001    //$HeadURL: svn+ssh://jwilden@svn.wald.intevation.org/deegree/base/branches/2.5_testing/src/org/deegree/ogcwebservices/wass/common/GetSessionPasswordHandler.java $
002    /*----------------------------------------------------------------------------
003     This file is part of deegree, http://deegree.org/
004     Copyright (C) 2001-2009 by:
005       Department of Geography, University of Bonn
006     and
007       lat/lon GmbH
008    
009     This library is free software; you can redistribute it and/or modify it under
010     the terms of the GNU Lesser General Public License as published by the Free
011     Software Foundation; either version 2.1 of the License, or (at your option)
012     any later version.
013     This library is distributed in the hope that it will be useful, but WITHOUT
014     ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
015     FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
016     details.
017     You should have received a copy of the GNU Lesser General Public License
018     along with this library; if not, write to the Free Software Foundation, Inc.,
019     59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
020    
021     Contact information:
022    
023     lat/lon GmbH
024     Aennchenstr. 19, 53177 Bonn
025     Germany
026     http://lat-lon.de/
027    
028     Department of Geography, University of Bonn
029     Prof. Dr. Klaus Greve
030     Postfach 1147, 53001 Bonn
031     Germany
032     http://www.geographie.uni-bonn.de/deegree/
033    
034     e-mail: info@deegree.org
035    ----------------------------------------------------------------------------*/
036    package org.deegree.ogcwebservices.wass.common;
037    
038    import org.deegree.security.GeneralSecurityException;
039    import org.deegree.security.drm.SecurityAccessManager;
040    import org.deegree.security.drm.model.User;
041    import org.deegree.security.session.MemoryBasedSessionManager;
042    import org.deegree.security.session.Session;
043    import org.deegree.security.session.SessionStatusException;
044    
045    /**
046     * GetSession handler that handles the password method.
047     *
048     * @author <a href="mailto:schmitz@lat-lon.de">Andreas Schmitz</a>
049     * @author last edited by: $Author: mschneider $
050     *
051     * @version 2.0, $Revision: 18195 $, $Date: 2009-06-18 17:55:39 +0200 (Do, 18 Jun 2009) $
052     *
053     * @since 2.0
054     */
055    
056    public class GetSessionPasswordHandler implements GetSessionHandler {
057    
058        private final SecurityAccessManager manager;
059    
060        private final MemoryBasedSessionManager sessionManager;
061    
062        private int sessionLifetime = 0;
063    
064        /**
065         * Creates new instance using a wass SecurityAccessManager instance to create and instantiate the deegree
066         * SecurityAccessManager.
067         *
068         * @param securityManager
069         * @param sessionLifetime
070         * @throws GeneralSecurityException
071         */
072        public GetSessionPasswordHandler( WASSSecurityManager securityManager, int sessionLifetime )
073                                throws GeneralSecurityException {
074            manager = securityManager.getSecurityAccessManager();
075            sessionManager = MemoryBasedSessionManager.getInstance();
076            this.sessionLifetime = sessionLifetime;
077        }
078    
079        /**
080         * Handles only requests with password authentication method.
081         *
082         * @return a string with a session ID or null, if the method of the request is not password
083         * @see org.deegree.ogcwebservices.wass.common.GetSessionHandler#handleRequest(org.deegree.ogcwebservices.wass.common.GetSession)
084         */
085        public String handleRequest( GetSession request )
086                                throws SessionStatusException, GeneralSecurityException {
087    
088            AuthenticationData authData = request.getAuthenticationData();
089            String res = null;
090            // password authentication used?
091            if ( authData.usesPasswordAuthentication() ) {
092    
093                // use manager to authenticate the user with the password
094                String user = authData.getUsername();
095                String pass = authData.getPassword();
096                User usr = manager.getUserByName( user );
097    
098                usr.authenticate( pass );
099    
100                // create session
101                Session session = MemoryBasedSessionManager.createSession( authData.getUsername(), sessionLifetime );
102                sessionManager.addSession( session );
103                res = session.getSessionID().getId();
104            }
105    
106            return res;
107        }
108    
109    }