/** ****************************************************************************
 *
 * Copyright (c) 2001-2004 Tortuga Technologies Pty Ltd. All rights reserved.
 *
 * This is unpublished proprietary source code of Tortuga Technologies Pty Ltd.
 * The copyright notice above does not evidence any actual or intended
 * publication of such source code.
 *
 *******************************************************************************
 *
 * File: au.com.tortuga.ozibug.auth.example.SSOAuthenticationHandler.java
 *
 * Description: Example Single Sign On Authentication handler which uses
 *              Wedgetail Communications JCSI SSO product.
 *
 **************************************************************************** */

package au.com.tortuga.ozibug.auth.example;

// application specific imports
import au.com.tortuga.ozibug.auth.AuthenticationHandler;
import au.com.tortuga.ozibug.util.LifeCycle;

// external imports
import org.apache.log4j.Category;

// servlet imports
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;

// java imports
import java.util.Iterator;
import java.util.Map;


/** ****************************************************************************
 *
 * This Authentication Handler uses the
 * <a href="http://www.wedgetail.com/jcsi/sso/index.html">Wedgetail Communications JCSI SSO</a>
 * product to implement a Single Sign On solution (SSO).
 * This application authenticates the user from the incoming HTTP request using
 * Microsoft@reg; Windows Integrated Authentication protocols such as SPNEGO
 * and NTLM along with the Microsoft@reg; Active Directory.
 * The authenticated user name is then placed into the HTTP session (contained
 * in the HTTP request) which this handler accesses and places in the
 * Ozibug athentication context.
 * <p>
 *  The following properties show examples of configuration.
 * </p>
 * <pre>
 * authentication.handler.1=au.com.tortuga.ozibug.auth.example.SSOAuthenticationHandler
 * authentication.handler.1.parameter.1=authenticated.user.key=com.wedgetail.idm.sso.ClientPrincipal
 * </pre>
 *
 * @author Tortuga Technologies
 *
 **************************************************************************** */
public class SSOAuthenticationHandler implements AuthenticationHandler,LifeCycle {

  /** **************************************************************************
   * 
   *  Class (static) variables - public/protected/package/private
   *
   ************************************************************************** */

  /** logging category */
  private static final Category log =
    Category.getInstance(
      "au.com.tortuga.ozibug.auth.example.SSOAuthenticationHandler" );

  /** the name of this handler (SSO) */
  private static final String NAME = "SSO";

  /**
   * a description of how this handler authenticates (preauthenticated name
   * in http session from JCSI SSO)
   */
  private static final String DESCRIPTION =
    "uses preauthenticated name in http session from JCSI SSO";

  /** key which is used to configure the name of the authenticated user key */
  private static final String AUTH_USER_KEY = "authenticated.user.key";


 /** **************************************************************************
  *
  * Instance variables - public/protected/package/private
  *
  ************************************************************************** */

  /** key used to retrieve the authenticated user from the session with */
  private String authenticatedUserKey = "com.wedgetail.idm.sso.ClientPrincipal";


  /** **************************************************************************
   *
   * Called on initialization this method prints out configuration and
   * configures the authenticatedUserKey if supplied.
   *
   * @param handlerInfo configuration information
   * @see LifeCycle#init
   *
   ************************************************************************** */
  public void init( Map handlerInfo ) {

    String logId = "init";

    // print the parameters
    Iterator it = handlerInfo.keySet().iterator();
    while ( it.hasNext() ) {
      String name  = (String) it.next();
      String value = (String) handlerInfo.get( name );
      log.debug( logId + ": " + name + " = " + value );
    }

    // if a key was supplied then use it
    String key = (String) handlerInfo.get( AUTH_USER_KEY );
    if ( (key != null) && (key.trim().length() > 0) )
      this.authenticatedUserKey = key.trim();

    // state for the record the key we are using
    log.info( logId +
      ": using " + this.authenticatedUserKey + " to retrieve username with" );

  } // init


  /** **************************************************************************
   *
   * Called when the Ozibug servlet is terminated by the container.
   *
   * @see LifeCycle#destroy
   *
   ************************************************************************** */
  public void destroy() {
  } // destroy


  /** **************************************************************************
   *
   * Returns the name of this Authentication Handler.
   *
   * @return the name of this authentication handler
   * @see AuthenticationHandler#getName
   *
   ************************************************************************** */
  public String getName() {
    return NAME;
  } // getName


  /** **************************************************************************
   *
   * Returns a description of this Authentiction Handler.
   *
   * @return a brief description of how this authentication handler works
   * @see AuthenticationHandler#getDescription
   *
   ************************************************************************** */
  public String getDescription() {
    return DESCRIPTION;
  } // getDescription


  /** **************************************************************************
   *
   * Test the session for the already-authenticated username; if present then
   * simply use this user as the JCSI SSO product has already done all the
   * authentication and authorization.
   *
   * @param context the context used to pass objects between handlers
   * @return true if an authentication was achieved; false otherwise
   * @see AuthenticationHandler#authenticate
   *
   ************************************************************************** */
  public boolean authenticate( Map context ) {

    String  logId  = "authenticate";
    boolean result = false;

    try {

      // get the request from the context
      HttpServletRequest req = (HttpServletRequest) context.get( HTTP_REQUEST );
      if ( req != null ) {

        // get the session from the request
        HttpSession session = req.getSession();
        if ( session != null ) {

          // look for an already-authenticated user
          String id = (String) session.getAttribute( this.authenticatedUserKey );
          if ( id != null ) {
            // we have an authenticated user, set the return result to true
            result = true;
            // set the authenticated user into the context
            context.put( USER_NAME, id );
          }
        }
      }

    }
    catch ( Exception e ) {
      // unexpected exception while processing, log it and continue
      log.error( logId + ": failed, " + e, e );
    }

    // return the status of this authentication attempt
    return result;

  } // authenticate


} // SSOAuthenticationHandler