LoginServlet


1   package com.blandware.atleap.webapp.servlet;
2   
3   import com.blandware.atleap.common.Constants;
4   import com.blandware.atleap.common.util.StringUtil;
5   import com.blandware.atleap.webapp.util.core.SslUtil;
6   import org.apache.commons.logging.Log;
7   import org.apache.commons.logging.LogFactory;
8   
9   import javax.servlet.ServletContext  ;
10  import javax.servlet.ServletException  ;
11  import javax.servlet.http.HttpServlet  ;
12  import javax.servlet.http.HttpServletRequest  ;
13  import javax.servlet.http.HttpServletResponse  ;
14  import java.io.IOException  ;
15  import java.util.HashMap  ;
16  import java.util.Map  ;
17  
18  
19  /**
20   * Implementation of <strong>HttpServlet</strong> that is used
21   * to get a username and password and encrypt the password
22   * before sending to container-managed authentication.
23   * <p><a HREF="LoginServlet.java.htm"><i>View Source</i></a></p>
24   *
25   * @author Matt Raible <a HREF="mailto:matt@raibledesigns.com">&lt;matt@raibledesigns.com&gt;</a>
26   * @version $Revision: 1.3 $ $Date: 2005/12/19 15:28:52 $
27   * @web.servlet name="login" load-on-startup="1"
28   * @web.servlet-init-param name="authURL"
29   * value="${form.auth.action}"
30   * <p>Change the following value to false if you don't require SSL for login
31   * @web.servlet-init-param name="isSecure"
32   * value="${secure.login}"
33   * <p>If you're not using Tomcat, change encrypt-password to true
34   * @web.servlet-init-param name="encrypt-password"
35   * value="${encrypt.password}"
36   * @web.servlet-init-param name="algorithm"
37   * value="${encrypt.algorithm}"
38   * @web.servlet-mapping url-pattern="/servlet/authorize/*"
39   */
40  public final class LoginServlet extends HttpServlet   {
41      protected static String   authURL = "j_security_check.login";
42      protected static String   httpsPort = null;
43      protected static String   httpPort = null;
44      protected static Boolean   secure = Boolean.FALSE;
45      protected static String   algorithm = "SHA";
46      protected static Boolean   encrypt = Boolean.FALSE;
47      protected transient final Log log = LogFactory.getLog(LoginServlet.class);
48  
49      /**
50       * Initializes the port numbers based on the port init parameters as defined
51       * in web.xml
52       */
53      protected static void initializeSchemePorts(ServletContext   servletContext) {
54          if ( httpPort == null ) {
55              String   portNumber =
56                      servletContext.getInitParameter(SslUtil.HTTP_PORT_PARAM);
57              httpPort = ((portNumber == null) ? SslUtil.STD_HTTP_PORT : portNumber);
58          }
59  
60          if ( httpsPort == null ) {
61              String   portNumber =
62                      servletContext.getInitParameter(SslUtil.HTTPS_PORT_PARAM);
63              httpsPort = ((portNumber == null) ? SslUtil.STD_HTTPS_PORT
64                      : portNumber);
65          }
66      }
67  
68      // --------------------------------------------------------- Public Methods
69  
70      /**
71       * Validates the Init and Context parameters, configures authentication URL
72       *
73       * @throws ServletException if the init parameters are invalid or any
74       *                          other problems occur during initialisation
75       */
76      public void init() throws ServletException   {
77          // Get the container authentication URL for FORM-based Authentication
78          // J2EE spec says should be j_security_check
79          authURL = getInitParameter(Constants.AUTH_URL);
80  
81          // Get the encryption algorithm to use for encrypting passwords before
82          // storing in database
83          algorithm = getInitParameter(Constants.ENC_ALGORITHM);
84  
85          /* This determines if the login uses SSL or not */
86          secure = Boolean.valueOf(getInitParameter("isSecure"));
87  
88          /* This determines if the password should be encrypted programmatically */
89          encrypt = Boolean.valueOf(getInitParameter("encrypt-password"));
90  
91          if ( log.isDebugEnabled() ) {
92              log.debug("Authentication URL: " + authURL);
93              log.debug("Use SSL for login? " + secure);
94              log.debug("Programmatic encryption of password? " + encrypt);
95              log.debug("Encryption algorithm: " + algorithm);
96          }
97  
98          ServletContext   ctx = getServletContext();
99          initializeSchemePorts(ctx);
100 
101         if ( log.isDebugEnabled() ) {
