001    //$HeadURL: svn+ssh://rbezema@svn.wald.intevation.org/deegree/base/branches/2.2_testing/src/org/deegree/ogcwebservices/wass/common/GetSessionPasswordHandler.java $
002    /*----------------    FILE HEADER  ------------------------------------------
003    
004     This file is part of deegree.
005     Copyright (C) 2001-2008 by:
006     EXSE, Department of Geography, University of Bonn
007     http://www.giub.uni-bonn.de/deegree/
008     lat/lon GmbH
009     http://www.lat-lon.de
010    
011     This library is free software; you can redistribute it and/or
012     modify it under the terms of the GNU Lesser General Public
013     License as published by the Free Software Foundation; either
014     version 2.1 of the License, or (at your option) any later version.
015    
016     This library is distributed in the hope that it will be useful,
017     but WITHOUT ANY WARRANTY; without even the implied warranty of
018     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
019     Lesser General Public License for more details.
020    
021     You should have received a copy of the GNU Lesser General Public
022     License along with this library; if not, write to the Free Software
023     Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
024    
025     Contact:
026    
027     Andreas Poth
028     lat/lon GmbH
029     Aennchenstr. 19
030     53115 Bonn
031     Germany
032     E-Mail: poth@lat-lon.de
033    
034     Prof. Dr. Klaus Greve
035     Department of Geography
036     University of Bonn
037     Meckenheimer Allee 166
038     53115 Bonn
039     Germany
040     E-Mail: greve@giub.uni-bonn.de
041    
042     
043     ---------------------------------------------------------------------------*/
044    package org.deegree.ogcwebservices.wass.common;
045    
046    import org.deegree.framework.log.ILogger;
047    import org.deegree.framework.log.LoggerFactory;
048    import org.deegree.security.GeneralSecurityException;
049    import org.deegree.security.drm.SecurityAccessManager;
050    import org.deegree.security.drm.model.User;
051    import org.deegree.security.session.MemoryBasedSessionManager;
052    import org.deegree.security.session.Session;
053    import org.deegree.security.session.SessionStatusException;
054    
055    /**
056     * GetSession handler that handles the password method.
057     * 
058     * @author <a href="mailto:schmitz@lat-lon.de">Andreas Schmitz</a>
059     * @author last edited by: $Author: apoth $
060     * 
061     * @version 2.0, $Revision: 9348 $, $Date: 2007-12-27 17:59:14 +0100 (Do, 27 Dez 2007) $
062     * 
063     * @since 2.0
064     */
065    
066    public class GetSessionPasswordHandler implements GetSessionHandler {
067    
068        private final static ILogger LOG = LoggerFactory.getLogger( GetSessionPasswordHandler.class );
069    
070        private final SecurityAccessManager manager;
071    
072        private final MemoryBasedSessionManager sessionManager;
073        
074        private int sessionLifetime = 0;
075    
076        /**
077         * Creates new instance using a wass SecurityAccessManager instance to create and instantiate
078         * the deegree SecurityAccessManager.
079         * 
080         * @param securityManager
081         * @param sessionLifetime 
082         * @throws GeneralSecurityException
083         */
084        public GetSessionPasswordHandler( WASSSecurityManager securityManager, int sessionLifetime )
085                                throws GeneralSecurityException {
086            manager = securityManager.getSecurityAccessManager();
087            sessionManager = MemoryBasedSessionManager.getInstance();
088            this.sessionLifetime = sessionLifetime;
089        }
090    
091        /**
092         * Handles only requests with password authentication method.
093         * 
094         * @return a string with a session ID or null, if the method of the request is not password
095         * @see org.deegree.ogcwebservices.wass.common.GetSessionHandler#handleRequest(org.deegree.ogcwebservices.wass.common.GetSession)
096         */
097        public String handleRequest( GetSession request )
098                                throws SessionStatusException, GeneralSecurityException {
099            
100    
101            AuthenticationData authData = request.getAuthenticationData();
102            String res = null;
103            // password authentication used?
104            if ( authData.usesPasswordAuthentication() ) {
105    
106                // use manager to authenticate the user with the password
107                String user = authData.getUsername();
108                String pass = authData.getPassword();
109                User usr = manager.getUserByName( user );
110    
111                usr.authenticate( pass );
112    
113                // create session
114                Session session = MemoryBasedSessionManager.createSession( authData.getUsername(), sessionLifetime );
115                sessionManager.addSession( session );
116                res = session.getSessionID().getId();
117            }
118    
119            
120            return res;
121        }
122    
123    }