Java > Open Source Codes > com > caucho > server > security > FormLogin


1 /*
2  * Copyright (c) 1998-2006 Caucho Technology -- all rights reserved
3  *
4  * This file is part of Resin(R) Open Source
5  *
6  * Each copy or derived work must preserve the copyright notice and this
7  * notice unmodified.
8  *
9  * Resin Open Source is free software; you can redistribute it and/or modify
10  * it under the terms of the GNU General Public License as published by
11  * the Free Software Foundation; either version 2 of the License, or
12  * (at your option) any later version.
13  *
14  * Resin Open Source is distributed in the hope that it will be useful,
15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE, or any warranty
17  * of NON-INFRINGEMENT. See the GNU General Public License for more
18  * details.
19  *
20  * You should have received a copy of the GNU General Public License
21  * along with Resin Open Source; if not, write to the
22  * Free SoftwareFoundation, Inc.
23  * 59 Temple Place, Suite 330
24  * Boston, MA 02111-1307 USA
25  *
26  * @author Scott Ferguson
27  */
28
29 package com.caucho.server.security;
30
31 import com.caucho.config.ConfigException;
32 import com.caucho.server.connection.CauchoResponse;
33 import com.caucho.server.webapp.Application;
34 import com.caucho.util.L10N;
35
36 import javax.annotation.PostConstruct;
37 import javax.servlet.RequestDispatcher ;
38 import javax.servlet.ServletContext ;
39 import javax.servlet.ServletException ;
40 import javax.servlet.http.HttpServletRequest ;
41 import javax.servlet.http.HttpServletResponse ;
42 import javax.servlet.http.HttpSession ;
43 import java.io.IOException ;
44 import java.security.Principal ;
45 import java.util.logging.Level ;
46
47 /**
48  * Used to authenticate users in a servlet request. Applications will
49  * implement the Authenticator interface with a bean for authentication.
50  *
51  * @since Resin 2.0.2
52  */
53 public class FormLogin extends AbstractLogin {
54   static L10N L = new L10N(FormLogin.class);
55   
56   public static final String LOGIN_SAVED_PATH = "com.caucho.servlet.login.path";
57   public static final String LOGIN_SAVED_QUERY = "com.caucho.servlet.login.query";
58   
59   protected String _loginPage;
60   protected String _errorPage;
61   protected boolean _internalForward;
62   protected boolean _formURIPriority;
63   
64   /**
65    * Sets the login page.
66    */
67   public void setFormLoginPage(String formLoginPage)
68     throws ConfigException
69   {
70     _loginPage = formLoginPage;
71
72     int colon = formLoginPage.indexOf(':');
73     int slash = formLoginPage.indexOf('/');
74
75     if (colon > 0 && colon < slash) {
76     }
77     else if (slash != 0)
78       throw new ConfigException(L.l("form-login-page `{0}' must start with '/'. The form-login-page is relative to the web-app root.", formLoginPage));
79   }
80   
81   /**
82    * Gets the login page.
83    */
84   public String getFormLoginPage()
85   {
86     return _loginPage;
87   }
88   
89   /**
90    * Sets the error page.
91    */
92   public void setFormErrorPage(String formErrorPage)
93     throws ConfigException
94   {
95     _errorPage = formErrorPage;
96
97     if (! formErrorPage.startsWith("/"))
98       throw new ConfigException(L.l("form-error-page `{0}' must start with '/'. The form-error-page is relative to the web-app root.", formErrorPage));
99   }
100   
101   /**
102    * Gets the error page.
103    */
104   public String getFormErrorPage()
105   {
106     return _errorPage;
107   }
108
109   /**
110    * Returns true if a successful login allows an internal forward
111    * instead of a redirect.
112    */
113   public boolean getInternalForward()
114   {
115     return _internalForward;
116   }
117
118   /**
119    * Set true if a successful login allows an internal forward
120    * instead of a redirect.
121    */
122   public void setInternalForward(boolean internalForward)
123   {
124     _internalForward = internalForward;
125   }
126
127   /**
