AuthenticationFailedAction


1   /*
2    jGuard is a security framework based on top of jaas (java authentication and authorization security).
3    it is written for web applications, to resolve simply, access control problems.
4    version $Name$
5    http://sourceforge.net/projects/jguard/
6   
7    Copyright (C) 2004  Charles GAY
8   
9    This library is free software; you can redistribute it and/or
10   modify it under the terms of the GNU Lesser General Public
11   License as published by the Free Software Foundation; either
12   version 2.1 of the License, or (at your option) any later version.
13  
14   This library is distributed in the hope that it will be useful,
15   but WITHOUT ANY WARRANTY; without even the implied warranty of
16   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
17   Lesser General Public License for more details.
18  
19   You should have received a copy of the GNU Lesser General Public
20   License along with this library; if not, write to the Free Software
21   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
22  
23  
24   jGuard project home page:
25   http://sourceforge.net/projects/jguard/
26  
27   */
28  package net.sf.jguard.example.struts.actions;
29  
30  import javax.servlet.http.HttpServletRequest  ;
31  import javax.servlet.http.HttpServletResponse  ;
32  import javax.servlet.http.HttpSession  ;
33  
34  import net.sf.jguard.jee.authentication.http.HttpConstants;
35  
36  import org.apache.struts.action.ActionErrors;
37  import org.apache.struts.action.ActionForm;
38  import org.apache.struts.action.ActionForward;
39  import org.apache.struts.action.ActionMapping;
40  import org.apache.struts.action.ActionMessage;
41  
42  /**
43   *
44   * action called when authentication failed.
45   *
46   * @author <a HREF="mailto:diabolo512@users.sourceforge.net">Charles Gay</a>
47   *
48   */
49  public class AuthenticationFailedAction extends BaseAction {
50  
51      public ActionForward execute(ActionMapping mapping, ActionForm form, HttpServletRequest   request, HttpServletResponse   response) {
52          HttpSession   session = request.getSession();
53          ActionErrors errors = new ActionErrors();
54          // prevent bug when accessing directly to authorizationFailedURI without authenticate
55          if ((Class  ) session.getAttribute(HttpConstants.LOGIN_EXCEPTION_CLASS) != null) {
56              ActionMessage amClass = new ActionMessage(((Class  ) session.getAttribute(HttpConstants.LOGIN_EXCEPTION_CLASS))
57                      .getName(), false);
58              ActionMessage amMessage = new ActionMessage((String  ) session.getAttribute(HttpConstants.LOGIN_EXCEPTION_MESSAGE),
59                      false);
60              // the LOGIN_EXCEPTION_CLASS is not put in the errors mechanism to
61              // hide to the final user the exception class => this is not a user concern,
62              // and can be evaluated as a security risk (give information about what
63              // security system is used to securize your webapp)
64              // errors.add(HttpConstants.LOGIN_EXCEPTION_CLASS,amClass);
65              errors.add(HttpConstants.LOGIN_EXCEPTION_MESSAGE, amMessage);
66              saveMessages(request, errors);
67          }
68          return mapping.findForward("authenticationFailedOK");
69      }
70  
71  }
72
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags