1 31 package org.blojsom.plugin.admin; 32 33 import org.apache.commons.logging.Log; 34 import org.apache.commons.logging.LogFactory; 35 import org.blojsom.authorization.AuthorizationException; 36 import org.blojsom.authorization.AuthorizationProvider; 37 import org.blojsom.blog.Blog; 38 import org.blojsom.blog.Entry; 39 import org.blojsom.plugin.Plugin; 40 import org.blojsom.plugin.PluginException; 41 import org.blojsom.plugin.permission.PermissionChecker; 42 import org.blojsom.util.BlojsomConstants; 43 import org.blojsom.util.BlojsomUtils; 44 import org.blojsom.util.resources.ResourceManager; 45 46 import javax.servlet.ServletConfig ; 47 import javax.servlet.http.HttpServletRequest ; 48 import javax.servlet.http.HttpServletResponse ; 49 import javax.servlet.http.HttpSession ; 50 import java.io.IOException ; 51 import java.util.HashMap ; 52 import java.util.Locale ; 53 import java.util.Map ; 54 55 62 public class BaseAdminPlugin implements Plugin, PermissionedPlugin { 63 64 protected static final Log _logger = LogFactory.getLog(BaseAdminPlugin.class); 65 66 protected static final String BLOJSOM_ADMIN_PLUGIN_AUTHENTICATED_KEY = "org.blojsom.plugin.admin.Authenticated"; 68 protected static final String BLOJSOM_ADMIN_PLUGIN_USERNAME_KEY = "org.blojsom.plugin.admin.Username"; 69 protected static final String BLOJSOM_ADMIN_PLUGIN_USERNAME = "BLOJSOM_ADMIN_PLUGIN_USERNAME"; 70 protected static final String BLOJSOM_ADMIN_PLUGIN_USERNAME_PARAM = "username"; 71 protected static final String BLOJSOM_ADMIN_PLUGIN_PASSWORD_PARAM = "password"; 72 protected static final String ACTION_PARAM = "action"; 73 protected static final String SUBACTION_PARAM = "subaction"; 74 protected static final String BLOJSOM_ADMIN_PLUGIN_OPERATION_RESULT = "BLOJSOM_ADMIN_PLUGIN_OPERATION_RESULT"; 75 protected static final String BLOJSOM_USER_AUTHENTICATED = "BLOJSOM_USER_AUTHENTICATED"; 76 protected static final String BLOJSOM_ADMIN_MESSAGES_RESOURCE = "org.blojsom.plugin.admin.resources.messages"; 77 protected static final String BLOJSOM_PERMISSION_CHECKER = "BLOJSOM_PERMISSION_CHECKER"; 78 protected static final String PLUGIN_ADMIN_INHERIT_APACHE_CREDENTIALS = "plugin-admin-inherit-apache-credentials"; 79 80 protected static final String LOGIN_ERROR_TEXT_KEY = "login.error.text"; 82 83 protected static final String ADMIN_ADMINISTRATION_PAGE = "/org/blojsom/plugin/admin/templates/admin"; 85 protected static final String ADMIN_LOGIN_PAGE = "/org/blojsom/plugin/admin/templates/admin-login"; 86 protected static final String ADMIN_AJAX_RESPONSE = "/org/blojsom/plugin/admin/templates/admin-ajax-response"; 87 88 protected static final String LOGIN_ACTION = "login"; 90 protected static final String LOGOUT_ACTION = "logout"; 91 protected static final String PAGE_ACTION = "page"; 92 93 protected ServletConfig _servletConfig; 94 protected AuthorizationProvider _authorizationProvider; 95 protected ResourceManager _resourceManager; 96 protected Map _ignoreParams; 97 98 101 public BaseAdminPlugin() { 102 } 103 104 109 public void setServletConfig(ServletConfig servletConfig) { 110 _servletConfig = servletConfig; 111 } 112 113 118 public void setAuthorizationProvider(AuthorizationProvider authorizationProvider) { 119 _authorizationProvider = authorizationProvider; 120 } 121 122 127 public void setResourceManager(ResourceManager resourceManager) { 128 _resourceManager = resourceManager; 129 } 130 131 136 public void init() throws