RELEASE_2_1_13/src/blocks/authentication-fw/java/org/apache/cocoon/webapps/authentication/components/DefaultAuthenticationManager.java - cocoon - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one or more
  * contributor license agreements.  See the NOTICE file distributed with
  * this work for additional information regarding copyright ownership.
  * The ASF licenses this file to You under the Apache License, Version 2.0
  * (the "License"); you may not use this file except in compliance with
  * the License.  You may obtain a copy of the License at
  *
  *      http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 package org.apache.cocoon.webapps.authentication.components;

 import java.io.IOException;
 import java.util.HashMap;
 import java.util.Iterator;
 import java.util.List;
 import java.util.Map;

 import org.apache.avalon.framework.activity.Disposable;
 import org.apache.avalon.framework.component.Component;
 import org.apache.avalon.framework.configuration.ConfigurationException;
 import org.apache.avalon.framework.container.ContainerUtil;
 import org.apache.avalon.framework.context.Context;
 import org.apache.avalon.framework.context.ContextException;
 import org.apache.avalon.framework.context.Contextualizable;
 import org.apache.avalon.framework.logger.AbstractLogEnabled;
 import org.apache.avalon.framework.service.ServiceException;
 import org.apache.avalon.framework.service.ServiceManager;
 import org.apache.avalon.framework.service.Serviceable;
 import org.apache.avalon.framework.thread.ThreadSafe;
 import org.apache.cocoon.ProcessingException;
 import org.apache.cocoon.components.ContextHelper;
 import org.apache.cocoon.components.SitemapConfigurable;
 import org.apache.cocoon.components.SitemapConfigurationHolder;
 import org.apache.cocoon.environment.Redirector;
 import org.apache.cocoon.environment.Request;
 import org.apache.cocoon.environment.Session;
 import org.apache.cocoon.util.ClassUtils;
 import org.apache.cocoon.util.Deprecation;
 import org.apache.cocoon.webapps.authentication.AuthenticationConstants;
 import org.apache.cocoon.webapps.authentication.AuthenticationManager;
 import org.apache.cocoon.webapps.authentication.configuration.ApplicationConfiguration;
 import org.apache.cocoon.webapps.authentication.configuration.HandlerConfiguration;
 import org.apache.cocoon.webapps.authentication.context.AuthenticationContext;
 import org.apache.cocoon.webapps.authentication.user.RequestState;
 import org.apache.cocoon.webapps.authentication.user.UserHandler;
 import org.apache.cocoon.webapps.authentication.user.UserState;
 import org.apache.cocoon.webapps.session.ContextManager;
 import org.apache.cocoon.webapps.session.SessionConstants;
 import org.apache.cocoon.webapps.session.SessionManager;
 import org.apache.cocoon.webapps.session.context.SessionContext;
 import org.apache.excalibur.source.SourceParameters;
 import org.apache.excalibur.source.SourceResolver;
 import org.apache.excalibur.source.SourceUtil;
 import org.apache.excalibur.xml.xpath.XPathProcessor;
 import org.w3c.dom.DocumentFragment;
 import org.w3c.dom.Node;
 import org.xml.sax.SAXException;

 /**
  * This is the basis authentication component.
  *
  * @author <a href="mailto:cziegeler@apache.org">Carsten Ziegeler</a>
  * @deprecated This block is deprecated and will be removed in future versions.
  * @version CVS $Id$
 */
 public class DefaultAuthenticationManager
         extends AbstractLogEnabled
         implements AuthenticationManager,
                    SitemapConfigurable,
                    Serviceable,
                    Disposable,
                    ThreadSafe,
                    Contextualizable,
                    Component {

     /** The name of the session attribute storing the user status */
     public final static String SESSION_ATTRIBUTE_USER_STATUS = DefaultAuthenticationManager.class.getName() + "/UserStatus";

     /** The manager for the authentication handlers */
     protected SitemapConfigurationHolder holder;

     /** The Service Manager */
     protected ServiceManager manager;

     /** The Source Resolver */
     protected SourceResolver resolver;

     /** The context */
     protected Context context;

     /** Instantiated authenticators */
     protected Map authenticators = new HashMap();

     /** The xpath processor */
     protected XPathProcessor xpathProcessor;

     /** This is the key used to store the current request state in the request object */
     private static final String REQUEST_STATE_KEY = RequestState.class.getName();

     /**
      * Set the sitemap configuration containing the handlers
      */
     public void configure(SitemapConfigurationHolder holder)
     throws ConfigurationException {
         Deprecation.logger.warn("The authentication-fw block is deprecated. Please use the auth block instead.");
         this.holder = holder;
     }

