package com.github.wicketoracle.session; import java.sql.SQLException; import java.util.Locale; import org.apache.wicket.authentication.AuthenticatedWebSession; import org.apache.wicket.authorization.strategies.role.Roles; import org.apache.wicket.protocol.http.WebApplication; import org.apache.wicket.protocol.http.request.WebClientInfo; import org.apache.wicket.Request; import org.apache.wicket.util.crypt.ICrypt; import org.apache.wicket.util.crypt.KeyInSessionSunJceCryptFactory; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import com.github.wicketoracle.WicketApplication; import com.github.wicketoracle.session.user.PersonalDetails; /** * An authenticated session in the application. * * Because end-to-end authentication( app to db ) is used * both the username and password must be stored. * * @author Andrew Hall * */ public final class Session extends AuthenticatedWebSession { private static final long serialVersionUID = 1L; private static final Logger LOGGER = LoggerFactory.getLogger( Session.class ); private static final String APPLICATION_MODE = WebApplication.get().getConfigurationType(); private ICrypt crypt; private String username; private String password; private PersonalDetails personalDetails = new PersonalDetails(); /** * Constructor * * @param request */ public Session( final Request pRequest ) { super( pRequest ); } /** * @see org.apache.wicket.authentication.AuthenticatedWebSession#authenticate( String, String ) */ public boolean authenticate( final String pUsername , final String pPassword ) { boolean isSuccessful = true; SessionDAO loginDAO = null; try { LOGGER.debug( "Request new SessionDAO -> username -> {}" , pUsername ); loginDAO = new SessionDAO( pUsername , pPassword ); LOGGER.debug( "Built login DAO" ); setPersonalDetails( loginDAO.getAppUserDetails() ); LOGGER.debug( "Retrieved and added user details to the session" ); this.setLocale( new Locale( getPersonalDetails().getLanguageCode() ) ); LOGGER.debug( "Set user's locale -> {}" , this.getLocale().getCountry() ); if ( isTemporary() ) { bind(); } LOGGER.debug( "Added this session to the session store" ); final String ipAddress = ( ( WebClientInfo ) super.getClientInfo() ).getProperties().getRemoteAddress(); final String httpSession = getId(); loginDAO.recordLogon( ipAddress , httpSession ); LOGGER.debug( "Recorded the details of a successful logon ; IP Address -> {} ; HTTP Session -> {}" , ipAddress , httpSession ); crypt = new KeyInSessionSunJceCryptFactory().newCrypt(); setUsername( pUsername ); setPassword( pPassword ); LOGGER.debug( "Set username and password" ); } catch ( SQLException sqle ) { LOGGER.error ( "SQL Exception in authenticate() -> {}; error code -> {}; sql state -> {};" , new Object [] { sqle.getMessage() , sqle.getErrorCode() , sqle.getSQLState() } ); isSuccessful = false; } finally { if ( !( loginDAO == null ) && ! loginDAO.closeConnection() ) { isSuccessful = false; } } return isSuccessful; } /** * @see org.apache.wicket.authentication.AuthenticatedWebSession#getRoles() */ public Roles getRoles() { return personalDetails.getRoles(); } /** * @return True if the user has signed in */ public boolean isAuthenticated() { return ( getUsername() != null ); } /** * * @return */ public boolean isDebugInfoVisible() { return APPLICATION_MODE.equals( WicketApplication.DEVELOPMENT ) || getRoles().hasRole( RequiredRoles.ROLE_VIEW_DEBUG_INFO ); } /** * @return Java bean containing personal details of authenticated user */ public PersonalDetails getPersonalDetails() { return personalDetails; } /** * * @param pPersonalDetails * personal details of authenticated user */ public void setPersonalDetails( final PersonalDetails pPersonalDetails ) { personalDetails = pPersonalDetails; } /** * @return The username */ public String getUsername() { return username; } /** * @param pUsername * The username */ public void setUsername( final String pUsername ) { username = pUsername; } /** * * @return the password in encrypted form */ public String getEncryptedPassword() { return password; } /** * @return The password */ public String getPassword() { return crypt.decryptUrlSafe( password ); } /** * @param pPassword * The password */ public void setPassword( final String pPassword ) { password = crypt.encryptUrlSafe( pPassword ); } }