KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > com > atlassian > seraph > filter > LoginFilter


1 package com.atlassian.seraph.filter;
2
3 import org.apache.log4j.Category;
4
5 import javax.servlet.*;
6 import javax.servlet.http.HttpServletRequest JavaDoc;
7 import javax.servlet.http.HttpServletResponse JavaDoc;
8 import java.io.IOException JavaDoc;
9 import java.util.List JavaDoc;
10 import java.util.Iterator JavaDoc;
11
12 import com.atlassian.seraph.config.SecurityConfig;
13 import com.atlassian.seraph.auth.AuthenticatorException;
14 import com.atlassian.seraph.auth.Authenticator;
15 import com.atlassian.seraph.interceptor.LoginInterceptor;
16
17 /**
18  * This is a filter that logs the user in. It works a little like J2EE form-based seraph, except it looks for the
19  * parameters 'os_username' and 'os_password' instead of j_username and j_password.
20  * <p>
21  * The form post/get action should be the URL of the login servlet/JSP/action - given by SecurityFilter.LOGIN_URL.
22  * <p>
23  * If the parameters exist and authentication is successful, the user will be redirected by the filter to the URL given
24  * by the session attribute at SecurityFilter.ORIGINAL_URL_KEY.
25  * <p>
26  * If this URL doesn't exist, it will look for a parameter 'os_destination' to use as the redirected URL instead.
27  * <p>
28  * If neither is found, it is assumed that the page will check the authorisation status and handle redirection itself.
29  * <p>
30  * From the any other filter in the request, or the servlet/JSP/action which processes the request, you can look up the
31  * status of the authorisation attempt. The status is a String request attribute, with the key 'os_authstatus'.
32  * <p>
33  * The possible statuses are:
34  * <ul>
35  * <li> LoginFilter.LOGIN_SUCCESS - the login was processed, and user was logged in
36  * <li> LoginFilter.LOGIN_FAILURE - the login was processed, the user gave a bad username or password
37  * <li> LoginFilter.LOGIN_ERROR - the login was processed, an exception occurred trying to log the user in
38  * <li> LoginFilter.LOGIN_NOATTEMPT - the login was no processed, no form parameters existed
39  * </ul>
40  */
41 public class LoginFilter implements Filter
42 {
43     private FilterConfig config = null;
44
45     private static final Category log = Category.getInstance(LoginFilter.class);
46     public static final String JavaDoc ALREADY_FILTERED = "loginfilter.already.filtered";
47
48     public static final String JavaDoc LOGIN_SUCCESS = "success";
49     public static final String JavaDoc LOGIN_FAILED = "failed";
50     public static final String JavaDoc LOGIN_ERROR = "error";
51     public static final String JavaDoc LOGIN_NOATTEMPT = null;
52     public static final String JavaDoc OS_AUTHSTATUS_KEY = "os_authstatus";
53     private SecurityConfig securityConfig = null;
54
55     public void init(FilterConfig config)
56     {
57         // log.debug("LoginFilter.init");
58 this.config = config;
59     }
60
61     public void destroy()
62     {
63         // log.debug("LoginFilter.destroy");
64 config = null;
65     }
66
67     /** @deprecated Not needed in latest version of Servlet 2.3 API */
68     // NOTE: Filter doesn't work with Orion 1.5.2 without this method
69 public FilterConfig getFilterConfig()
70     {
71         return config;
72     }
73
74     /** @deprecated Not needed in latest version of Servlet 2.3 API - replaced by init(). */
75     // NOTE: Filter doesn't work with Orion 1.5.2 without this method
76 public void setFilterConfig(FilterConfig filterConfig)
77     {
78         if (filterConfig != null) //it seems that Orion 1.5.2 calls this with a null config.
