001/*
002 * (C) Copyright 2006-2008 Nuxeo SA (http://nuxeo.com/) and others.
003 *
004 * Licensed under the Apache License, Version 2.0 (the "License");
005 * you may not use this file except in compliance with the License.
006 * You may obtain a copy of the License at
007 *
008 *     http://www.apache.org/licenses/LICENSE-2.0
009 *
010 * Unless required by applicable law or agreed to in writing, software
011 * distributed under the License is distributed on an "AS IS" BASIS,
012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 * See the License for the specific language governing permissions and
014 * limitations under the License.
015 *
016 * Contributors:
017 *     Nuxeo - initial API and implementation
018 *
019 * $Id$
020 */
021
022package org.nuxeo.ecm.webengine.login;
023
024import javax.servlet.ServletRequest;
025import javax.servlet.http.HttpServletRequest;
026import javax.servlet.http.HttpSession;
027
028import org.apache.commons.logging.Log;
029import org.apache.commons.logging.LogFactory;
030import org.nuxeo.ecm.platform.ui.web.auth.CachableUserIdentificationInfo;
031import org.nuxeo.ecm.platform.ui.web.auth.plugins.DefaultSessionManager;
032import org.nuxeo.ecm.platform.web.common.vh.VirtualHostHelper;
033
034public class WebEngineSessionManager extends DefaultSessionManager {
035
036    // TODO work on skin request to avoid hardcoding paths
037    private static final String RESOURCES_PATH = VirtualHostHelper.getContextPathProperty() + "/site/files/";
038
039    private static final Log log = LogFactory.getLog(WebEngineSessionManager.class);
040
041    @Override
042    public boolean canBypassRequest(ServletRequest request) {
043        // static resources don't require Authentication
044        return ((HttpServletRequest) request).getRequestURI().startsWith(RESOURCES_PATH);
045    }
046
047    @Override
048    public void onAuthenticatedSessionCreated(ServletRequest request, HttpSession httpSession,
049            CachableUserIdentificationInfo cachableUserInfo) {
050
051        // do nothing
052    }
053
054    @Override
055    public boolean needResetLogin(ServletRequest req) {
056        return WebEngineFormAuthenticator.isLoginRequest((HttpServletRequest) req);
057    }
058
059}