/* ======================================================================
The Bodington System Software License, Version 1.0
 
Copyright (c) 2001 The University of Leeds.  All rights reserved.
 
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are
met:
 
1.  Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
 
2.  Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
 
3.  The end-user documentation included with the redistribution, if any,
must include the following acknowledgement:  "This product includes
software developed by the University of Leeds
(http://www.bodington.org/)."  Alternately, this acknowledgement may
appear in the software itself, if and wherever such third-party
acknowledgements normally appear.
 
4.  The names "Bodington", "Nathan Bodington", "Bodington System",
"Bodington Open Source Project", and "The University of Leeds" must not be
used to endorse or promote products derived from this software without
prior written permission. For written permission, please contact
d.gardner@leeds.ac.uk.
 
5.  The name "Bodington" may not appear in the name of products derived
from this software without prior written permission of the University of
Leeds.
 
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
WARRANTIES, INCLUDING, BUT NOT LIMITED TO,  TITLE,  THE IMPLIED WARRANTIES
OF QUALITY  AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO
EVENT SHALL THE UNIVERSITY OF LEEDS OR ITS CONTRIBUTORS BE LIABLE FOR
ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
=========================================================
 
This software was originally created by the University of Leeds and may contain voluntary
contributions from others.  For more information on the Bodington Open Source Project, please
see http://bodington.org/
 
====================================================================== */

package org.bodington.servlet;

import java.rmi.RemoteException;
import java.util.Properties;

import org.bodington.server.BuildingServerException;
import org.bodington.server.NavigationSession;

/**
 * Class that handles session initialization via WebAuth.
 * @see <a href="http://webauthv3.stanford.edu/">WebAuth</a>
 * @author Alexis O'Connor
 */
public class WebAuthSessionInitializer extends AbstractSessionInitializer
{
    public static final String WEBAUTH_ALIAS = "webauth";
    public static final String WEBAUTH_USER_PARAM_NAME = "WEBAUTH_USER";
    public static final String WEBAUTH_EXPIRATION_PARAM_NAME = "WEBAUTH_TOKEN_EXPIRATION";
    public static final String AUTH_TYPE_PARAM_NAME = "AUTH_TYPE";
    public static final String WEBAUTH_AUTH_TYPE = "WebAuth";
    public static final String UNSET = "<UNSET>";
    
    // All the constants here are in seconds as that is what the servlet spec deals with.
    // 2 hours.
    private static final int DEFAULT_SESSION = 7200;
    // 1 minute
    private static final int MINIMUM_SESSION = 60;
    // 12 Hours
    private static final int MAXIMUM_SESSION = 43200;

    protected boolean initialize( Request request, 
        HttpSession session, NavigationSession navigation )
    {
        try
        {
            String webauthUser = (String)request.getAttribute( 
                WEBAUTH_USER_PARAM_NAME );
            String type = (String)request.getAttribute( AUTH_TYPE_PARAM_NAME );

            if ( !UNSET.equals( webauthUser ) && WEBAUTH_AUTH_TYPE.equals( type) )
            {
                Properties props = new Properties();
                props.setProperty( "webauth_user_name", webauthUser );
                navigation.setAuthenticationCredentials( props, WEBAUTH_ALIAS );
                return true;
            }
        }
        catch ( BuildingServerException e )
        {
        }

        return false;
    }

    protected void postInitialize( HttpSession session, Request request )
    {
        super.postInitialize( session, request );
        session.setAuthType( WEBAUTH_AUTH_TYPE );
        
        // Work out how long to keep the session open for based on WebAuth
        int sessionDuration = DEFAULT_SESSION;
        try
        {
            long expires = Integer.parseInt((String) request
                .getAttribute(WEBAUTH_EXPIRATION_PARAM_NAME));
            long current = System.currentTimeMillis()/1000;
            sessionDuration = (int)((expires - current));
            if ( sessionDuration < MINIMUM_SESSION)
                sessionDuration = MINIMUM_SESSION;
            if (sessionDuration > MAXIMUM_SESSION)
                sessionDuration = MAXIMUM_SESSION;
        }
        catch (NumberFormatException nfe)
        {}
        session.setMaxInactiveInterval(sessionDuration);
    }

    /**
     * Find a session associated with the request. This implementation of the
     * method calls the version in its superclass and if that method returns
     * <code>null</code> this will just create a new one.
     * @param request {@inheritDoc}
     */
    protected HttpSession findHttpSession( Request request )
    {
        HttpSession session = super.findHttpSession( request );
        return (session == null) 
            ? (org.bodington.servlet.HttpSession) request.getSession( true ) 
            :  session;
    }
}