001/* 002 * (C) Copyright 2006-2008 Nuxeo SA (http://nuxeo.com/) and others. 003 * 004 * Licensed under the Apache License, Version 2.0 (the "License"); 005 * you may not use this file except in compliance with the License. 006 * You may obtain a copy of the License at 007 * 008 * http://www.apache.org/licenses/LICENSE-2.0 009 * 010 * Unless required by applicable law or agreed to in writing, software 011 * distributed under the License is distributed on an "AS IS" BASIS, 012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 013 * See the License for the specific language governing permissions and 014 * limitations under the License. 015 * 016 * Contributors: 017 * Nuxeo - initial API and implementation 018 * 019 * $Id$ 020 */ 021 022package org.nuxeo.ecm.webengine.login; 023 024import javax.servlet.ServletRequest; 025import javax.servlet.http.HttpServletRequest; 026import javax.servlet.http.HttpSession; 027 028import org.apache.commons.logging.Log; 029import org.apache.commons.logging.LogFactory; 030import org.nuxeo.ecm.platform.ui.web.auth.CachableUserIdentificationInfo; 031import org.nuxeo.ecm.platform.ui.web.auth.plugins.DefaultSessionManager; 032import org.nuxeo.ecm.platform.web.common.vh.VirtualHostHelper; 033 034public class WebEngineSessionManager extends DefaultSessionManager { 035 036 // TODO work on skin request to avoid hardcoding paths 037 private static final String RESOURCES_PATH = VirtualHostHelper.getContextPathProperty() + "/site/files/"; 038 039 private static final Log log = LogFactory.getLog(WebEngineSessionManager.class); 040 041 @Override 042 public boolean canBypassRequest(ServletRequest request) { 043 // static resources don't require Authentication 044 return ((HttpServletRequest) request).getRequestURI().startsWith(RESOURCES_PATH); 045 } 046 047 @Override 048 public void onAuthenticatedSessionCreated(ServletRequest request, HttpSession httpSession, 049 CachableUserIdentificationInfo cachableUserInfo) { 050 051 // do nothing 052 } 053 054 @Override 055 public boolean needResetLogin(ServletRequest req) { 056 return WebEngineFormAuthenticator.isLoginRequest((HttpServletRequest) req); 057 } 058 059}