102             log.debug("HTTP Port: " + httpPort);
103             log.debug("HTTPS Port: " + httpsPort);
104         }
105 
106         // Orion starts Servlets before Listeners, so check if the config
107         // object already exists
108         Map   config = (HashMap  ) ctx.getAttribute(Constants.CONFIG);
109 
110         if ( config == null ) {
111             config = new HashMap  ();
112         }
113 
114         // update the config object with the init-params from this servlet
115         config.put(Constants.HTTP_PORT, httpPort);
116         config.put(Constants.HTTPS_PORT, httpsPort);
117         config.put(Constants.SECURE_LOGIN, secure);
118         config.put(Constants.ENC_ALGORITHM, algorithm);
119         config.put(Constants.ENCRYPT_PASSWORD, encrypt);
120         ctx.setAttribute(Constants.CONFIG, config);
121     }
122 
123     /**
124      * Routes the user to the execute method
125      *
126      * @param request  The HTTP request we are processing
127      * @param response The HTTP response we are creating
128      * @throws IOException      if an input/output error occurs
129      * @throws ServletException if a servlet exception occurs
130      */
131     public void doGet(HttpServletRequest   request, HttpServletResponse   response)
132             throws IOException  , ServletException   {
133         execute(request, response);
134     }
135 
136     /**
137      * Routes the user to the execute method
138      *
139      * @param request  The HTTP request we are processing
140      * @param response The HTTP response we are creating
141      * @throws IOException      if an input/output error occurs
142      * @throws ServletException if a servlet exception occurs
143      */
144     public void doPost(HttpServletRequest   request, HttpServletResponse   response)
145             throws IOException  , ServletException   {
146         execute(request, response);
147     }
148 
149     /**
150      * Processes the specified HTTP request, and create the corresponding HTTP
151      * response (or forward to another web component that will create it).
152      *
153      * @param request  The HTTP request we are processing
154      * @param response The HTTP response we are creating
155      * @throws IOException      if an input/output error occurs
156      * @throws ServletException if a servlet exception occurs
157      */
158     public void execute(HttpServletRequest   request, HttpServletResponse   response)
159             throws IOException  , ServletException   {
160 
161         String   redirectString =
162                 SslUtil.getRedirectString(request, getServletContext(),
163                         secure.booleanValue());
164 
165         if ( redirectString != null ) {
166             // Redirect the page to the desired URL
167             response.sendRedirect(response.encodeRedirectURL(redirectString));
168 
169             if ( log.isDebugEnabled() ) {
170                 log.debug("switching protocols, redirecting user");
171             }
172         }
173 
174         // Extract attributes we will need
175         String   username = request.getParameter("j_username");
176         String   password = request.getParameter("j_password");
177 
178         if ( request.getParameter("rememberMe") != null ) {
179             request.getSession().setAttribute(Constants.LOGIN_COOKIE, "true");
180         }
181 
182         String   encryptedPassword = "";
183 
184         if ( encrypt.booleanValue() &&
185                 (request.getAttribute("encrypt") == null) ) {
186             if ( log.isDebugEnabled() ) {
187                 log.debug("Encrypting password for user '" + username + "'");
188             }
189 
190             encryptedPassword = StringUtil.encodePassword(password, algorithm);
191         } else {
192             encryptedPassword = password;
193         }
194 
195         if ( redirectString == null ) {
196             // signifies already correct protocol
197             if ( log.isDebugEnabled() ) {
198                 log.debug("Authenticating user '" + username + "'");
199             }
200 
201             String   req =
202                     request.getContextPath() + "/" + authURL + "?j_username=" +
203                     username + "&j_password=" + encryptedPassword + "&j_uri=" +
204                     request.getParameter("j_uri");
205 
206             response.sendRedirect(response.encodeRedirectURL(req));
207         }
208     }
209 }
210
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags