1 package com.blandware.atleap.webapp.servlet; 2 3 import com.blandware.atleap.common.Constants; 4 import com.blandware.atleap.common.util.StringUtil; 5 import com.blandware.atleap.webapp.util.core.SslUtil; 6 import org.apache.commons.logging.Log; 7 import org.apache.commons.logging.LogFactory; 8 9 import javax.servlet.ServletContext ; 10 import javax.servlet.ServletException ; 11 import javax.servlet.http.HttpServlet ; 12 import javax.servlet.http.HttpServletRequest ; 13 import javax.servlet.http.HttpServletResponse ; 14 import java.io.IOException ; 15 import java.util.HashMap ; 16 import java.util.Map ; 17 18 19 40 public final class LoginServlet extends HttpServlet { 41 protected static String authURL = "j_security_check.login"; 42 protected static String httpsPort = null; 43 protected static String httpPort = null; 44 protected static Boolean secure = Boolean.FALSE; 45 protected static String algorithm = "SHA"; 46 protected static Boolean encrypt = Boolean.FALSE; 47 protected transient final Log log = LogFactory.getLog(LoginServlet.class); 48 49 53 protected static void initializeSchemePorts(ServletContext servletContext) { 54 if ( httpPort == null ) { 55 String portNumber = 56 servletContext.getInitParameter(SslUtil.HTTP_PORT_PARAM); 57 httpPort = ((portNumber == null) ? SslUtil.STD_HTTP_PORT : portNumber); 58 } 59 60 if ( httpsPort == null ) { 61 String portNumber = 62 servletContext.getInitParameter(SslUtil.HTTPS_PORT_PARAM); 63 httpsPort = ((portNumber == null) ? SslUtil.STD_HTTPS_PORT 64 : portNumber); 65 } 66 } 67 68 70 76 public void init() throws ServletException { 77 authURL = getInitParameter(Constants.AUTH_URL); 80 81 algorithm = getInitParameter(Constants.ENC_ALGORITHM); 84 85 86 secure = Boolean.valueOf(getInitParameter("isSecure")); 87 88 89 encrypt = Boolean.valueOf(getInitParameter("encrypt-password")); 90 91 if ( log.isDebugEnabled() ) { 92 log.debug("Authentication URL: " + authURL); 93 log.debug("Use SSL for login? " + secure); 94 log.debug("Programmatic encryption of password? " + encrypt); 95 log.debug("Encryption algorithm: " + algorithm); 96 } 97 98 ServletContext ctx = getServletContext(); 99 initializeSchemePorts(ctx); 100 101 if ( log.isDebugEnabled() ) { 102 log.debug("HTTP Port: " + httpPort); 103 log.debug("HTTPS Port: " + httpsPort); 104 } 105 106 Map config = (HashMap ) ctx.getAttribute(Constants.CONFIG); 109 110 if ( config == null ) { 111 config = new HashMap (); 112 } 113 114 config.put(Constants.HTTP_PORT, httpPort); 116 config.put(Constants.HTTPS_PORT, httpsPort); 117 config.put(Constants.SECURE_LOGIN, secure); 118 config.put(Constants.ENC_ALGORITHM, algorithm); 119 config.put(Constants.ENCRYPT_PASSWORD, encrypt); 120 ctx.setAttribute(Constants.CONFIG, config); 121 } 122 123 131 public void doGet(HttpServletRequest request, HttpServletResponse response) 132 throws IOException , ServletException { 133 execute(request, response); 134 } 135 136 144 public void doPost(HttpServletRequest request, HttpServletResponse response) 145 throws IOException , ServletException { 146 execute(request, response); 147 } 148 149 158 public void execute(HttpServletRequest request, HttpServletResponse response) 159 throws IOException , ServletException { 160 161 String redirectString = 162 SslUtil.getRedirectString(request, getServletContext(), 163 secure.booleanValue()); 164 165 if ( redirectString != null ) { 166 response.sendRedirect(response.encodeRedirectURL(redirectString)); 168 169 if ( log.isDebugEnabled() ) { 170 log.debug("switching protocols, redirecting user"); 171 } 172 } 173 174 String username = request.getParameter("j_username"); 176 String password = request.getParameter("j_password"); 177 178 if ( request.getParameter("rememberMe") != null ) { 179 request.getSession().setAttribute(Constants.LOGIN_COOKIE, "true"); 180 } 181 182 String encryptedPassword = ""; 183 184 if ( encrypt.booleanValue() && 185 (request.getAttribute("encrypt") == null) ) { 186 if ( log.isDebugEnabled() ) { 187 log.debug("Encrypting password for user '" + username + "'"); 188 } 189 190 encryptedPassword = StringUtil.encodePassword(password, algorithm); 191 } else { 192 encryptedPassword = password; 193 } 194 195 if ( redirectString == null ) { 196 if ( log.isDebugEnabled() ) { 198 log.debug("Authenticating user '" + username + "'"); 199 } 200 201 String req = 202 request.getContextPath() + "/" + authURL + "?j_username=" + 203 username + "&j_password=" + encryptedPassword + "&j_uri=" + 204 request.getParameter("j_uri"); 205 206 response.sendRedirect(response.encodeRedirectURL(req)); 207 } 208 } 209 } 210 | Popular Tags |