AuthUtil.java

/**
 * Copyright 2013 Sean Kavanagh - sean.p.kavanagh6@gmail.com
 * <p/>
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 * <p/>
 * http://www.apache.org/licenses/LICENSE-2.0
 * <p/>
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package com.keybox.common.util;

import com.keybox.manage.util.EncryptionUtil;
import org.apache.commons.lang3.StringUtils;
import org.apache.struts2.util.TokenHelper;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import java.text.SimpleDateFormat;
import java.util.Calendar;


/**
 * Utility to obtain the authentication token from the http session and the user id from the auth token
 */
public class AuthUtil {

    public static final String SESSION_ID = "sessionId";
    public static final String USER_ID = "userId";
    public static final String AUTH_TOKEN = "authToken";
    public static final String TIMEOUT = "timeout";
    public static final String CSRF_TOKEN_NM = "_csrf";

    private AuthUtil() {
    }

    /**
     * query session for OTP shared secret
     *
     * @param session http session
     * @return shared secret
     */
    public static String getOTPSecret(HttpSession session) {
        String secret = (String) session.getAttribute("otp_secret");
        secret = EncryptionUtil.decrypt(secret);
        return secret;
    }

    /**
     * set authentication type
     *
     * @param session http session
     * @param authType authentication type
     */
    public static void setAuthType(HttpSession session, String authType) {
        if (authType != null) {
            session.setAttribute("authType", authType);
        }
    }

    /**
     * query authentication type
     *
     * @param session http session
     * @return authentication type
     */
    public static String getAuthType(HttpSession session) {
        String authType = (String) session.getAttribute("authType");
        return authType;
    }

    /**
     * set user type
     *
     * @param session http session
     * @param userType user type
     */
    public static void setUserType(HttpSession session, String userType) {
        if (userType != null) {
            session.setAttribute("userType", userType);
        }
    }

    /**
     * query user type
     *
     * @param session http session
     * @return user type
     */
    public static String getUserType(HttpSession session) {
        String userType = (String) session.getAttribute("userType");
        return userType;
    }

    /**
     * set session id
     *
     * @param session http session
     * @param sessionId session id
     */
    public static void setSessionId(HttpSession session, Long sessionId) {
        if (sessionId != null) {
            session.setAttribute(SESSION_ID, EncryptionUtil.encrypt(sessionId.toString()));
        }
    }

    /**
     * query session id
     *
     * @param session http session
     * @return session id
     */
    public static Long getSessionId(HttpSession session) {
        Long sessionId = null;
        String sessionIdStr = EncryptionUtil.decrypt((String) session.getAttribute(SESSION_ID));
        if (sessionIdStr != null && !sessionIdStr.trim().equals("")) {
            sessionId = Long.parseLong(sessionIdStr);
        }
        return sessionId;
    }

    /**
     * query session for user id
     *
     * @param session http session
     * @return user id
     */
    public static Long getUserId(HttpSession session) {
        Long userId = null;
        String userIdStr = EncryptionUtil.decrypt((String) session.getAttribute(USER_ID));
        if (userIdStr != null && !userIdStr.trim().equals("")) {
            userId = Long.parseLong(userIdStr);
        }
        return userId;
    }

    /**
     * query session for authentication token
     *
     * @param session http session
     * @return authentication token
     */
    public static String getAuthToken(HttpSession session) {
        String authToken = (String) session.getAttribute(AUTH_TOKEN);
        authToken = EncryptionUtil.decrypt(authToken);
        return authToken;
    }

    /**
     * query session for timeout
     *
     * @param session http session
     * @return timeout string
     */
    public static String getTimeout(HttpSession session) {
        String timeout = (String) session.getAttribute(TIMEOUT);
        return timeout;
    }

    /**
     * query csrf token for session
     *
     * @param session http session
     * @return token string
     */
    public static String getCSRFToken(HttpSession session) {
        String token = (String) session.getAttribute(CSRF_TOKEN_NM);
        return token;
    }

    /**
     * set session OTP shared secret
     *
     * @param session http session
     * @param secret shared secret
     */
    public static void setOTPSecret(HttpSession session, String secret) {
        if (secret != null && !secret.trim().equals("")) {
            session.setAttribute("otp_secret", EncryptionUtil.encrypt(secret));
        }
    }


    /**
     * set session user id
     *
     * @param session http session
     * @param userId user id
     */
    public static void setUserId(HttpSession session, Long userId) {
        if (userId != null) {
            session.setAttribute(USER_ID, EncryptionUtil.encrypt(userId.toString()));
        }
    }

    /**
     * set session authentication token
     *
     * @param session http session
     * @param authToken authentication token
     */
    public static void setAuthToken(HttpSession session, String authToken) {
        if (authToken != null && !authToken.trim().equals("")) {
            session.setAttribute(AUTH_TOKEN, EncryptionUtil.encrypt(authToken));
        }
    }

    /**
     * set session timeout
     *
     * @param session http session
     */
    public static void setTimeout(HttpSession session) {
        //set session timeout
        SimpleDateFormat sdf = new SimpleDateFormat("MMddyyyyHHmmss");
        Calendar timeout = Calendar.getInstance();
        timeout.add(Calendar.MINUTE, Integer.parseInt(AppConfig.getProperty("sessionTimeout", "15")));
        session.setAttribute(TIMEOUT, sdf.format(timeout.getTime()));
    }

    /**
     * generate csrf token for session
     *
     * @param session http session
     * @return _csrf token
     */
    public static String generateCSRFToken(HttpSession session) {
        String _csrf = TokenHelper.generateGUID();
        session.setAttribute(CSRF_TOKEN_NM, _csrf);
        return _csrf;
    }

    /**
     * delete all session information
     *
     * @param session
     */
    public static void deleteAllSession(HttpSession session) {

        session.setAttribute(CSRF_TOKEN_NM, null);
        session.setAttribute(TIMEOUT, null);
        session.setAttribute(AUTH_TOKEN, null);
        session.setAttribute(USER_ID, null);
        session.setAttribute(SESSION_ID, null);

        session.invalidate();
    }

    /**
     * return client ip from servlet request
     *
     * @param servletRequest http servlet request
     * @return client ip
     */
    public static String getClientIPAddress(HttpServletRequest servletRequest) {
        String clientIP = null;
        if (StringUtils.isNotEmpty(AppConfig.getProperty("clientIPHeader"))) {
            clientIP = servletRequest.getHeader(AppConfig.getProperty("clientIPHeader"));
        }
        if (StringUtils.isEmpty(clientIP)) {
            clientIP = servletRequest.getRemoteAddr();
        }
        return clientIP;
    }

}