PluginException { 137 _ignoreParams = new HashMap (); 138 _ignoreParams.put(BLOJSOM_ADMIN_PLUGIN_USERNAME_PARAM, BLOJSOM_ADMIN_PLUGIN_USERNAME_PARAM); 139 _ignoreParams.put(BLOJSOM_ADMIN_PLUGIN_PASSWORD_PARAM, BLOJSOM_ADMIN_PLUGIN_PASSWORD_PARAM); 140 _ignoreParams.put("submit", "submit"); 141 _ignoreParams.put("reset", "reset"); 142 } 143 144 153 protected boolean authenticateUser(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Map context, Blog blog) { 154 BlojsomUtils.setNoCacheControlHeaders(httpServletResponse); 155 HttpSession httpSession = httpServletRequest.getSession(); 156 boolean logout = false; 157 158 String action = BlojsomUtils.getRequestValue(ACTION_PARAM, httpServletRequest); 160 if (action != null && LOGOUT_ACTION.equals(action)) { 161 httpSession.removeAttribute(blog.getBlogAdminURL() + "_" + BLOJSOM_ADMIN_PLUGIN_AUTHENTICATED_KEY); 162 httpSession.removeAttribute(BLOJSOM_USER_AUTHENTICATED); 163 httpSession.removeAttribute(BlojsomConstants.REDIRECT_TO_PARAM); 164 logout = true; 165 } 166 167 StringBuffer redirectURL = new StringBuffer (); 168 redirectURL.append(httpServletRequest.getRequestURI()); 169 if (!redirectURL.toString().endsWith("/")) { 170 redirectURL.append("/"); 171 } 172 if (httpServletRequest.getParameterMap().size() > 0) { 173 redirectURL.append("?"); 174 redirectURL.append(BlojsomUtils.convertRequestParams(httpServletRequest, _ignoreParams)); 175 } 176 177 if (Boolean.valueOf(blog.getProperty(PLUGIN_ADMIN_INHERIT_APACHE_CREDENTIALS)).booleanValue() && !BlojsomUtils.checkNullOrBlank(httpServletRequest.getRemoteUser())) 178 { 179 String remoteUsername = httpServletRequest.getRemoteUser(); 180 _logger.debug("Retrieved remote_user from server: " + remoteUsername); 181 182 httpSession.setAttribute(blog.getBlogAdminURL() + "_" + BLOJSOM_ADMIN_PLUGIN_AUTHENTICATED_KEY, Boolean.TRUE); 183 httpSession.setAttribute(blog.getBlogAdminURL() + "_" + BLOJSOM_ADMIN_PLUGIN_USERNAME_KEY, remoteUsername); 184 httpSession.setAttribute(BLOJSOM_ADMIN_PLUGIN_USERNAME, remoteUsername); 185 httpSession.setAttribute(BLOJSOM_USER_AUTHENTICATED, Boolean.TRUE); 186 _logger.debug("Passed remote_user authentication for username: " + remoteUsername); 187 } 188 189 if (httpSession.getAttribute(blog.getBlogAdminURL() + "_" + BLOJSOM_ADMIN_PLUGIN_AUTHENTICATED_KEY) == null) { 191 String username = httpServletRequest.getParameter(BLOJSOM_ADMIN_PLUGIN_USERNAME_PARAM); 192 String password = httpServletRequest.getParameter(BLOJSOM_ADMIN_PLUGIN_PASSWORD_PARAM); 193 194 if (username == null || password == null || "".equals(username) || "".equals(password)) { 195 _logger.debug("No username/password provided or username/password was empty"); 196 _logger.debug("Setting redirect_to attribute to: " + redirectURL.toString()); 197 if (!logout) { 198 httpServletRequest.getSession().setAttribute(BlojsomConstants.REDIRECT_TO_PARAM, redirectURL.toString()); 199 } 200 201 return false; 202 } 203 204 try { 206 _authorizationProvider.authorize(blog, null, username, password); 207 httpSession.setAttribute(blog.getBlogAdminURL() + "_" + BLOJSOM_ADMIN_PLUGIN_AUTHENTICATED_KEY, Boolean.TRUE); 208 httpSession.setAttribute(blog.getBlogAdminURL() + "_" + BLOJSOM_ADMIN_PLUGIN_USERNAME_KEY, username); 209 httpSession.setAttribute(BLOJSOM_ADMIN_PLUGIN_USERNAME, username); 210 httpSession.setAttribute(BLOJSOM_USER_AUTHENTICATED, Boolean.TRUE); 211 _logger.debug("Passed authentication for username: " + username); 