     /**
      * Get the handler configuration for the current sitemap
      */
     private Map getHandlerConfigurations()
     throws ProcessingException {
         Map configs = (Map) this.holder.getPreparedConfiguration();
         if ( null == configs ) {
             try {
                 configs = DefaultHandlerManager.prepareHandlerConfiguration(ContextHelper.getObjectModel(this.context),
                                                                             this.holder);
             } catch (ConfigurationException ce) {
                 throw new ProcessingException("Configuration error.", ce);
             }
         }
         return configs;
     }

     /**
      * Get the handler configuration
      * @param name The handler name
      * @return The configuration or null.
      */
     private HandlerConfiguration getHandlerConfiguration(String name)
     throws ProcessingException {
         final Map configs = this.getHandlerConfigurations();
         HandlerConfiguration c = null;
         if ( configs != null) {
             c = (HandlerConfiguration)configs.get( name );
         }
         return c;
     }

     private Request getRequest() {
         return ContextHelper.getRequest(this.context);
     }

     private Session getSession(boolean create) {
         return this.getRequest().getSession(create);
     }

     private UserState getUserState() {
         final Session session = this.getSession( false );
         UserState status = null;
         if ( session != null) {
             status = (UserState) session.getAttribute(SESSION_ATTRIBUTE_USER_STATUS);
         }
         return status;
     }

     private UserState createUserState() {
         UserState status = this.getUserState();
         if ( status == null ) {
             final Session session = this.getSession(true);
             status = new UserState();
             session.setAttribute(SESSION_ATTRIBUTE_USER_STATUS, status);
         }
         return status;
     }

     private UserHandler getUserHandler(String name) {
         final UserState status = this.getUserState();
         if ( status != null ) {
             return status.getHandler( name );
         }
         return null;
     }

     private void updateUserState() {
         final Session session = this.getSession(true);
         Object status = session.getAttribute(SESSION_ATTRIBUTE_USER_STATUS);
         session.setAttribute(SESSION_ATTRIBUTE_USER_STATUS, status);
     }

     /* (non-Javadoc)
      * @see org.apache.cocoon.webapps.authentication.components.Manager#authenticate(java.lang.String, java.lang.String, org.apache.excalibur.source.SourceParameters)
      */
     public UserHandler login(String handlerName,
                              String applicationName,
                              SourceParameters parameters)
     throws ProcessingException {
         HandlerConfiguration config = this.getHandlerConfiguration( handlerName );
         if ( config == null ) {
             throw new ProcessingException("Unknown handler to authenticate: " + handlerName);
         }
         // are we already logged in?
         UserHandler handler = this.getUserHandler( handlerName );
         if ( handler != null ) {
             throw new ProcessingException("User is already authenticated using handler: " + handlerName);
         }

         Authenticator authenticator = this.lookupAuthenticator( config );
         try {
             Authenticator.AuthenticationResult result = authenticator.authenticate( config, parameters );
             if (result != null) {
                 if (result.valid) {
                     AuthenticationContext authContext = new AuthenticationContext(this.context, this.xpathProcessor, this.resolver);
                     handler = new UserHandler(config, authContext);
                     // store the authentication data in the context
                     authContext.init(result.result);
                 } else {
                     // now set the failure information in the temporary context
                     ContextManager contextManager = null;
                     try {
                         contextManager = (ContextManager) this.manager.lookup( ContextManager.ROLE );
                         SessionContext temp = contextManager.getContext( SessionConstants.TEMPORARY_CONTEXT );

                         final DocumentFragment fragment = result.result.createDocumentFragment();
                         final Node root = result.result.getDocumentElement();
                         root.normalize();
                         Node child;
                         boolean appendedNode = false;
                         while (root.hasChildNodes() ) {
                             child = root.getFirstChild();
                             root.removeChild(child);
                             // Leave out empty text nodes before any other node
                             if (appendedNode
                                 || child.getNodeType() != Node.TEXT_NODE
                                 || child.getNodeValue().trim().length() > 0) {
                                 fragment.appendChild(child);
                                 appendedNode = true;
                             }
                         }
                         temp.appendXML("/", fragment);
                     } catch ( ServiceException se ) {
                         throw new ProcessingException("Unable to lookup session manager.", se);
                     } finally {
                         this.manager.release( contextManager );
                     }
                 }
             }
         } finally {
             this.releaseAuthenticator( authenticator, config );
         }

         if ( handler != null ) {
             // create UserStatus
             final UserState status = this.createUserState();

             status.addHandler( handler );
             this.updateUserState();

             // update RequestState
             RequestState state = new RequestState( handler, applicationName);
             this.setState( state );
             state.initialize( this.resolver );

