WebAccessControlUtil.java

/*
 * JOSSO: Java Open Single Sign-On
 *
 * Copyright 2004-2009, Atricore, Inc.
 *
 * This is free software; you can redistribute it and/or modify it
 * under the terms of the GNU Lesser General Public License as
 * published by the Free Software Foundation; either version 2.1 of
 * the License, or (at your option) any later version.
 *
 * This software is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this software; if not, write to the Free
 * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
 * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
 *
 */

package org.josso.agent.http;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.josso.agent.Lookup;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/**
 * Generic utils to be used by partner application developres to trigger authentication process and obtain current security context.
 * <p/>
 * Date: Nov 29, 2007
 * Time: 4:41:53 PM
 *
 * @author <a href="mailto:sgonzalez@josso.org">Sebastian Gonzalez Oyuela</a>
 */
public class WebAccessControlUtil {

    public static final Log log = LogFactory.getLog(WebAccessControlUtil.class);

    //public static final String KEY_JOSSO_SAVED_REQUEST_URI = "org.josso.servlet.agent.savedRequest";
    
    public static final String KEY_JOSSO_SAVED_REQUEST_URI = "JOSSO_SAVED_REQUEST";

    /**
     * Attribute key used to store current security context instance.
     */
    public static final String KEY_JOSSO_SECURITY_CONTEXT = "org.josso.servlet.agent.JOSSOSecurityContext";


    /**
     * This method will redirect the user the the login page configured in the JOSSO Gateway.
     */
    public static void askForLogin(HttpServletRequest request, HttpServletResponse response) throws Exception {

        StringBuffer sb = new StringBuffer(request.getRequestURI());
        if (request.getQueryString() != null) {
            sb.append('?');
            sb.append(request.getQueryString());
        }

        HttpSSOAgent agent = (HttpSSOAgent) Lookup.getInstance().lookupSSOAgent();
        
        if (log.isDebugEnabled())
            log.debug("Storing original request : " + sb.toString());

        agent.setAttribute(request, response, KEY_JOSSO_SAVED_REQUEST_URI, sb.toString());
        
        response.sendRedirect(request.getContextPath() + agent.getJossoLoginUri());
        
    }

    /**
     * This method provides access to JOSSO securit context, if no context is present is because user is not authenticated.
     *
     * @param request
     * @return
     */
    public static JOSSOSecurityContext getSecurityContext(HttpServletRequest request) {
        return (JOSSOSecurityContext) request.getSession().getAttribute(
                WebAccessControlUtil.KEY_JOSSO_SECURITY_CONTEXT);
    }
}