KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > com > caucho > server > security > FormLogin


1 /*
2  * Copyright (c) 1998-2006 Caucho Technology -- all rights reserved
3  *
4  * This file is part of Resin(R) Open Source
5  *
6  * Each copy or derived work must preserve the copyright notice and this
7  * notice unmodified.
8  *
9  * Resin Open Source is free software; you can redistribute it and/or modify
10  * it under the terms of the GNU General Public License as published by
11  * the Free Software Foundation; either version 2 of the License, or
12  * (at your option) any later version.
13  *
14  * Resin Open Source is distributed in the hope that it will be useful,
15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE, or any warranty
17  * of NON-INFRINGEMENT. See the GNU General Public License for more
18  * details.
19  *
20  * You should have received a copy of the GNU General Public License
21  * along with Resin Open Source; if not, write to the
22  * Free SoftwareFoundation, Inc.
23  * 59 Temple Place, Suite 330
24  * Boston, MA 02111-1307 USA
25  *
26  * @author Scott Ferguson
27  */

28
29 package com.caucho.server.security;
30
31 import com.caucho.config.ConfigException;
32 import com.caucho.server.connection.CauchoResponse;
33 import com.caucho.server.webapp.Application;
34 import com.caucho.util.L10N;
35
36 import javax.annotation.PostConstruct;
37 import javax.servlet.RequestDispatcher JavaDoc;
38 import javax.servlet.ServletContext JavaDoc;
39 import javax.servlet.ServletException JavaDoc;
40 import javax.servlet.http.HttpServletRequest JavaDoc;
41 import javax.servlet.http.HttpServletResponse JavaDoc;
42 import javax.servlet.http.HttpSession JavaDoc;
43 import java.io.IOException JavaDoc;
44 import java.security.Principal JavaDoc;
45 import java.util.logging.Level JavaDoc;
46
47 /**
48  * Used to authenticate users in a servlet request. Applications will
49  * implement the Authenticator interface with a bean for authentication.
50  *
51  * @since Resin 2.0.2
52  */

53 public class FormLogin extends AbstractLogin {
54   static L10N L = new L10N(FormLogin.class);
55   
56   public static final String JavaDoc LOGIN_SAVED_PATH = "com.caucho.servlet.login.path";
57   public static final String JavaDoc LOGIN_SAVED_QUERY = "com.caucho.servlet.login.query";
58   
59   protected String JavaDoc _loginPage;
60   protected String JavaDoc _errorPage;
61   protected boolean _internalForward;
62   protected boolean _formURIPriority;
63   
64   /**
65    * Sets the login page.
66    */

67   public void setFormLoginPage(String JavaDoc formLoginPage)
68     throws ConfigException
69   {
70     _loginPage = formLoginPage;
71
72     int colon = formLoginPage.indexOf(':');
73     int slash = formLoginPage.indexOf('/');
74
75     if (colon > 0 && colon < slash) {
76     }
77     else if (slash != 0)
78       throw new ConfigException(L.l("form-login-page `{0}' must start with '/'. The form-login-page is relative to the web-app root.", formLoginPage));
79   }
80   
81   /**
82    * Gets the login page.
83    */

84   public String JavaDoc getFormLoginPage()
85   {
86     return _loginPage;
87   }
88   
89   /**
90    * Sets the error page.
91    */

92   public void setFormErrorPage(String JavaDoc formErrorPage)
93     throws ConfigException
94   {
95     _errorPage = formErrorPage;
96
97     if (! formErrorPage.startsWith("/"))
98       throw new ConfigException(L.l("form-error-page `{0}' must start with '/'. The form-error-page is relative to the web-app root.", formErrorPage));
99   }
100   
101   /**
102    * Gets the error page.
103    */

104   public String JavaDoc getFormErrorPage()
105   {
106     return _errorPage;
107   }
108
109   /**
110    * Returns true if a successful login allows an internal forward
111    * instead of a redirect.
112    */

113   public boolean getInternalForward()
114   {
115     return _internalForward;
116   }
117
118   /**
119    * Set true if a successful login allows an internal forward
120    * instead of a redirect.
121    */

122   public void setInternalForward(boolean internalForward)
123   {
124     _internalForward = internalForward;
125   }
126
127   /**
128    * Returns true if the form's j_uri has priority over the saved
129    * URL.
130    */

131   public boolean getFormURIPriority()
132   {
133     return _formURIPriority;
134   }
135
136   /**
137    * True if the form's j_uri has priority over the saved URL.
138    */

139   public void setFormURIPriority(boolean formPriority)
140   {
141     _formURIPriority = formPriority;
142   }
143
144   /**
145    * Initialize
146    */

147   @PostConstruct
148   public void init()
149     throws ServletException JavaDoc
150   {
151     super.init();
152     
153     if (_errorPage == null)
154       _errorPage = _loginPage;
155     
156     if (_loginPage == null)
157       _loginPage = _errorPage;
158
159     if (_loginPage == null)
160       throw new ServletException JavaDoc("FormLogin needs an form-login-page");
161   }
162
163   /**
164    * Returns the authentication type.
165    */

166   public String JavaDoc getAuthType()
167   {
168     return "Form";
169   }
170
171   /**
172    * Logs a user in with a user name and a password.
173    *
174    * @param request servlet request
175    * @param response servlet response, in case any cookie need sending.
176    * @param application servlet application
177    *
178    * @return the logged in principal on success, null on failure.
179    */

180   public Principal JavaDoc authenticate(HttpServletRequest JavaDoc request,
181                                 HttpServletResponse JavaDoc response,
182                                 ServletContext JavaDoc application)
183     throws ServletException JavaDoc, IOException JavaDoc
184   {
185     Principal JavaDoc user = getUserPrincipal(request, response, application);
186
187     if (user != null)
188       return user;
189
190     String JavaDoc path = request.getServletPath();
191     if (path == null)
192       path = request.getPathInfo();
193     else if (request.getPathInfo() != null)
194       path = path + request.getPathInfo();
195
196     if (path.equals("")) {
197       // Forward?
198
path = request.getContextPath() + "/";
199       response.sendRedirect(response.encodeRedirectURL(path));
200       return null;
201     }
202
203     Application app = (Application) application;
204       
205     String JavaDoc uri = request.getRequestURI();
206
207     if (path.endsWith("/j_security_check")) {
208       RequestDispatcher JavaDoc disp;
209       disp = application.getNamedDispatcher("j_security_check");
210
211       if (disp == null)
212         throw new ServletException JavaDoc(L.l("j_security_check servlet must be defined to use form-based login."));
213       
214       disp.forward(request, response);
215       return null;
216     }
217     else if (uri.equals(_loginPage) || uri.equals(_errorPage)) {
218       request.getRequestDispatcher(path).forward(request, response);
219       return null;
220     }
221
222     HttpSession JavaDoc session = request.getSession();
223
224     session.putValue(LOGIN_SAVED_PATH, path);
225     session.putValue(LOGIN_SAVED_QUERY, request.getQueryString());
226
227     if (response instanceof CauchoResponse) {
228       ((CauchoResponse) response).killCache();
229       ((CauchoResponse) response).setNoCache(true);
230     }
231     else {
232       response.setHeader("Cache-Control", "no-cache");
233     }
234
235     // In case where the authenticator is somethin like https:/
236
if (! _loginPage.startsWith("/")) {
237       response.sendRedirect(response.encodeRedirectURL(_loginPage));
238       return null;
239     }
240
241     // Forwards to the loginPage, never redirects according to the spec.
242
request.setAttribute("caucho.login", "login");
243     //RequestDispatcher disp = app.getLoginDispatcher(loginPage);
244
RequestDispatcher JavaDoc disp = app.getRequestDispatcher(_loginPage);
245     disp.forward(request, response);
246
247     if (log.isLoggable(Level.FINE))
248       log.fine("the form request has no authenticated user");
249       
250     return null;
251   }
252 }
253
Popular Tags