212 213 return true; 214 } catch (AuthorizationException e) { 215 _logger.debug("Failed authentication for username: " + username); 216 addOperationResultMessage(context, formatAdminResource(LOGIN_ERROR_TEXT_KEY, LOGIN_ERROR_TEXT_KEY, blog.getBlogAdministrationLocale(), new Object []{username})); 217 _logger.debug("Setting redirect_to attribute to: " + redirectURL.toString()); 218 if (!logout) { 219 httpServletRequest.getSession().setAttribute(BlojsomConstants.REDIRECT_TO_PARAM, redirectURL.toString()); 220 } 221 222 return false; 223 } 224 } else { 225 context.put(BLOJSOM_PERMISSION_CHECKER, new PermissionChecker(blog, _authorizationProvider, context)); 226 227 return ((Boolean ) httpSession.getAttribute(blog.getBlogAdminURL() + "_" + BLOJSOM_ADMIN_PLUGIN_AUTHENTICATED_KEY)).booleanValue(); 228 } 229 } 230 231 238 protected String getUsernameFromSession(HttpServletRequest httpServletRequest, Blog blog) { 239 return (String ) httpServletRequest.getSession().getAttribute(blog.getBlogAdminURL() + "_" + BLOJSOM_ADMIN_PLUGIN_USERNAME_KEY); 240 } 241 242 251 public boolean checkPermission(Blog blog, Map permissionContext, String username, String permission) { 252 try { 253 _authorizationProvider.checkPermission(blog, permissionContext, username, permission); 254 } catch (AuthorizationException e) { 255 _logger.error(e); 256 return false; 257 } 258 259 return true; 260 } 261 262 268 protected void addOperationResultMessage(Map context, String message) { 269 context.put(BLOJSOM_ADMIN_PLUGIN_OPERATION_RESULT, message); 270 } 271 272 280 protected String getAdminResource(String resourceID, String fallbackText, Locale locale) { 281 return _resourceManager.getString(resourceID, BLOJSOM_ADMIN_MESSAGES_RESOURCE, fallbackText, locale); 282 } 283 284 293 protected String formatAdminResource(String resourceID, String fallbackText, Locale locale, Object [] arguments) { 294 String resourceText = getAdminResource(resourceID, fallbackText, locale); 295 296 String formattedText = _resourceManager.format(resourceText, arguments); 297 if (formattedText == null) { 298 formattedText = fallbackText; 299 } 300 301 return formattedText; 302 } 303 304 315 public Entry[] process(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Blog blog, Map context, Entry[] entries) throws PluginException { 316 if (!authenticateUser(httpServletRequest, httpServletResponse, context, blog)) { 317 httpServletRequest.setAttribute(BlojsomConstants.PAGE_PARAM, ADMIN_LOGIN_PAGE); 318 } else { 319 String page = BlojsomUtils.getRequestValue(BlojsomConstants.PAGE_PARAM, httpServletRequest); 320 if (!BlojsomUtils.checkNullOrBlank(page)) { 321 httpServletRequest.setAttribute(BlojsomConstants.PAGE_PARAM, page); 322 } else { 323 httpServletRequest.setAttribute(BlojsomConstants.PAGE_PARAM, ADMIN_ADMINISTRATION_PAGE); 324 } 325 326 if (httpServletRequest.getSession().getAttribute(BlojsomConstants.REDIRECT_TO_PARAM) != null) { 327 String redirectURL = (String ) httpServletRequest.getSession().getAttribute(BlojsomConstants.REDIRECT_TO_PARAM); 328 329 try { 330 httpServletRequest.getSession().removeAttribute(BlojsomConstants.REDIRECT_TO_PARAM); 331 httpServletResponse.sendRedirect(redirectURL); 332 } catch (IOException e) { 333 _logger.error(e); 334 } 335 } 336 } 337 338 return entries; 339 } 340 341 346 public void cleanup() throws PluginException { 347 } 348 349 354 public void destroy() throws PluginException { 355 } 356 } 357 | Popular Tags |