getAuthMethod();
         Authenticator authenticator=null;
diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/SecurityHandler.java b/jetty-security/src/main/java/org/eclipse/jetty/security/SecurityHandler.java
index 0d78853666..1817419032 100644
--- a/jetty-security/src/main/java/org/eclipse/jetty/security/SecurityHandler.java
+++ b/jetty-security/src/main/java/org/eclipse/jetty/security/SecurityHandler.java
@@ -50,7 +50,7 @@ import org.eclipse.jetty.util.log.Log;
  * values in the SecurityHandler init parameters, are copied.  
  * 
  */
-public abstract class SecurityHandler extends HandlerWrapper implements Authenticator.Configuration
+public abstract class SecurityHandler extends HandlerWrapper implements Authenticator.AuthConfiguration
 {
     /* ------------------------------------------------------------ */
     private boolean _checkWelcomeFiles = false;
@@ -62,6 +62,7 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti
     private LoginService _loginService;
     private boolean _loginServiceShared;
     private IdentityService _identityService;
+    private boolean _renewSession=true;
 
     /* ------------------------------------------------------------ */
     protected SecurityHandler()
@@ -373,6 +374,26 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti
     }
     
     /* ------------------------------------------------------------ */
+    /**
+     * @see org.eclipse.jetty.security.Authenticator.AuthConfiguration#isSessionRenewedOnAuthentication()
+     */
+    public boolean isSessionRenewedOnAuthentication()
+    {
+        return _renewSession;
+    }
+    
+    /* ------------------------------------------------------------ */
+    /** Set renew the session on Authentication.
+     * <p>
+     * If set to true, then on authentication, the session associated with a reqeuest is invalidated and replaced with a new session.
+     * @see org.eclipse.jetty.security.Authenticator.AuthConfiguration#isSessionRenewedOnAuthentication()
+     */
+    public void setSessionRenewedOnAuthentication(boolean renew)
+    {
+        _renewSession=renew;
+    }
+    
+    /* ------------------------------------------------------------ */
     /*
      * @see org.eclipse.jetty.server.Handler#handle(java.lang.String,
      *      javax.servlet.http.HttpServletRequest,
diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/BasicAuthenticator.java b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/BasicAuthenticator.java
index 5499923414..1b01db44a2 100644
--- a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/BasicAuthenticator.java
+++ b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/BasicAuthenticator.java
@@ -76,7 +76,10 @@ public class BasicAuthenticator extends LoginAuthenticator
 
                     UserIdentity user = _loginService.login(username,password);
                     if (user!=null)
+                    {
+                        renewSessionOnAuthentication(request,response);
                         return new UserAuthentication(this,user);
+                    }
                 }
             }
 
diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/ClientCertAuthenticator.java b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/ClientCertAuthenticator.java
index f40b7e66e8..a754209b74 100644
--- a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/ClientCertAuthenticator.java
+++ b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/ClientCertAuthenticator.java
@@ -75,7 +75,10 @@ public class ClientCertAuthenticator extends LoginAuthenticator
 
                     UserIdentity user = _loginService.login(username,credential);
                     if (user!=null)
+                    {
+                        renewSessionOnAuthentication(request,response);
                         return new UserAuthentication(this,user);
+                    }
                 }
             }
                 
diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/DigestAuthenticator.java b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/DigestAuthenticator.java
index 9768b411c0..ad5295f538 100644
--- a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/DigestAuthenticator.java
+++ b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/DigestAuthenticator.java
@@ -127,7 +127,10 @@ public class DigestAuthenticator extends LoginAuthenticator
                 {
                     UserIdentity user = _loginService.login(digest.username,digest);
                     if (user!=null)
+                    {
+                        renewSessionOnAuthentication(request,response);
                         return new UserAuthentication(this,user);
+                    }
                 }
                 else if (n == 0) 
                     stale = true;
diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/FormAuthenticator.java b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/FormAuthenticator.java
index c546d40f7d..8edd0cafa2 100644
--- a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/FormAuthenticator.java
+++ b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/FormAuthenticator.java
@@ -93,10 +93,10 @@ public class FormAuthenticator extends LoginAuthenticator
     
     /* ------------------------------------------------------------ */
     /**
-     * @see org.eclipse.jetty.security.authentication.LoginAuthenticator#setConfiguration(org.eclipse.jetty.security.Authenticator.Configuration)
+     * @see org.eclipse.jetty.security.authentication.LoginAuthenticator#setConfiguration(org.eclipse.jetty.security.Authenticator.AuthConfiguration)
      */
     @Override
-    public void setConfiguration(Configuration configuration)
+    public void setConfiguration(AuthConfiguration configuration)
     {
         super.setConfiguration(configuration);
         String login=configuration.getInitParameter(FormAuthenticator.__FORM_LOGIN_PAGE);
@@ -181,6 +181,8 @@ public class FormAuthenticator extends LoginAuthenticator
                 UserIdentity user = _loginService.login(username,password);
                 if (user!=null)
                 {
+                    session=renewSessionOnAuthentication(request,response);
+                    
                     // Redirect to original request
                     String nuri;
                     synchronized(session)
diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/LoginAuthenticator.java b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/LoginAuthenticator.java
index cf339d02cc..6e48881d30 100644
--- a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/LoginAuthenticator.java
+++ b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/LoginAuthenticator.java
@@ -13,21 +13,31 @@
 
 package org.eclipse.jetty.security.authentication;
 
+import java.util.Enumeration;
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
 import org.eclipse.jetty.security.Authenticator;
 import org.eclipse.jetty.security.IdentityService;
 import org.eclipse.jetty.security.LoginService;
+import org.eclipse.jetty.server.SessionManager;
 
 public abstract class LoginAuthenticator implements Authenticator
 {
     protected final DeferredAuthentication _deferred=new DeferredAuthentication(this);
     protected LoginService _loginService;
     protected IdentityService _identityService;
+    private boolean _renewSession;
 
     protected LoginAuthenticator()
     {
     }
 
-    public void setConfiguration(Configuration configuration)
+    public void setConfiguration(AuthConfiguration configuration)
     {
         _loginService=configuration.getLoginService();
         if (_loginService==null)
@@ -35,10 +45,42 @@ public abstract class LoginAuthenticator implements Authenticator
         _identityService=configuration.getIdentityService();
         if (_identityService==null)
             throw new IllegalStateException("No IdentityService for "+this+" in "+configuration);
+        _renewSession=configuration.isSessionRenewedOnAuthentication();
     }
     
     public LoginService getLoginService()
     {
         return _loginService;
     }
+    
+    /* ------------------------------------------------------------ */
+    /** Change the session when the request is authenticated for the first time
+     * @param request
+     * @param response
+     * @return The new session.
+     */
+    protected HttpSession renewSessionOnAuthentication(HttpServletRequest request, HttpServletResponse response)
+    {
+        HttpSession httpSession = request.getSession(false);
+        if (_renewSession && httpSession!=null && httpSession.getAttribute("org.eclipse.jetty.security.secured")==null)
+        {
+            synchronized (this)
+            {
+                Map<String,Object> attributes = new HashMap<String, Object>();
+                for (Enumeration<String> e=httpSession.getAttributeNames();e.hasMoreElements();)
+                {
+                    String name=e.nextElement();
+                    attributes.put(name,httpSession.getAttribute(name));
+                    httpSession.removeAttribute(name);
+                }
+                httpSession.invalidate();
+                httpSession = request.getSession(true);
+                httpSession.setAttribute("org.eclipse.jetty.security.secured",Boolean.TRUE);
+                for (Map.Entry<String, Object> entry: attributes.entrySet())
+                    httpSession.setAttribute(entry.getKey(),entry.getValue());
+            }
+        }
+        
+        return httpSession;
+    }
 }
author	Greg Wilkins	2010-09-28 04:28:38 +0000
committer	Greg Wilkins	2010-09-28 04:28:38 +0000
commit	25446eb2216f146caefdcb0fbae7617dd7c5c6cf (patch)
tree	ec50f6bb6d3c4caae42fe463188369dcd882bafd /jetty-security/src/main/java/org/eclipse/jetty/security
parent	0f292471904834e4c51b89a533b97a880df67670 (diff)
download	org.eclipse.jetty.project-25446eb2216f146caefdcb0fbae7617dd7c5c6cf.tar.gz org.eclipse.jetty.project-25446eb2216f146caefdcb0fbae7617dd7c5c6cf.tar.xz org.eclipse.jetty.project-25446eb2216f146caefdcb0fbae7617dd7c5c6cf.zip