HttpSession httpSession = PortalSessionValidationFilter.getValidSession(request);
if (username != null)
{
ComponentManager cm = Jetspeed.getComponentManager();
UserManager userManager = (UserManager)cm.getComponent("org.apache.jetspeed.security.UserManager");
AuditActivity audit = (AuditActivity)cm.getComponent("org.apache.jetspeed.audit.AuditActivity");
AuthenticationProvider authProvider = (AuthenticationProvider)cm.getComponent("org.apache.jetspeed.security.AuthenticationProvider");
// Commenting out for the using latest securty API's
//boolean success = userManager.authenticate(username, password);
//if (success)
AuthenticatedUser authUser = null;
try{
authUser = authProvider.authenticate(username, password);
}
catch (SecurityException e)
{
audit.logUserActivity(username, request.getRemoteAddr(), AuditActivity.AUTHENTICATION_FAILURE, "PortalFilter");
request.getSession().setAttribute(LoginConstants.ERRORCODE, LoginConstants.ERROR_INVALID_PASSWORD);
}
if (authUser != null)
{
audit.logUserActivity(username, request.getRemoteAddr(), AuditActivity.AUTHENTICATION_SUCCESS, "PortalFilter");
PortalAuthenticationConfiguration authenticationConfiguration = (PortalAuthenticationConfiguration)
cm.getComponent("org.apache.jetspeed.administration.PortalAuthenticationConfiguration");
if (authenticationConfiguration.isCreateNewSessionOnLogin() && httpSession != null && !httpSession.isNew())
{
request.getSession().invalidate();
}
else
{
UserContentCacheManager userContentCacheManager = (UserContentCacheManager)cm.getComponent("userContentCacheManager");
userContentCacheManager.evictUserContentCache(username, request.getSession().getId());
}
if (authUser.getUser() == null)
{
try
{
// load the user principals (roles, groups, credentials)
User user = userManager.getUser(username);
if ( user != null )
{
authUser = new AuthenticatedUserImpl(user, authUser.getPublicCredentials(), authUser.getPrivateCredentials() );
}
}
catch (SecurityException sex)
{
// TODO: maybe some better handling required here
throw new ServletException(sex);
}
}
Subject subject;
try
{
// default solution using the build-in UserManager
subject = userManager.getSubject(authUser);
// alternate DIY solution not using the build-in UserManager:
//subject = JetspeedSubjectFactory.createSubject(authUser.getUser(),authUser.getPrivateCredentials(),authUser.getPublicCredentials(),null);
}
catch (SecurityException e)
{
// TODO: maybe some better handling required here
throw new ServletException(e);
}
sRequest = wrapperRequest(request, subject, authUser.getUser());
request.getSession().removeAttribute(LoginConstants.ERRORCODE);
HttpSession session = request.getSession(true);
session.setAttribute(PortalReservedParameters.SESSION_KEY_SUBJECT, subject);
//System.out.println("*** login session = " + session);
}
else
{
audit.logUserActivity(username, request.getRemoteAddr(), AuditActivity.AUTHENTICATION_FAILURE, "PortalFilter");
request.getSession().setAttribute(LoginConstants.ERRORCODE, LoginConstants.ERROR_INVALID_PASSWORD);
}
}
else
{