JaboxAuthenticatedWebSession.java

/*
 * Jabox Open Source Version
 * Copyright (C) 2009-2010 Dimitris Kapanidis                                                                                                                          
 * 
 * This file is part of Jabox
 * 
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 * 
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 * 
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see http://www.gnu.org/licenses/.
 */
package org.jabox.webapp.pages;

import org.apache.wicket.authroles.authentication.AuthenticatedWebSession;
import org.apache.wicket.authroles.authorization.strategies.role.Roles;
import org.apache.wicket.guice.GuiceInjectorHolder;
import org.apache.wicket.persistence.provider.UserXstreamDao;
import org.apache.wicket.request.Request;
import org.jabox.model.User;
import org.jabox.webapp.application.WicketApplication;
import org.mindrot.jbcrypt.BCrypt;

/**
 * Authenticated session subclass
 */
public class JaboxAuthenticatedWebSession extends AuthenticatedWebSession {
    private static final long serialVersionUID = 1L;

    private String _username;

    /**
     * Construct.
     * 
     * @param request
     *            The current request object
     */
    public JaboxAuthenticatedWebSession(final Request request) {
        super(request);
        ((WicketApplication) WicketApplication.get())
            .getMetaData(GuiceInjectorHolder.INJECTOR_KEY).getInjector()
            .injectMembers(this);
        // InjectorHolder.getInjector().inject(this);
    }

    /**
     * @see org.apache.wicket.authentication.AuthenticatedWebSession#authenticate(java.lang.String,
     *      java.lang.String)
     */
    @Override
    public boolean authenticate(final String username,
            final String password) {
        if (username == null || password == null) {
            return false;
        }

        User user = UserXstreamDao.getUser(username);

        if (user == null) {
            return false;
        }

        if (!username.equals(user.getLogin())) {
            return false;
        }

        if (BCrypt.checkpw(password, user.getPasswordHash())) {
            _username = user.getLogin();
            return true;
        } else {
            return false;
        }
    }

    /**
     * @see org.apache.wicket.authentication.AuthenticatedWebSession#getRoles()
     */
    @Override
    public Roles getRoles() {
        if (isSignedIn()) {
            // If the user is signed in, they have these roles
            return new Roles(Roles.ADMIN);
        }
        return null;
    }

    /**
     * @return the username of the authenticated user.
     */
    public String getUsername() {
        return _username;
    }
}