             // And now load applications
             Iterator applications = handler.getHandlerConfiguration().getApplications().values().iterator();

             while ( applications.hasNext() ) {
                 ApplicationConfiguration appHandler = (ApplicationConfiguration)applications.next();
                 if ( !appHandler.getLoadOnDemand() ) {
                     handler.getContext().loadApplicationXML( appHandler, this.resolver );
                 }
             }
         }

         return handler;
     }

     /**
      * Release the used authenticator
      */
     protected void releaseAuthenticator(Authenticator authenticator, HandlerConfiguration config) {
         // all authenticators are released on dispose
     }

     /**
      * The authenticator used to authenticate a user
      */
     protected Authenticator lookupAuthenticator(HandlerConfiguration config)
     throws ProcessingException {
         final String name = config.getAuthenticatorClassName();
         Authenticator authenticator = (Authenticator) this.authenticators.get(name);
         if ( authenticator == null ) {
             synchronized (this) {
                 authenticator = (Authenticator) this.authenticators.get(name);
                 if ( authenticator == null ) {
                     try {
                         authenticator = (Authenticator) ClassUtils.newInstance(name);
                         ContainerUtil.enableLogging( authenticator, this.getLogger() );
                         ContainerUtil.contextualize( authenticator, this.context);
                         ContainerUtil.service( authenticator, this.manager );
                         ContainerUtil.initialize( authenticator );
                         this.authenticators.put(name, authenticator);

                     } catch (Exception e ) {
                         throw new ProcessingException("Unable to initialize authenticator from class " + name, e);
                     }
                 }
             }
         }
         return authenticator;
     }

     /* (non-Javadoc)
      * @see org.apache.cocoon.webapps.authentication.components.Manager#checkAuthentication(org.apache.cocoon.environment.Redirector, java.lang.String, java.lang.String)
      */
     public boolean checkAuthentication(Redirector redirector,
                                        String handlerName,
                                        String applicationName)
     throws IOException, ProcessingException {
         HandlerConfiguration config = this.getHandlerConfiguration( handlerName );
         if ( config == null ) {
             throw new ProcessingException("Unknown handler to check: " + handlerName);
         }
         // are we already logged in?
         UserHandler handler = this.getUserHandler( handlerName );
         final boolean authenticated = ( handler != null );
         if ( !authenticated ) {
             if (redirector != null) {
                 // create parameters
                 SourceParameters parameters = config.getRedirectParameters();
                 if (parameters == null) parameters = new SourceParameters();
                 final Request request = this.getRequest();
                 String resource = request.getRequestURI();
                 if (request.getQueryString() != null) {
                     resource += '?' + request.getQueryString();
                 }

                 parameters.setSingleParameterValue("resource", resource);
                 final String redirectURI = config.getRedirectURI();
                 redirector.globalRedirect(false, SourceUtil.appendParameters(redirectURI, parameters));
             }
         } else {
             // update state
             RequestState state = new RequestState( handler, applicationName );
             this.setState( state );
             state.initialize( this.resolver );
         }

         return authenticated;
     }

     public String getForwardingURI(String handlerName) throws ProcessingException {
         HandlerConfiguration config = this.getHandlerConfiguration( handlerName );
         SourceParameters parameters = config.getRedirectParameters();
         if (parameters == null) parameters = new SourceParameters();
         final Request request = this.getRequest();
         String resource = request.getRequestURI();
         if (request.getQueryString() != null) {
             resource += '?' + request.getQueryString();
         }

         parameters.setSingleParameterValue("resource", resource);
         final String redirectURI = config.getRedirectURI();
         return SourceUtil.appendParameters(redirectURI, parameters);
     }

     /* (non-Javadoc)
      * @see org.apache.cocoon.webapps.authentication.components.Manager#isAuthenticated(java.lang.String)
      */
     public UserHandler isAuthenticated(String handlerName)
     throws ProcessingException {
         return this.getUserHandler( handlerName  );
     }

     /* (non-Javadoc)
      * @see org.apache.cocoon.webapps.authentication.components.Manager#logout(java.lang.String, java.lang.String)
      */
     public void logout(String handlerName, int mode)
     throws ProcessingException {
         HandlerConfiguration config = this.getHandlerConfiguration( handlerName );
         if ( config == null ) {
             throw new ProcessingException("Unknown handler to logout: " + handlerName);
         }
         // are we logged in?
         UserHandler handler = this.getUserHandler( handlerName );
         // we don't throw an exception if we are already logged out!
         if ( handler != null ) {

