package com.aggrepoint.winlet.plugin;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import com.aggrepoint.winlet.ContextUtils;
import com.aggrepoint.winlet.UserEngine;
import com.aggrepoint.winlet.UserProfile;
/**
* 缺省UserEngine,当应用没有指定的UserEngine时使用
*
* @author Jiangming Yang (yangjm@gmail.com)
*/
public class DefaultUserEngine implements UserEngine {
static final String SESSION_KEY = DefaultUserEngine.class.getName()
+ ".USER";
static UserProfile ANONYMOUS = new UserProfile() {
private static final long serialVersionUID = 1L;
@Override
public boolean isAnonymous() {
return true;
}
@Override
public String getLoginId() {
return "";
}
@Override
public String getName() {
return "";
}
};
@Override
public UserProfile getUser(HttpServletRequest req) {
HttpSession session = req.getSession(false);
UserProfile up = session == null ? null : (UserProfile) session
.getAttribute(SESSION_KEY);
if (up == null)
up = ANONYMOUS;
return up;
}
@Override
public void setUser(HttpServletRequest req, UserProfile user) {
if (user == null) {
HttpSession session = req.getSession(false);
if (session != null) {
session.invalidate();
}
} else {
// start new session to prevent session fixation
HttpSession session = req.getSession(false);
if (session != null)
session.invalidate();
req.getSession(true).setAttribute(SESSION_KEY, user);
}
}
@Override
public UserProfile getUser() {
return getUser(ContextUtils.getRequest());
}
@Override
public void setUser(UserProfile user) {
setUser(ContextUtils.getRequest(), user);
}
}