001/* 002 * This library is part of OpenCms - 003 * the Open Source Content Management System 004 * 005 * Copyright (c) Alkacon Software GmbH & Co. KG (http://www.alkacon.com) 006 * 007 * This library is free software; you can redistribute it and/or 008 * modify it under the terms of the GNU Lesser General Public 009 * License as published by the Free Software Foundation; either 010 * version 2.1 of the License, or (at your option) any later version. 011 * 012 * This library is distributed in the hope that it will be useful, 013 * but WITHOUT ANY WARRANTY; without even the implied warranty of 014 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 015 * Lesser General Public License for more details. 016 * 017 * For further information about Alkacon Software GmbH & Co. KG, please see the 018 * company website: http://www.alkacon.com 019 * 020 * For further information about OpenCms, please see the 021 * project website: http://www.opencms.org 022 * 023 * You should have received a copy of the GNU Lesser General Public 024 * License along with this library; if not, write to the Free Software 025 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 026 */ 027 028package org.opencms.main; 029 030import org.opencms.file.CmsObject; 031import org.opencms.file.CmsUser; 032import org.opencms.security.I_CmsAuthorizationHandler; 033import org.opencms.util.CmsUUID; 034 035import java.util.Map; 036 037import javax.servlet.http.HttpServletRequest; 038import javax.servlet.http.HttpSession; 039 040import org.apache.commons.logging.Log; 041 042/** 043 * Abstract class to grant the needed access to the session manager.<p> 044 * 045 * @since 6.5.4 046 */ 047public abstract class A_CmsAuthorizationHandler implements I_CmsAuthorizationHandler { 048 049 /** The static log object for this class. */ 050 protected static final Log LOG = CmsLog.getLog(A_CmsAuthorizationHandler.class); 051 052 /** Additional parameters. */ 053 protected Map<String, String> m_parameters; 054 055 /** 056 * @see org.opencms.security.I_CmsAuthorizationHandler#setParameters(java.util.Map) 057 */ 058 public void setParameters(Map<String, String> parameters) { 059 060 m_parameters = parameters; 061 } 062 063 /** 064 * Initializes a new cms object from the session data of the request.<p> 065 * 066 * If no session data is found, <code>null</code> is returned.<p> 067 * 068 * @param request the request 069 * 070 * @return the new initialized cms object 071 * 072 * @throws CmsException if something goes wrong 073 */ 074 protected CmsObject initCmsObjectFromSession(HttpServletRequest request) throws CmsException { 075 076 // try to get an OpenCms user session info object for this request 077 return OpenCmsCore.getInstance().initCmsObjectFromSession(request); 078 } 079 080 /** 081 * Registers the current session with OpenCms.<p> 082 * 083 * @param request the current request 084 * @param cms the cms object to register 085 * 086 * @return the updated cms context 087 * 088 * @throws CmsException if something goes wrong 089 */ 090 protected CmsObject registerSession(HttpServletRequest request, CmsObject cms) throws CmsException { 091 092 if (!cms.getRequestContext().getCurrentUser().isGuestUser()) { 093 // make sure we have a new session after login for security reasons 094 HttpSession session = request.getSession(false); 095 if (session != null) { 096 session.invalidate(); 097 } 098 session = request.getSession(true); 099 } 100 101 // update the request context 102 cms = OpenCmsCore.getInstance().updateContext(request, cms); 103 104 CmsUser user = cms.getRequestContext().getCurrentUser(); 105 if (!user.isGuestUser() && !OpenCms.getDefaultUsers().isUserExport(user.getName())) { 106 // create the session info object, only for 'real' users 107 CmsSessionInfo sessionInfo = new CmsSessionInfo( 108 cms.getRequestContext(), 109 new CmsUUID(), 110 request.getSession().getMaxInactiveInterval()); 111 // register the updated cms object in the session manager 112 OpenCmsCore.getInstance().getSessionManager().addSessionInfo(sessionInfo); 113 } 114 // return the updated cms object 115 return cms; 116 } 117}