             // Do we save something on logout?
             /*

             if ( config.saveOnLogout()
                  && config.getSaveResource() != null) {
                 final AuthenticationContext authContext = handler.getContext();
                 try {
                     // This might not work, because of the missing state
                     authContext.saveXML("/authentication",
                                     null,
                                     ContextHelper.getObjectModel(this.context),
                                     this.resolver, this.manager);
                 } catch (Exception ignore) {
                     // we don't want to stop the logout process
                     // because of errors during save
                     this.getLogger().error("Exception while saving authentication information.", ignore);
                 }
             }
             // save applications (if configured)
             Iterator iter = config.getApplications().values().iterator();
             while ( iter.hasNext() ) {
                 ApplicationConfiguration appConfig = (ApplicationConfiguration) iter.next();
                 if ( appConfig.saveOnLogout()
                      && appConfig.getSaveResource() != null ) {
                      // ???
                 }
             }
             */
             // notify the authenticator
             try {
                 this.lookupAuthenticator(config).logout(handler);
             } catch (Exception ignore) {
                 // we really ignore any exception!
             }

             List applicationContexts = handler.getApplicationContexts();
             if ( applicationContexts != null ) {
                 ContextManager contextManager = null;

                 try {
                     contextManager = (ContextManager)this.manager.lookup(ContextManager.ROLE);

                     Iterator i = applicationContexts.iterator();
                     while ( i.hasNext() ) {
                         final String current = (String)i.next();
                         contextManager.deleteContext( current );
                     }
                 } catch (ServiceException ce) {
                     throw new ProcessingException("Unable to create session context.", ce);
                 } finally {
                     this.manager.release( contextManager);
                 }
             }

             UserState status = this.getUserState();
             status.removeHandler( handlerName );
             this.updateUserState();

             // handling of session termination
             SessionManager sessionManager = null;
             try {
                 sessionManager = (SessionManager)this.manager.lookup( SessionManager.ROLE );

                 if ( mode == AuthenticationConstants.LOGOUT_MODE_IMMEDIATELY ) {
                     sessionManager.terminateSession(true);
                 } else if ( mode == AuthenticationConstants.LOGOUT_MODE_IF_UNUSED ) {
                     if ( !status.hasHandler()) {
                         sessionManager.terminateSession( false );
                     }

                 } else if ( mode == AuthenticationConstants.LOGOUT_MODE_IF_NOT_AUTHENTICATED) {
                     if ( !status.hasHandler()) {
                         sessionManager.terminateSession( true );
                     }
                 } else {
                     throw new ProcessingException("Unknown logout mode: " + mode);
                 }

             } catch (ServiceException se) {
                 throw new ProcessingException("Unable to lookup session manager.", se);
             } finally {
                 this.manager.release( sessionManager );
             }
         }
     }

     /**
      * Serviceable
      */
     public void service(ServiceManager manager)
     throws ServiceException {
         this.manager = manager;
         this.resolver = (SourceResolver) this.manager.lookup(SourceResolver.ROLE);
         this.xpathProcessor = (XPathProcessor)this.manager.lookup(XPathProcessor.ROLE);
     }

     /* (non-Javadoc)
      * @see org.apache.avalon.framework.activity.Disposable#dispose()
      */
     public void dispose() {
         Iterator iter = this.authenticators.values().iterator();
         while ( iter.hasNext() ) {
             final Authenticator authenticator = (Authenticator) iter.next();
             ContainerUtil.dispose( authenticator );
         }
         if ( this.manager != null) {
             this.manager.release( this.resolver );
             this.manager.release(this.xpathProcessor);
             this.resolver = null;
             this.xpathProcessor = null;
             this.manager = null;
         }
     }

     /**
      * Get the current state of authentication
      */
     public RequestState getState() {
         return getRequestState(this.context);
     }

     public static RequestState getRequestState(Context context) {
         final Request req = ContextHelper.getRequest(context);
         return (RequestState)req.getAttribute( REQUEST_STATE_KEY);
     }

     /* (non-Javadoc)
      * @see org.apache.avalon.framework.context.Contextualizable#contextualize(org.apache.avalon.framework.context.Context)
      */
     public void contextualize(Context context) throws ContextException {
         this.context = context;
     }

     protected void setState(RequestState status) {
         final Request req = ContextHelper.getRequest(this.context);
         if ( status != null ) {
             req.setAttribute(  REQUEST_STATE_KEY, status);
         } else {
             req.removeAttribute( REQUEST_STATE_KEY );
         }
     }

     /**
      * Create Application Context.
      * This context is destroyed when the user logs out of the handler
      */
     public SessionContext createApplicationContext(String name,
                                                    String loadURI,
                                                    String saveURI)
     throws ProcessingException {
         RequestState state = this.getState();
         UserHandler handler = state.getHandler();

         SessionContext context = null;

         if ( handler != null ) {
             ContextManager contextManager = null;
             try {
                 contextManager = (ContextManager)this.manager.lookup(ContextManager.ROLE);
                 // create new context
                 context = contextManager.createContext(name, loadURI, saveURI);
                 handler.addApplicationContext( name );

