RemoteUserSSO.java

/*
 * Copyright (c) JForum Team. All rights reserved.
 *
 * The software in this package is published under the terms of the LGPL
 * license a copy of which has been included with this distribution in the
 * license.txt file.
 *
 * The JForum Project
 * http://www.jforum.net
 */
package net.jforum.sso;

import javax.servlet.http.HttpServletRequest;

import net.jforum.entities.UserSession;
import net.jforum.util.ConfigKeys;
import net.jforum.util.JForumConfig;

/**
 * Simple SSO authenticator. This class will try to validate an user by simple checking <code>request.getRemoteUser()</code> is not null.
 *
 * @author Rafael Steil
 */
public class RemoteUserSSO implements SSO {
	private JForumConfig config;

	/**
	 * @see net.jforum.sso.SSO#authenticateUser(net.jforum.context.RequestContext)
	 * @param request AWebContextRequest * @return String
	 */
	@Override
	public String authenticateUser(HttpServletRequest request) {
		return request.getRemoteUser();
	}

	@Override
	public boolean isSessionValid(UserSession userSession) {
		String remoteUser = userSession.getRequest().getRemoteUser();

		// user has since logged out
		if (remoteUser == null && userSession.getUser().getId() != this.config.getInt(ConfigKeys.ANONYMOUS_USER_ID)) {
			return false;
		}
		// user has since logged in
		else if (remoteUser != null && userSession.getUser().getId() == this.config.getInt(ConfigKeys.ANONYMOUS_USER_ID)) {
			return false;
		}
		// user has changed user
		else if (remoteUser != null && !remoteUser.equals(userSession.getUser().getUsername())) {
			return false;
		}

		return true;
	}

	/**
	 * @see net.jforum.sso.SSO#setConfig(net.jforum.util.JForumConfig)
	 */
	@Override
	public void setConfig(JForumConfig config) {
		this.config = config;
	}
}