Source Code of flex.messaging.security.TomcatLoginCommand

/*************************************************************************
 * 
 * ADOBE CONFIDENTIAL
 * __________________
 * 
 *  [2002] - [2007] Adobe Systems Incorporated 
 *  All Rights Reserved.
 * 
 * NOTICE:  All information contained herein is, and remains
 * the property of Adobe Systems Incorporated and its suppliers,
 * if any.  The intellectual and technical concepts contained
 * herein are proprietary to Adobe Systems Incorporated
 * and its suppliers and may be covered by U.S. and Foreign Patents,
 * patents in process, and are protected by trade secret or copyright law.
 * Dissemination of this information or reproduction of this material
 * is strictly forbidden unless prior written permission is obtained
 * from Adobe Systems Incorporated.
 */
package flex.messaging.security;


import java.security.Principal;
import java.util.List;


import javax.servlet.http.HttpServletRequest;


import flex.messaging.FlexContext;
import flex.messaging.util.PropertyStringResourceLoader;


/**
 * A Tomcat specific implementation of LoginCommand
 *
 * @author Brian Deitte
 * @author Matt Chotin
 */
public class TomcatLoginCommand extends AppServerLoginCommand
{
    private static final int NO_VALVE = 20000;


    public Principal doAuthentication(String username, Object credentials)
        throws SecurityException
    {
        TomcatLogin login = TomcatLoginHolder.getLogin();
        if (login == null)
        {
            SecurityException se =
                new SecurityException(new PropertyStringResourceLoader("flex.messaging.vendors"));
            se.setMessage(NO_VALVE);
            throw se;
        }


        String password = extractPassword(credentials);
        if (password != null)
        {
            HttpServletRequest request = (HttpServletRequest)FlexContext.getHttpRequest();
            return login.login(username, password, request);
        }


        return null;
    }


    public boolean doAuthorization(Principal principal, List roles)
        throws SecurityException
    {
        boolean authorized = false;


        HttpServletRequest request = FlexContext.getHttpRequest();


        if (request != null && 
            principal != null && principal.equals(request.getUserPrincipal()))
        {
            authorized = doAuthorization(principal, roles, request);
        }
        else
        {
            TomcatLogin login = TomcatLoginHolder.getLogin();
            if (login == null)
            {
                SecurityException se =
                    new SecurityException(new PropertyStringResourceLoader("flex.messaging.vendors"));
                se.setMessage(NO_VALVE);
                throw se;
            }
            authorized = login.authorize(principal, roles);
        }


        return authorized;
    }


    public boolean logout(Principal principal) throws SecurityException
    {
        HttpServletRequest request = FlexContext.getHttpRequest();
        if (request != null)
        {
            TomcatLogin login = TomcatLoginHolder.getLogin();
            if (login != null)
            {
                return login.logout(request);
            }
            else
            {
                //TODO should we do this?
                //request.getSession(false).invalidate();
            }
        }
        return true;
    }


}
Source Code of flex.messaging.security.TomcatLoginCommand

Related Classes of flex.messaging.security.TomcatLoginCommand