             } catch (ServiceException ce) {
                 throw new ProcessingException("Unable to create session context.", ce);
             } catch (IOException ioe) {
                 throw new ProcessingException("Unable to create session context.", ioe);
             } catch (SAXException saxe) {
                 throw new ProcessingException("Unable to create session context.", saxe);
             } finally {
                 manager.release( contextManager);
             }
         } else {
             throw new ProcessingException("No handler defined. Unable to create application context.");
         }

         return context;
     }
 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one or more
	* contributor license agreements. See the NOTICE file distributed with
	* this work for additional information regarding copyright ownership.
	* The ASF licenses this file to You under the Apache License, Version 2.0
	* (the "License"); you may not use this file except in compliance with
	* the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/
	package org.apache.cocoon.webapps.authentication.components;

	import java.io.IOException;
	import java.util.HashMap;
	import java.util.Iterator;
	import java.util.List;
	import java.util.Map;

	import org.apache.avalon.framework.activity.Disposable;
	import org.apache.avalon.framework.component.Component;
	import org.apache.avalon.framework.configuration.ConfigurationException;
	import org.apache.avalon.framework.container.ContainerUtil;
	import org.apache.avalon.framework.context.Context;
	import org.apache.avalon.framework.context.ContextException;
	import org.apache.avalon.framework.context.Contextualizable;
	import org.apache.avalon.framework.logger.AbstractLogEnabled;
	import org.apache.avalon.framework.service.ServiceException;
	import org.apache.avalon.framework.service.ServiceManager;
	import org.apache.avalon.framework.service.Serviceable;
	import org.apache.avalon.framework.thread.ThreadSafe;
	import org.apache.cocoon.ProcessingException;
	import org.apache.cocoon.components.ContextHelper;
	import org.apache.cocoon.components.SitemapConfigurable;
	import org.apache.cocoon.components.SitemapConfigurationHolder;
	import org.apache.cocoon.environment.Redirector;
	import org.apache.cocoon.environment.Request;
	import org.apache.cocoon.environment.Session;
	import org.apache.cocoon.util.ClassUtils;
	import org.apache.cocoon.util.Deprecation;
	import org.apache.cocoon.webapps.authentication.AuthenticationConstants;
	import org.apache.cocoon.webapps.authentication.AuthenticationManager;
	import org.apache.cocoon.webapps.authentication.configuration.ApplicationConfiguration;
	import org.apache.cocoon.webapps.authentication.configuration.HandlerConfiguration;
	import org.apache.cocoon.webapps.authentication.context.AuthenticationContext;
	import org.apache.cocoon.webapps.authentication.user.RequestState;
	import org.apache.cocoon.webapps.authentication.user.UserHandler;
	import org.apache.cocoon.webapps.authentication.user.UserState;
	import org.apache.cocoon.webapps.session.ContextManager;
	import org.apache.cocoon.webapps.session.SessionConstants;
	import org.apache.cocoon.webapps.session.SessionManager;
	import org.apache.cocoon.webapps.session.context.SessionContext;
	import org.apache.excalibur.source.SourceParameters;
	import org.apache.excalibur.source.SourceResolver;
	import org.apache.excalibur.source.SourceUtil;
	import org.apache.excalibur.xml.xpath.XPathProcessor;
	import org.w3c.dom.DocumentFragment;
	import org.w3c.dom.Node;
	import org.xml.sax.SAXException;

	/**
	* This is the basis authentication component.
	*
	* @author <a href="mailto:cziegeler@apache.org">Carsten Ziegeler</a>
	* @deprecated This block is deprecated and will be removed in future versions.
	* @version CVS $Id$
	*/
	public class DefaultAuthenticationManager
	extends AbstractLogEnabled
	implements AuthenticationManager,
	SitemapConfigurable,
	Serviceable,
	Disposable,
	ThreadSafe,
	Contextualizable,
	Component {

	/** The name of the session attribute storing the user status */
	public final static String SESSION_ATTRIBUTE_USER_STATUS = DefaultAuthenticationManager.class.getName() + "/UserStatus";

	/** The manager for the authentication handlers */
	protected SitemapConfigurationHolder holder;

	/** The Service Manager */
	protected ServiceManager manager;

	/** The Source Resolver */
	protected SourceResolver resolver;

	/** The context */
	protected Context context;

	/** Instantiated authenticators */
	protected Map authenticators = new HashMap();

	/** The xpath processor */
	protected XPathProcessor xpathProcessor;

	/** This is the key used to store the current request state in the request object */
	private static final String REQUEST_STATE_KEY = RequestState.class.getName();

	/**
	* Set the sitemap configuration containing the handlers
	*/
	public void configure(SitemapConfigurationHolder holder)
	throws ConfigurationException {
	Deprecation.logger.warn("The authentication-fw block is deprecated. Please use the auth block instead.");
	this.holder = holder;
	}

