Source code

001/*
002 * (C) Copyright 2012 Nuxeo SA (http://nuxeo.com/) and contributors.
003 *
004 * All rights reserved. This program and the accompanying materials
005 * are made available under the terms of the GNU Lesser General Public License
006 * (LGPL) version 2.1 which accompanies this distribution, and is available at
007 * http://www.gnu.org/licenses/lgpl.html
008 *
009 * This library is distributed in the hope that it will be useful,
010 * but WITHOUT ANY WARRANTY; without even the implied warranty of
011 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
012 * Lesser General Public License for more details.
013 *
014 * Contributors:
015 *     bjalon
016 */
017package org.nuxeo.ecm.mobile.handler;
018
019import java.security.Principal;
020import java.util.Map;
021
022import javax.servlet.http.HttpServletRequest;
023
024import org.apache.commons.logging.Log;
025import org.apache.commons.logging.LogFactory;
026import org.nuxeo.ecm.platform.ui.web.auth.CachableUserIdentificationInfo;
027import org.nuxeo.ecm.platform.usermanager.UserManager;
028import org.nuxeo.runtime.api.Framework;
029import static org.nuxeo.ecm.platform.ui.web.auth.NXAuthConstants.USERIDENT_KEY;
030
031/**
032 * @author <a href="mailto:bjalon@nuxeo.com">Benjamin JALON</a>
033 * @since 5.5
034 */
035public class AnonymousRequestHandler implements RequestHandler {
036
037    private static final Log log = LogFactory.getLog(AnonymousRequestHandler.class);
038
039    @Override
040    public boolean isRequestRedirectedToApplicationLoginForm(HttpServletRequest request) {
041        // same logic
042        return this.isRequestRedirectedToApplication(request);
043    }
044
045    @Override
046    public boolean isRequestRedirectedToApplication(HttpServletRequest request) {
047        HttpServletRequest httpRequest = (HttpServletRequest) request;
048
049        String username = getUsernameFromRequest(httpRequest);
050
051        if (username == null) {
052            log.debug("No principal found in session, request not selected");
053            return false;
054        }
055
056        String anonymousUsername = getAnonymousUsername();
057
058        if (anonymousUsername.equals(username)) {
059            return true;
060        }
061
062        return false;
063    }
064
065    protected String getUsernameFromRequest(HttpServletRequest request) {
066        Principal principal = request.getUserPrincipal();
067        String result = null;
068
069        if (principal != null) {
070            result = principal.getName();
071        } else {
072            Object att = request.getSession().getAttribute(USERIDENT_KEY);
073            if (att == null || !(att instanceof CachableUserIdentificationInfo)) {
074                log.debug("No identity found in session, Application not selected");
075                return null;
076            }
077
078            principal = ((CachableUserIdentificationInfo) att).getPrincipal();
079            result = principal.getName();
080        }
081        log.debug("username fetched in session: " + result);
082        return result;
083
084    }
085
086    protected String getAnonymousUsername() {
087        return Framework.getService(UserManager.class).getAnonymousUserId();
088    }
089
090    @Override
091    public RequestHandler init(Map<String, String> properties) {
092        return this;
093    }
094
095}