001/*
002 * This library is part of OpenCms -
003 * the Open Source Content Management System
004 *
005 * Copyright (c) Alkacon Software GmbH & Co. KG (http://www.alkacon.com)
006 *
007 * This library is free software; you can redistribute it and/or
008 * modify it under the terms of the GNU Lesser General Public
009 * License as published by the Free Software Foundation; either
010 * version 2.1 of the License, or (at your option) any later version.
011 *
012 * This library is distributed in the hope that it will be useful,
013 * but WITHOUT ANY WARRANTY; without even the implied warranty of
014 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
015 * Lesser General Public License for more details.
016 *
017 * For further information about Alkacon Software, please see the
018 * company website: http://www.alkacon.com
019 *
020 * For further information about OpenCms, please see the
021 * project website: http://www.opencms.org
022 *
023 * You should have received a copy of the GNU Lesser General Public
024 * License along with this library; if not, write to the Free Software
025 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
026 */
027
028package org.opencms.security;
029
030import org.opencms.file.CmsObject;
031import org.opencms.file.CmsUser;
032import org.opencms.main.CmsException;
033import org.opencms.main.CmsLog;
034import org.opencms.main.OpenCms;
035import org.opencms.monitor.CmsMemoryMonitor.CacheType;
036import org.opencms.util.CmsRequestUtil;
037
038import javax.servlet.http.HttpServletRequest;
039
040import org.apache.commons.logging.Log;
041
042/**
043 * Authorization handler which uses a special cookie sent by the user's browser for authorization.<p>
044 *
045 * The cookie contains a user's name and a key. It will only log that user in if there is a key matching the key from the cookie
046 * in the user's additional info map, and if additional info value, when interpreted as a time, is greater than the current time returned
047 * by System.currentTimeMillis().
048 */
049public class CmsPersistentLoginAuthorizationHandler extends CmsDefaultAuthorizationHandler {
050
051    /** The name of the cookie. */
052    public static final String COOKIE_NAME = "ocmsLoginToken";
053
054    /** The logger for this class. */
055    @SuppressWarnings("hiding")
056    private static final Log LOG = CmsLog.getLog(CmsPersistentLoginAuthorizationHandler.class);
057
058    /**
059     * @see org.opencms.security.CmsDefaultAuthorizationHandler#initCmsObject(javax.servlet.http.HttpServletRequest, org.opencms.security.I_CmsAuthorizationHandler.I_PrivilegedLoginAction)
060     */
061    @Override
062    public CmsObject initCmsObject(HttpServletRequest request, I_PrivilegedLoginAction loginAction) {
063
064        CmsObject cms = initCmsObjectFromToken(request, loginAction);
065        if (cms == null) {
066            cms = super.initCmsObject(request, loginAction);
067        }
068        return cms;
069    }
070
071    /**
072     * Tries to initialize the CmsObject from a login token given as a cookie in the request.<p>
073     *
074     * @param request the request
075     * @param loginAction the privileged login action
076     *
077     * @return the initialized CmsObject, or null if the user couldn't be authenticated using the login token cookie
078     */
079    public CmsObject initCmsObjectFromToken(HttpServletRequest request, I_PrivilegedLoginAction loginAction) {
080
081        CmsObject cms = null;
082        CmsPersistentLoginTokenHandler tokenHandler = new CmsPersistentLoginTokenHandler();
083        try {
084            CmsUser user = tokenHandler.validateToken(CmsRequestUtil.getCookieValue(request.getCookies(), COOKIE_NAME));
085            if (user != null) {
086                // clean up some caches to ensure group changes in the LDAP directory take effect
087                OpenCms.getMemoryMonitor().uncacheUser(user);
088                OpenCms.getMemoryMonitor().flushUserGroups(user.getId());
089                OpenCms.getMemoryMonitor().flushCache(CacheType.HAS_ROLE, CacheType.PERMISSION, CacheType.ROLE_LIST);
090                loginAction.getCmsObject().getRequestContext().setAttribute("__FORCE_UPDATE_MEMBERSHIP", Boolean.TRUE);
091                cms = loginAction.doLogin(request, user.getName());
092                OpenCms.getMemoryMonitor().flushUserGroups(user.getId());
093                OpenCms.getMemoryMonitor().flushCache(CacheType.HAS_ROLE, CacheType.PERMISSION, CacheType.ROLE_LIST);
094
095                cms = registerSession(request, cms);
096                LOG.info(
097                    "Successfully authenticated user '"
098                        + cms.getRequestContext().getCurrentUser().getName()
099                        + "' using a login token.");
100            }
101        } catch (CmsException e) {
102            LOG.error(e.getLocalizedMessage(), e);
103        }
104        return cms;
105    }
106
107}