	/**
	* Get the handler configuration for the current sitemap
	*/
	private Map getHandlerConfigurations()
	throws ProcessingException {
	Map configs = (Map) this.holder.getPreparedConfiguration();
	if ( null == configs ) {
	try {
	configs = DefaultHandlerManager.prepareHandlerConfiguration(ContextHelper.getObjectModel(this.context),
	this.holder);
	} catch (ConfigurationException ce) {
	throw new ProcessingException("Configuration error.", ce);
	}
	}
	return configs;
	}

	/**
	* Get the handler configuration
	* @param name The handler name
	* @return The configuration or null.
	*/
	private HandlerConfiguration getHandlerConfiguration(String name)
	throws ProcessingException {
	final Map configs = this.getHandlerConfigurations();
	HandlerConfiguration c = null;
	if ( configs != null) {
	c = (HandlerConfiguration)configs.get( name );
	}
	return c;
	}

	private Request getRequest() {
	return ContextHelper.getRequest(this.context);
	}

	private Session getSession(boolean create) {
	return this.getRequest().getSession(create);
	}

	private UserState getUserState() {
	final Session session = this.getSession( false );
	UserState status = null;
	if ( session != null) {
	status = (UserState) session.getAttribute(SESSION_ATTRIBUTE_USER_STATUS);
	}
	return status;
	}

	private UserState createUserState() {
	UserState status = this.getUserState();
	if ( status == null ) {
	final Session session = this.getSession(true);
	status = new UserState();
	session.setAttribute(SESSION_ATTRIBUTE_USER_STATUS, status);
	}
	return status;
	}

	private UserHandler getUserHandler(String name) {
	final UserState status = this.getUserState();
	if ( status != null ) {
	return status.getHandler( name );
	}
	return null;
	}

	private void updateUserState() {
	final Session session = this.getSession(true);
	Object status = session.getAttribute(SESSION_ATTRIBUTE_USER_STATUS);
	session.setAttribute(SESSION_ATTRIBUTE_USER_STATUS, status);
	}

	/* (non-Javadoc)
	* @see org.apache.cocoon.webapps.authentication.components.Manager#authenticate(java.lang.String, java.lang.String, org.apache.excalibur.source.SourceParameters)
	*/
	public UserHandler login(String handlerName,
	String applicationName,
	SourceParameters parameters)
	throws ProcessingException {
	HandlerConfiguration config = this.getHandlerConfiguration( handlerName );
	if ( config == null ) {
	throw new ProcessingException("Unknown handler to authenticate: " + handlerName);
	}
	// are we already logged in?
	UserHandler handler = this.getUserHandler( handlerName );
	if ( handler != null ) {
	throw new ProcessingException("User is already authenticated using handler: " + handlerName);
	}

	Authenticator authenticator = this.lookupAuthenticator( config );
	try {
	Authenticator.AuthenticationResult result = authenticator.authenticate( config, parameters );
	if (result != null) {
	if (result.valid) {
	AuthenticationContext authContext = new AuthenticationContext(this.context, this.xpathProcessor, this.resolver);
	handler = new UserHandler(config, authContext);
	// store the authentication data in the context
	authContext.init(result.result);
	} else {
	// now set the failure information in the temporary context
	ContextManager contextManager = null;
	try {
	contextManager = (ContextManager) this.manager.lookup( ContextManager.ROLE );
	SessionContext temp = contextManager.getContext( SessionConstants.TEMPORARY_CONTEXT );

	final DocumentFragment fragment = result.result.createDocumentFragment();
	final Node root = result.result.getDocumentElement();
	root.normalize();
	Node child;
	boolean appendedNode = false;
	while (root.hasChildNodes() ) {
	child = root.getFirstChild();
	root.removeChild(child);
	// Leave out empty text nodes before any other node
	if (appendedNode
	\|\| child.getNodeType() != Node.TEXT_NODE
	\|\| child.getNodeValue().trim().length() > 0) {
	fragment.appendChild(child);
	appendedNode = true;
	}
	}
	temp.appendXML("/", fragment);
	} catch ( ServiceException se ) {
	throw new ProcessingException("Unable to lookup session manager.", se);
	} finally {
	this.manager.release( contextManager );
	}
	}
	}
	} finally {
	this.releaseAuthenticator( authenticator, config );
	}

	if ( handler != null ) {
	// create UserStatus
	final UserState status = this.createUserState();

	status.addHandler( handler );
	this.updateUserState();

	// update RequestState
	RequestState state = new RequestState( handler, applicationName);
	this.setState( state );
	state.initialize( this.resolver );

	// And now load applications
	Iterator applications = handler.getHandlerConfiguration().getApplications().values().iterator();

	while ( applications.hasNext() ) {
	ApplicationConfiguration appHandler = (ApplicationConfiguration)applications.next();
	if ( !appHandler.getLoadOnDemand() ) {
	handler.getContext().loadApplicationXML( appHandler, this.resolver );
	}
	}
	}

	return handler;
	}

	/**
	* Release the used authenticator
	*/
	protected void releaseAuthenticator(Authenticator authenticator, HandlerConfiguration config) {
	// all authenticators are released on dispose
	}

	/**
	* The authenticator used to authenticate a user
	*/
	protected Authenticator lookupAuthenticator(HandlerConfiguration config)
	throws ProcessingException {
	final String name = config.getAuthenticatorClassName();
	Authenticator authenticator = (Authenticator) this.authenticators.get(name);
	if ( authenticator == null ) {
	synchronized (this) {
	authenticator = (Authenticator) this.authenticators.get(name);
	if ( authenticator == null ) {
	try {
	authenticator = (Authenticator) ClassUtils.newInstance(name);
	ContainerUtil.enableLogging( authenticator, this.getLogger() );
	ContainerUtil.contextualize( authenticator, this.context);
	ContainerUtil.service( authenticator, this.manager );
	ContainerUtil.initialize( authenticator );
	this.authenticators.put(name, authenticator);

	} catch (Exception e ) {
	throw new ProcessingException("Unable to initialize authenticator from class " + name, e);
	}
	}
	}
	}
	return authenticator;
	}

	/* (non-Javadoc)
	* @see org.apache.cocoon.webapps.authentication.components.Manager#checkAuthentication(org.apache.cocoon.environment.Redirector, java.lang.String, java.lang.String)
	*/
	public boolean checkAuthentication(Redirector redirector,
	String handlerName,
	String applicationName)
	throws IOException, ProcessingException {
	HandlerConfiguration config = this.getHandlerConfiguration( handlerName );
	if ( config == null ) {
	throw new ProcessingException("Unknown handler to check: " + handlerName);
	}
	// are we already logged in?
	UserHandler handler = this.getUserHandler( handlerName );
	final boolean authenticated = ( handler != null );
	if ( !authenticated ) {
	if (redirector != null) {
	// create parameters
	SourceParameters parameters = config.getRedirectParameters();
	if (parameters == null) parameters = new SourceParameters();
	final Request request = this.getRequest();
	String resource = request.getRequestURI();
	if (request.getQueryString() != null) {
	resource += '?' + request.getQueryString();
	}

	parameters.setSingleParameterValue("resource", resource);
	final String redirectURI = config.getRedirectURI();
	redirector.globalRedirect(false, SourceUtil.appendParameters(redirectURI, parameters));
	}
	} else {
	// update state
	RequestState state = new RequestState( handler, applicationName );
	this.setState( state );
	state.initialize( this.resolver );
	}

	return authenticated;
	}

	public String getForwardingURI(String handlerName) throws ProcessingException {
	HandlerConfiguration config = this.getHandlerConfiguration( handlerName );
	SourceParameters parameters = config.getRedirectParameters();
	if (parameters == null) parameters = new SourceParameters();
	final Request request = this.getRequest();
	String resource = request.getRequestURI();
	if (request.getQueryString() != null) {
	resource += '?' + request.getQueryString();
	}

	parameters.setSingleParameterValue("resource", resource);
	final String redirectURI = config.getRedirectURI();
	return SourceUtil.appendParameters(redirectURI, parameters);
	}

	/* (non-Javadoc)
	* @see org.apache.cocoon.webapps.authentication.components.Manager#isAuthenticated(java.lang.String)
	*/
	public UserHandler isAuthenticated(String handlerName)
	throws ProcessingException {
	return this.getUserHandler( handlerName );
	}

	/* (non-Javadoc)
	* @see org.apache.cocoon.webapps.authentication.components.Manager#logout(java.lang.String, java.lang.String)
	*/
	public void logout(String handlerName, int mode)
	throws ProcessingException {
	HandlerConfiguration config = this.getHandlerConfiguration( handlerName );
	if ( config == null ) {
	throw new ProcessingException("Unknown handler to logout: " + handlerName);
	}
	// are we logged in?
	UserHandler handler = this.getUserHandler( handlerName );
	// we don't throw an exception if we are already logged out!
	if ( handler != null ) {

	// Do we save something on logout?
	/*

	if ( config.saveOnLogout()
	&& config.getSaveResource() != null) {
	final AuthenticationContext authContext = handler.getContext();
	try {
	// This might not work, because of the missing state
	authContext.saveXML("/authentication",
	null,
	ContextHelper.getObjectModel(this.context),
	this.resolver, this.manager);
	} catch (Exception ignore) {
	// we don't want to stop the logout process
	// because of errors during save
	this.getLogger().error("Exception while saving authentication information.", ignore);
	}
	}
	// save applications (if configured)
	Iterator iter = config.getApplications().values().iterator();
	while ( iter.hasNext() ) {
	ApplicationConfiguration appConfig = (ApplicationConfiguration) iter.next();
	if ( appConfig.saveOnLogout()
	&& appConfig.getSaveResource() != null ) {
	// ???
	}
	}
	*/
	// notify the authenticator
	try {
	this.lookupAuthenticator(config).logout(handler);
	} catch (Exception ignore) {
	// we really ignore any exception!
	}