128    * Returns true if the form's j_uri has priority over the saved
129    * URL.
130    */
131   public boolean getFormURIPriority()
132   {
133     return _formURIPriority;
134   }
135
136   /**
137    * True if the form's j_uri has priority over the saved URL.
138    */
139   public void setFormURIPriority(boolean formPriority)
140   {
141     _formURIPriority = formPriority;
142   }
143
144   /**
145    * Initialize
146    */
147   @PostConstruct
148   public void init()
149     throws ServletException
150   {
151     super.init();
152     
153     if (_errorPage == null)
154       _errorPage = _loginPage;
155     
156     if (_loginPage == null)
157       _loginPage = _errorPage;
158
159     if (_loginPage == null)
160       throw new ServletException ("FormLogin needs an form-login-page");
161   }
162
163   /**
164    * Returns the authentication type.
165    */
166   public String getAuthType()
167   {
168     return "Form";
169   }
170
171   /**
172    * Logs a user in with a user name and a password.
173    *
174    * @param request servlet request
175    * @param response servlet response, in case any cookie need sending.
176    * @param application servlet application
177    *
178    * @return the logged in principal on success, null on failure.
179    */
180   public Principal authenticate(HttpServletRequest request,
181                                 HttpServletResponse response,
182                                 ServletContext application)
183     throws ServletException , IOException
184   {
185     Principal user = getUserPrincipal(request, response, application);
186
187     if (user != null)
188       return user;
189
190     String path = request.getServletPath();
191     if (path == null)
192       path = request.getPathInfo();
193     else if (request.getPathInfo() != null)
194       path = path + request.getPathInfo();
195
196     if (path.equals("")) {
197       // Forward?
198 path = request.getContextPath() + "/";
199       response.sendRedirect(response.encodeRedirectURL(path));
200       return null;
201     }
202
203     Application app = (Application) application;
204       
205     String uri = request.getRequestURI();
206
207     if (path.endsWith("/j_security_check")) {
208       RequestDispatcher disp;
209       disp = application.getNamedDispatcher("j_security_check");
210
211       if (disp == null)
212         throw new ServletException (L.l("j_security_check servlet must be defined to use form-based login."));
213       
214       disp.forward(request, response);
215       return null;
216     }
217     else if (uri.equals(_loginPage) || uri.equals(_errorPage)) {
218       request.getRequestDispatcher(path).forward(request, response);
219       return null;
220     }
221
222     HttpSession session = request.getSession();
223
224     session.putValue(LOGIN_SAVED_PATH, path);
225     session.putValue(LOGIN_SAVED_QUERY, request.getQueryString());
226
227     if (response instanceof CauchoResponse) {
228       ((CauchoResponse) response).killCache();
229       ((CauchoResponse) response).setNoCache(true);
230     }
231     else {
232       response.setHeader("Cache-Control", "no-cache");
233     }
234
235     // In case where the authenticator is somethin like https:/
236 if (! _loginPage.startsWith("/")) {
237       response.sendRedirect(response.encodeRedirectURL(_loginPage));
238       return null;
239     }
240
241     // Forwards to the loginPage, never redirects according to the spec.
242 request.setAttribute("caucho.login", "login");
243     //RequestDispatcher disp = app.getLoginDispatcher(loginPage);
244 RequestDispatcher disp = app.getRequestDispatcher(_loginPage);
245     disp.forward(request, response);
246
247     if (log.isLoggable(Level.FINE))
248       log.fine("the form request has no authenticated user");
249       
250     return null;
251   }
252 }
253

A to Z: JavaDoc & Examples

---

Daily Java News & Articles

---

Open Source Projects

---

Open Source Codes

---

Free Computer Books

---

Remove Frame

---

Popular Tags