79 init(filterConfig);
80     }
81
82
83     public void doFilter(ServletRequest JavaDoc req, ServletResponse JavaDoc res, FilterChain chain)
84             throws IOException JavaDoc, ServletException
85     {
86         // wrap the request with one that returns the User as the Principal
87 req = new SecurityHttpRequestWrapper((HttpServletRequest JavaDoc) req);
88
89         if (req.getAttribute(ALREADY_FILTERED) != null || !getSecurityConfig().getController().isSecurityEnabled())
90         {
91             chain.doFilter(req, res);
92             return;
93         }
94         else
95         {
96             req.setAttribute(ALREADY_FILTERED, Boolean.TRUE);
97         }
98
99         req.setAttribute(OS_AUTHSTATUS_KEY, LOGIN_NOATTEMPT);
100
101         HttpServletRequest JavaDoc request = (HttpServletRequest JavaDoc) req;
102         HttpServletResponse JavaDoc response = (HttpServletResponse JavaDoc) res;
103
104         // check for parameters
105 String JavaDoc username = request.getParameter("os_username");
106         String JavaDoc password = request.getParameter("os_password");
107         boolean persistentLogin = "true".equals(request.getParameter("os_cookie"));
108
109         boolean loggedIn = false;
110
111         // try to login the user if possible
112 if (username != null && password != null)
113         {
114             List JavaDoc interceptors = getSecurityConfig().getInterceptors(LoginInterceptor.class);
115
116             log.debug("Username and Password are not null - processing login request");
117             try
118             {
119                 for (Iterator JavaDoc iterator = interceptors.iterator(); iterator.hasNext();)
120                 {
121                     LoginInterceptor loginInterceptor = (LoginInterceptor) iterator.next();
122                     loginInterceptor.beforeLogin(request, response, username, password, persistentLogin);
123                 }
124
125                 loggedIn = getAuthenticator().login(request, response, username, password, persistentLogin);
126
127                 if (loggedIn)
128                 {
129                     log.debug("Login was successful - setting attribute to \"Success\"");
130                     request.setAttribute(OS_AUTHSTATUS_KEY, LOGIN_SUCCESS);
131                 }
132                 else
133                 {
134                     log.debug("Login was not successful - setting attribute to \"Failed\"");
135                     request.setAttribute(OS_AUTHSTATUS_KEY, LOGIN_FAILED);
136                 }
137             }
138             catch (AuthenticatorException e)
139             {
140                 log.debug("Login was not successful, and exception was thrown - setting attribute to \"Error\"");
141                 request.setAttribute(OS_AUTHSTATUS_KEY, LOGIN_ERROR);
142                 e.printStackTrace();
143                 log.warn("Exception was thrown whilst logging in: " + e.getMessage(), e);
144             }
145
146             for (Iterator JavaDoc iterator = interceptors.iterator(); iterator.hasNext();)
147             {
148                 LoginInterceptor loginInterceptor = (LoginInterceptor) iterator.next();
149                 loginInterceptor.afterLogin(request, response, username, password, persistentLogin, (String JavaDoc) request.getAttribute(OS_AUTHSTATUS_KEY));
150             }
151         }
152
153         // if we successfully logged in - look for an original URL to forward to
154 if (loggedIn)
155         {
156             String JavaDoc originalURL = (String JavaDoc) request.getSession().getAttribute(getSecurityConfig().getOriginalURLKey());
157
158             if (originalURL != null)
159             {
160                 if (log.isDebugEnabled())
161                     log.debug("Logged In - Redirecting to Original URL: " + request.getContextPath() + originalURL);
162
163                 request.getSession().setAttribute(getSecurityConfig().getOriginalURLKey(), null);
164                 ((HttpServletResponse JavaDoc) res).sendRedirect(request.getContextPath() + originalURL);
165                 return;
166             }
167             else if (request.getParameter("os_destination") != null)
168             {
169                 if (log.isDebugEnabled())
170                     log.debug("Logged In - redirecting to os_destination: " + request.getContextPath() + request.getParameter("os_destination"));
171
172                 ((HttpServletResponse JavaDoc) res).sendRedirect(request.getContextPath() + request.getParameter("os_destination"));
173                 return;
174             }
175         }
176
177         chain.doFilter(req, res);
178     }
179
180     protected Authenticator getAuthenticator() {
181         return getSecurityConfig().getAuthenticator();
182     }
183
184     protected SecurityConfig getSecurityConfig() {
185         if (securityConfig == null) {
186             securityConfig = (SecurityConfig) config.getServletContext().getAttribute(SecurityConfig.STORAGE_KEY);
187         }
188         return securityConfig;
189     }
190 }
191
Popular Tags