PasswordServlet


1   /*
2    * PasswordServlet.java
3    *
4    * Version: $Revision: 1.9 $
5    *
6    * Date: $Date: 2005/10/17 03:35:45 $
7    *
8    * Copyright (c) 2002-2005, Hewlett-Packard Company and Massachusetts
9    * Institute of Technology.  All rights reserved.
10   *
11   * Redistribution and use in source and binary forms, with or without
12   * modification, are permitted provided that the following conditions are
13   * met:
14   *
15   * - Redistributions of source code must retain the above copyright
16   * notice, this list of conditions and the following disclaimer.
17   *
18   * - Redistributions in binary form must reproduce the above copyright
19   * notice, this list of conditions and the following disclaimer in the
20   * documentation and/or other materials provided with the distribution.
21   *
22   * - Neither the name of the Hewlett-Packard Company nor the name of the
23   * Massachusetts Institute of Technology nor the names of their
24   * contributors may be used to endorse or promote products derived from
25   * this software without specific prior written permission.
26   *
27   * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
28   * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
29   * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
30   * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
31   * HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
32   * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
33   * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
34   * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
35   * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
36   * TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
37   * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
38   * DAMAGE.
39   */
40  package org.dspace.app.webui.servlet;
41  
42  import java.io.IOException  ;
43  import java.sql.SQLException  ;
44  
45  import javax.servlet.ServletException  ;
46  import javax.servlet.http.HttpServletRequest  ;
47  import javax.servlet.http.HttpServletResponse  ;
48  
49  import org.apache.log4j.Logger;
50  import org.dspace.app.webui.util.Authenticate;
51  import org.dspace.app.webui.util.JSPManager;
52  import org.dspace.authorize.AuthorizeException;
53  import org.dspace.core.Context;
54  import org.dspace.core.LogManager;
55  import org.dspace.eperson.EPerson;
56  import org.dspace.eperson.AuthenticationManager;
57  import org.dspace.eperson.AuthenticationMethod;
58  
59  /**
60   * Simple username and password authentication servlet. Displays the login form
61   * <code>/login/password.jsp</code> on a GET, otherwise process the parameters
62   * as an email and password.
63   * 
64   * Calls stackable authentication to give credentials to all
65   * authentication methods that can make use of them, not just DSpace-internal.
66   *
67   * @author Robert Tansley
68   * @version $Revision: 1.9 $
69   */
70  public class PasswordServlet extends DSpaceServlet
71  {
72      /** log4j logger */
73      private static Logger log = Logger.getLogger(PasswordServlet.class);
74  
75      protected void doDSGet(Context context, HttpServletRequest   request,
76              HttpServletResponse   response) throws ServletException  , IOException  ,
77              SQLException  , AuthorizeException
78      {
79          // Simply forward to the plain form
80          JSPManager.showJSP(request, response, "/login/password.jsp");
81      }
82  
83      protected void doDSPost(Context context, HttpServletRequest   request,
84              HttpServletResponse   response) throws ServletException  , IOException  ,
85              SQLException  , AuthorizeException
86      {
87          // Process the POSTed email and password
88          String   email = request.getParameter("login_email");
89          String   password = request.getParameter("login_password");
90          String   jsp = null;
91  
92          // Locate the eperson
93          int status = AuthenticationManager.authenticate(context, email, password,
94                          null, request);
95  
96          if (status == AuthenticationMethod.SUCCESS)
97              {
98                  // Logged in OK.
99              Authenticate.loggedIn(context, request, context.getCurrentUser());
100 
101             log.info(LogManager.getHeader(context, "login", "type=explicit"));
102 
103                 // resume previous request
104                 Authenticate.resumeInterruptedRequest(request, response);
105 
106                 return;
107             }
108         else if (status == AuthenticationMethod.CERT_REQUIRED)
109             jsp = "/error/require-certificate.jsp";
110         else
111             jsp = "/login/incorrect.jsp";
112 
113         // If we reach here, supplied email/password was duff.
114         log.info(LogManager.getHeader(context, "failed_login",
115                 "email=" + email + ", result=" + String.valueOf(status)));
116         JSPManager.showJSP(request, response, jsp);
117     }
118 }
119
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags