001    //$HeadURL: svn+ssh://rbezema@svn.wald.intevation.org/deegree/base/tags/2.1/src/org/deegree/ogcwebservices/wass/common/GetSessionPasswordHandler.java $
002    /*----------------    FILE HEADER  ------------------------------------------
003    
004     This file is part of deegree.
005     Copyright (C) 2001-2004 by:
006     EXSE, Department of Geography, University of Bonn
007     http://www.giub.uni-bonn.de/exse/
008     lat/lon GmbH
009     http://www.lat-lon.de
010    
011     This library is free software; you can redistribute it and/or
012     modify it under the terms of the GNU Lesser General Public
013     License as published by the Free Software Foundation; either
014     version 2.1 of the License, or (at your option) any later version.
015    
016     This library is distributed in the hope that it will be useful,
017     but WITHOUT ANY WARRANTY; without even the implied warranty of
018     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
019     Lesser General Public License for more details.
020    
021     You should have received a copy of the GNU Lesser General Public
022     License along with this library; if not, write to the Free Software
023     Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
024    
025     Contact:
026    
027     Andreas Poth
028     lat/lon GmbH
029     Meckenheimer Allee 176
030     53115 Bonn
031     Germany
032     E-Mail: poth@lat-lon.de
033    
034     Prof. Dr. Klaus Greve
035     Department of Geography
036     University of Bonn
037     Meckenheimer Allee 166
038     53115 Bonn
039     Germany
040     E-Mail: greve@giub.uni-bonn.de
041    
042     ---------------------------------------------------------------------------*/
043    package org.deegree.ogcwebservices.wass.common;
044    
045    import org.deegree.framework.log.ILogger;
046    import org.deegree.framework.log.LoggerFactory;
047    import org.deegree.security.GeneralSecurityException;
048    import org.deegree.security.drm.SecurityAccessManager;
049    import org.deegree.security.drm.model.User;
050    import org.deegree.security.session.MemoryBasedSessionManager;
051    import org.deegree.security.session.Session;
052    import org.deegree.security.session.SessionStatusException;
053    
054    /**
055     * GetSession handler that handles the password method.
056     * 
057     * @author <a href="mailto:schmitz@lat-lon.de">Andreas Schmitz</a>
058     * @author last edited by: $Author: bezema $
059     * 
060     * @version 2.0, $Revision: 6259 $, $Date: 2007-03-20 10:15:15 +0100 (Di, 20 Mär 2007) $
061     * 
062     * @since 2.0
063     */
064    
065    public class GetSessionPasswordHandler implements GetSessionHandler {
066    
067        private final static ILogger LOG = LoggerFactory.getLogger( GetSessionPasswordHandler.class );
068    
069        private final SecurityAccessManager manager;
070    
071        private final MemoryBasedSessionManager sessionManager;
072        
073        private int sessionLifetime = 0;
074    
075        /**
076         * Creates new instance using a wass SecurityAccessManager instance to create and instantiate
077         * the deegree SecurityAccessManager.
078         * 
079         * @param securityManager
080         * @param sessionLifetime 
081         * @throws GeneralSecurityException
082         */
083        public GetSessionPasswordHandler( WASSSecurityManager securityManager, int sessionLifetime )
084                                throws GeneralSecurityException {
085            manager = securityManager.getSecurityAccessManager();
086            sessionManager = MemoryBasedSessionManager.getInstance();
087            this.sessionLifetime = sessionLifetime;
088        }
089    
090        /**
091         * Handles only requests with password authentication method.
092         * 
093         * @return a string with a session ID or null, if the method of the request is not password
094         * @see org.deegree.ogcwebservices.wass.common.GetSessionHandler#handleRequest(org.deegree.ogcwebservices.wass.common.GetSession)
095         */
096        public String handleRequest( GetSession request )
097                                throws SessionStatusException, GeneralSecurityException {
098            LOG.entering();
099    
100            AuthenticationData authData = request.getAuthenticationData();
101            String res = null;
102            // password authentication used?
103            if ( authData.usesPasswordAuthentication() ) {
104    
105                // use manager to authenticate the user with the password
106                String user = authData.getUsername();
107                String pass = authData.getPassword();
108                User usr = manager.getUserByName( user );
109    
110                usr.authenticate( pass );
111    
112                // create session
113                Session session = MemoryBasedSessionManager.createSession( authData.getUsername(), sessionLifetime );
114                sessionManager.addSession( session );
115                res = session.getSessionID().getId();
116            }
117    
118            LOG.exiting();
119            return res;
120        }
121    
122    }
123    
124    /***************************************************************************************************
125     * Changes to this class. What the people have been up to: 
126     * $Log$
127     * Revision 1.8  2006/08/29 19:14:17  poth
128     * code formating / footer correction
129     *
130     * Revision 1.7  2006/06/26 15:02:58  bezema
131     * Finished the wass
132     * Changes to this class. What the people have been up to:
133     * Revision 1.6  2006/06/19 12:47:26  schmitz
134     * Updated the documentation, fixed the warnings and implemented logging everywhere.
135     * Changes to this class. What the people have been up to:
136     * Revision 1.5 2006/06/16 15:01:05 schmitz
137     * Fixed the WSS to work with all kinds of
138     * operation tests. It checks out with both
139     * XML and KVP requests. Changes to this
140     * class. What the people have been up to: Revision 1.4 2006/05/30 11:44:51 schmitz Changes to this
141     * class. What the people have been up to: Updated the documentation, fixed some warnings. Changes
142     * to this class. What the people have been up to: Revision 1.3 2006/05/30 08:44:48 bezema
143     * Reararranging the layout (again) to use features of OOP. The owscommonDocument is the real
144     * baseclass now.
145     * 
146     * Revision 1.2 2006/05/29 16:24:59 bezema Rearranging the layout of the wss and creating the
147     * doservice classes. The WSService class is implemented as well
148     * 
149     * Revision 1.1 2006/05/29 12:00:58 bezema Refactored the security and authentication webservices
150     * into one package WASS (Web Authentication -and- Security Services), also created a common package
151     * and a saml package which could be updated to work in the future.
152     * 
153     * Revision 1.2 2006/05/26 14:38:32 schmitz Added some KVP constructors to WAS operations. Added
154     * some comments, updated the plan. Restructured WAS operations by adding an AbstractRequest base
155     * class.
156     * 
157     * Revision 1.1 2006/05/26 11:55:09 schmitz Extended the handlers to actually do something useful.
158     * Added configuration package to WAS, added plan text file. Added GetSessionHandler interface,
159     * added CloseSessionHandler.
160     * 
161     **************************************************************************************************/