SessionToken.java

/*
 * JBoss, Home of Professional Open Source.
 * See the COPYRIGHT.txt file distributed with this work for information
 * regarding copyright ownership.  Some portions may be licensed
 * to Red Hat, Inc. under one or more contributor license agreements.
 * 
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
 * version 2.1 of the License, or (at your option) any later version.
 * 
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 * 
 * You should have received a copy of the GNU Lesser General Public
 * License along with this library; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
 * 02110-1301 USA.
 */

package org.teiid.client.security;

import java.io.Externalizable;
import java.io.IOException;
import java.io.ObjectInput;
import java.io.ObjectOutput;
import java.security.SecureRandom;
import java.util.Arrays;

import org.teiid.core.util.Base64;


/**
 * This class is an immutable identifier for a unique session that also
 * maintains the name of the principal for that session.
 * 
 * Since this class can be used to authenticate a user, it must be secure in 
 * transit if sent to the client.  Also it should only be sent to the client 
 * who creates the session.
 */
public class SessionToken implements Externalizable {
	public final static long serialVersionUID = -2853708320435636107L;

	private static final SecureRandom random = new SecureRandom();
	
	/** The session ID */
	private String sessionID;
	private String userName;
	private byte[] secret = new byte[16];
	
	public SessionToken() {
	}

	/**
	 * Used by tests to control the session id
	 * 
	 * @param id
	 * @param userName
	 */
	public SessionToken(long id, String userName) {
		this.sessionID = Long.toString(id);
		this.userName = userName;
	}	

	/**
	 * The primary constructor that specifies userName
	 * 
	 * @param userName
	 * 		(String) the userName for this session
	 */	
	public SessionToken(String userName) {
		byte[] bytes = new byte[9]; //9 bytes fits evenly into base64 and should be sufficiently cluster unique
		random.nextBytes(bytes);
		this.sessionID = Base64.encodeBytes(bytes);
		this.userName = userName;
		random.nextBytes(secret);
	}
	
	@Override
	public boolean equals(Object obj) {
		if (obj == this) {
			return true;
		}
		if (!(obj instanceof SessionToken)) {
			return false;
		}
		SessionToken other = (SessionToken)obj;
		return userName.equals(other.userName) 
			&& sessionID.equals(other.sessionID)
			&& Arrays.equals(secret, other.secret);
	}
	
	/**
	 * Returns unique session identifier
	 * 
	 * @return the session ID
	 */
	public String getSessionID() {
		return this.sessionID;
	}

	/**
	 * Get the principal name for this session's user.
	 * 
	 * @return the user name
	 */
	public String getUsername() {
		return this.userName;
	}

	/**
	 * Returns a string representing the current state of the object.
	 */
	public String toString() {
		return "SessionToken[" + getUsername() + "," + this.sessionID + "]"; //$NON-NLS-1$ //$NON-NLS-2$ //$NON-NLS-3$
	}

	@Override
	public void readExternal(ObjectInput in) throws IOException,
			ClassNotFoundException {
		secret = (byte[])in.readObject();
		sessionID = (String)in.readObject();
		userName = (String)in.readObject();
	}
	
	@Override
	public void writeExternal(ObjectOutput out) throws IOException {
		out.writeObject(secret);
		out.writeObject(sessionID);
		out.writeObject(userName);
	}

}