	List applicationContexts = handler.getApplicationContexts();
	if ( applicationContexts != null ) {
	ContextManager contextManager = null;

	try {
	contextManager = (ContextManager)this.manager.lookup(ContextManager.ROLE);

	Iterator i = applicationContexts.iterator();
	while ( i.hasNext() ) {
	final String current = (String)i.next();
	contextManager.deleteContext( current );
	}
	} catch (ServiceException ce) {
	throw new ProcessingException("Unable to create session context.", ce);
	} finally {
	this.manager.release( contextManager);
	}
	}

	UserState status = this.getUserState();
	status.removeHandler( handlerName );
	this.updateUserState();

	// handling of session termination
	SessionManager sessionManager = null;
	try {
	sessionManager = (SessionManager)this.manager.lookup( SessionManager.ROLE );

	if ( mode == AuthenticationConstants.LOGOUT_MODE_IMMEDIATELY ) {
	sessionManager.terminateSession(true);
	} else if ( mode == AuthenticationConstants.LOGOUT_MODE_IF_UNUSED ) {
	if ( !status.hasHandler()) {
	sessionManager.terminateSession( false );
	}

	} else if ( mode == AuthenticationConstants.LOGOUT_MODE_IF_NOT_AUTHENTICATED) {
	if ( !status.hasHandler()) {
	sessionManager.terminateSession( true );
	}
	} else {
	throw new ProcessingException("Unknown logout mode: " + mode);
	}

	} catch (ServiceException se) {
	throw new ProcessingException("Unable to lookup session manager.", se);
	} finally {
	this.manager.release( sessionManager );
	}
	}
	}

	/**
	* Serviceable
	*/
	public void service(ServiceManager manager)
	throws ServiceException {
	this.manager = manager;
	this.resolver = (SourceResolver) this.manager.lookup(SourceResolver.ROLE);
	this.xpathProcessor = (XPathProcessor)this.manager.lookup(XPathProcessor.ROLE);
	}

	/* (non-Javadoc)
	* @see org.apache.avalon.framework.activity.Disposable#dispose()
	*/
	public void dispose() {
	Iterator iter = this.authenticators.values().iterator();
	while ( iter.hasNext() ) {
	final Authenticator authenticator = (Authenticator) iter.next();
	ContainerUtil.dispose( authenticator );
	}
	if ( this.manager != null) {
	this.manager.release( this.resolver );
	this.manager.release(this.xpathProcessor);
	this.resolver = null;
	this.xpathProcessor = null;
	this.manager = null;
	}
	}

	/**
	* Get the current state of authentication
	*/
	public RequestState getState() {
	return getRequestState(this.context);
	}

	public static RequestState getRequestState(Context context) {
	final Request req = ContextHelper.getRequest(context);
	return (RequestState)req.getAttribute( REQUEST_STATE_KEY);
	}

	/* (non-Javadoc)
	* @see org.apache.avalon.framework.context.Contextualizable#contextualize(org.apache.avalon.framework.context.Context)
	*/
	public void contextualize(Context context) throws ContextException {
	this.context = context;
	}

	protected void setState(RequestState status) {
	final Request req = ContextHelper.getRequest(this.context);
	if ( status != null ) {
	req.setAttribute( REQUEST_STATE_KEY, status);
	} else {
	req.removeAttribute( REQUEST_STATE_KEY );
	}
	}

	/**
	* Create Application Context.
	* This context is destroyed when the user logs out of the handler
	*/
	public SessionContext createApplicationContext(String name,
	String loadURI,
	String saveURI)
	throws ProcessingException {
	RequestState state = this.getState();
	UserHandler handler = state.getHandler();

	SessionContext context = null;

	if ( handler != null ) {
	ContextManager contextManager = null;
	try {
	contextManager = (ContextManager)this.manager.lookup(ContextManager.ROLE);
	// create new context
	context = contextManager.createContext(name, loadURI, saveURI);
	handler.addApplicationContext( name );

	} catch (ServiceException ce) {
	throw new ProcessingException("Unable to create session context.", ce);
	} catch (IOException ioe) {
	throw new ProcessingException("Unable to create session context.", ioe);
	} catch (SAXException saxe) {
	throw new ProcessingException("Unable to create session context.", saxe);
	} finally {
	manager.release( contextManager);
	}
	} else {
	throw new ProcessingException("No handler defined. Unable to create application context.");
	}

	return context;
	}
	}