001/* 002 * (C) Copyright 2006-2008 Nuxeo SAS (http://nuxeo.com/) and contributors. 003 * 004 * All rights reserved. This program and the accompanying materials 005 * are made available under the terms of the GNU Lesser General Public License 006 * (LGPL) version 2.1 which accompanies this distribution, and is available at 007 * http://www.gnu.org/licenses/lgpl.html 008 * 009 * This library is distributed in the hope that it will be useful, 010 * but WITHOUT ANY WARRANTY; without even the implied warranty of 011 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 012 * Lesser General Public License for more details. 013 * 014 * Contributors: 015 * Nuxeo - initial API and implementation 016 * 017 * $Id$ 018 */ 019 020package org.nuxeo.ecm.webengine.login; 021 022import javax.servlet.ServletRequest; 023import javax.servlet.http.HttpServletRequest; 024import javax.servlet.http.HttpSession; 025 026import org.apache.commons.logging.Log; 027import org.apache.commons.logging.LogFactory; 028import org.nuxeo.ecm.platform.ui.web.auth.CachableUserIdentificationInfo; 029import org.nuxeo.ecm.platform.ui.web.auth.plugins.DefaultSessionManager; 030import org.nuxeo.ecm.platform.web.common.vh.VirtualHostHelper; 031 032public class WebEngineSessionManager extends DefaultSessionManager { 033 034 // TODO work on skin request to avoid hardcoding paths 035 private static final String RESOURCES_PATH = VirtualHostHelper.getContextPathProperty() + "/site/files/"; 036 037 private static final Log log = LogFactory.getLog(WebEngineSessionManager.class); 038 039 @Override 040 public boolean canBypassRequest(ServletRequest request) { 041 // static resources don't require Authentication 042 return ((HttpServletRequest) request).getRequestURI().startsWith(RESOURCES_PATH); 043 } 044 045 @Override 046 public void onAuthenticatedSessionCreated(ServletRequest request, HttpSession httpSession, 047 CachableUserIdentificationInfo cachableUserInfo) { 048 049 // do nothing 050 } 051 052 @Override 053 public boolean needResetLogin(ServletRequest req) { 054 return WebEngineFormAuthenticator.isLoginRequest((HttpServletRequest) req); 055 } 056 057}