001/*
002 * (C) Copyright 2012 Nuxeo SA (http://nuxeo.com/) and others.
003 *
004 * Licensed under the Apache License, Version 2.0 (the "License");
005 * you may not use this file except in compliance with the License.
006 * You may obtain a copy of the License at
007 *
008 *     http://www.apache.org/licenses/LICENSE-2.0
009 *
010 * Unless required by applicable law or agreed to in writing, software
011 * distributed under the License is distributed on an "AS IS" BASIS,
012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 * See the License for the specific language governing permissions and
014 * limitations under the License.
015 *
016 * Contributors:
017 *     bjalon
018 */
019package org.nuxeo.ecm.mobile.handler;
020
021import java.security.Principal;
022import java.util.Map;
023
024import javax.servlet.http.HttpServletRequest;
025
026import org.apache.commons.logging.Log;
027import org.apache.commons.logging.LogFactory;
028import org.nuxeo.ecm.platform.ui.web.auth.CachableUserIdentificationInfo;
029import org.nuxeo.ecm.platform.usermanager.UserManager;
030import org.nuxeo.runtime.api.Framework;
031import static org.nuxeo.ecm.platform.ui.web.auth.NXAuthConstants.USERIDENT_KEY;
032
033/**
034 * @author <a href="mailto:bjalon@nuxeo.com">Benjamin JALON</a>
035 * @since 5.5
036 */
037public class AnonymousRequestHandler implements RequestHandler {
038
039    private static final Log log = LogFactory.getLog(AnonymousRequestHandler.class);
040
041    @Override
042    public boolean isRequestRedirectedToApplicationLoginForm(HttpServletRequest request) {
043        // same logic
044        return this.isRequestRedirectedToApplication(request);
045    }
046
047    @Override
048    public boolean isRequestRedirectedToApplication(HttpServletRequest request) {
049        HttpServletRequest httpRequest = (HttpServletRequest) request;
050
051        String username = getUsernameFromRequest(httpRequest);
052
053        if (username == null) {
054            log.debug("No principal found in session, request not selected");
055            return false;
056        }
057
058        String anonymousUsername = getAnonymousUsername();
059
060        if (anonymousUsername.equals(username)) {
061            return true;
062        }
063
064        return false;
065    }
066
067    protected String getUsernameFromRequest(HttpServletRequest request) {
068        Principal principal = request.getUserPrincipal();
069        String result = null;
070
071        if (principal != null) {
072            result = principal.getName();
073        } else {
074            Object att = request.getSession().getAttribute(USERIDENT_KEY);
075            if (att == null || !(att instanceof CachableUserIdentificationInfo)) {
076                log.debug("No identity found in session, Application not selected");
077                return null;
078            }
079
080            principal = ((CachableUserIdentificationInfo) att).getPrincipal();
081            result = principal.getName();
082        }
083        log.debug("username fetched in session: " + result);
084        return result;
085
086    }
087
088    protected String getAnonymousUsername() {
089        return Framework.getService(UserManager.class).getAnonymousUserId();
090    }
091
092    @Override
093    public RequestHandler init(Map<String, String> properties) {
094        return this;
095    }
096
097}