KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > infoglue > cms > security > InfoGlueBasicAuthenticationModule


1 /* ===============================================================================
2  *
3  * Part of the InfoGlue Content Management Platform (www.infoglue.org)
4  *
5  * ===============================================================================
6  *
7  * Copyright (C)
8  *
9  * This program is free software; you can redistribute it and/or modify it under
10  * the terms of the GNU General Public License version 2, as published by the
11  * Free Software Foundation. See the file LICENSE.html for more information.
12  *
13  * This program is distributed in the hope that it will be useful, but WITHOUT
14  * ANY WARRANTY, including the implied warranty of MERCHANTABILITY or FITNESS
15  * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
16  *
17  * You should have received a copy of the GNU General Public License along with
18  * this program; if not, write to the Free Software Foundation, Inc. / 59 Temple
19  * Place, Suite 330 / Boston, MA 02111-1307 / USA.
20  *
21  * ===============================================================================
22  */

23
24 package org.infoglue.cms.security;
25
26 import java.net.URLEncoder JavaDoc;
27 import java.security.Principal JavaDoc;
28 import java.util.HashMap JavaDoc;
29 import java.util.Map JavaDoc;
30 import java.util.Properties JavaDoc;
31
32 import javax.servlet.FilterChain JavaDoc;
33 import javax.servlet.ServletException JavaDoc;
34 import javax.servlet.http.HttpServletRequest JavaDoc;
35 import javax.servlet.http.HttpServletResponse JavaDoc;
36 import javax.servlet.http.HttpSession JavaDoc;
37
38 import org.apache.log4j.Logger;
39 import org.exolab.castor.jdo.Database;
40 import org.infoglue.cms.controllers.kernel.impl.simple.SystemUserController;
41 import org.infoglue.cms.util.CmsPropertyHandler;
42
43 /**
44  * @author Mattias Bogeblad
45  *
46  * This authentication module authenticates an user against the ordinary infoglue database.
47  */

48
49 public class InfoGlueBasicAuthenticationModule extends AuthenticationModule
50 {
51     private final static Logger logger = Logger.getLogger(InfoGlueBasicAuthenticationModule.class.getName());
52
53     private String JavaDoc loginUrl = null;
54     private String JavaDoc logoutUrl = null;
55     private String JavaDoc invalidLoginUrl = null;
56     private String JavaDoc successLoginUrl = null;
57     private String JavaDoc authenticatorClass = null;
58     private String JavaDoc authorizerClass = null;
59     private String JavaDoc serverName = null;
60     private String JavaDoc casServiceUrl = null;
61     private String JavaDoc casRenew = null;
62     private String JavaDoc casValidateUrl = null;
63     private String JavaDoc casLogoutUrl = null;
64     private String JavaDoc casAuthorizedProxy = null;
65     private Properties JavaDoc extraProperties = null;
66     private transient Database transactionObject = null;
67     
68     /**
69      * This method handles all of the logic for checking how to handle a login.
70      */

71     
72     public String JavaDoc authenticateUser(HttpServletRequest JavaDoc request, HttpServletResponse JavaDoc response, FilterChain JavaDoc fc) throws Exception JavaDoc
73     {
74         String JavaDoc authenticatedUserName = null;
75
76         HttpSession JavaDoc session = ((HttpServletRequest JavaDoc)request).getSession();
77
78         //otherwise, we need to authenticate somehow
79
String JavaDoc userName = request.getParameter("j_username");
80         String JavaDoc password = request.getParameter("j_password");
81
82         // no userName? abort request processing and redirect
83
if (userName == null || userName.equals(""))
84         {
85             if (loginUrl == null)
86             {
87                 throw new ServletException JavaDoc(
88                         "When InfoGlueFilter protects pages that do not receive a 'userName' " +
89                         "parameter, it needs a org.infoglue.cms.security.loginUrl " +
90                         "filter parameter");
91             }
92   
93             String JavaDoc requestURI = request.getRequestURI();
94             
95             String JavaDoc requestQueryString = request.getQueryString();
96             if(requestQueryString != null)
97                 requestQueryString = "?" + requestQueryString;
98             else
99                 requestQueryString = "";
100             
101             logger.info("requestQueryString:" + requestQueryString);
102
103             String JavaDoc redirectUrl = "";
104                 
105             if(requestURI.indexOf("?") > 0)
106                 redirectUrl = loginUrl + "&referringUrl=" + URLEncoder.encode(requestURI + requestQueryString, "UTF-8");
107             else
108                 redirectUrl = loginUrl + "?referringUrl=" + URLEncoder.encode(requestURI + requestQueryString, "UTF-8");
109     
110             logger.info("redirectUrl:" + redirectUrl);
111             response.sendRedirect(redirectUrl);
112
113             return null;
114         }
115         
116         boolean isAuthenticated = authenticate(userName, password, new HashMap JavaDoc());
117         logger.info("authenticated:" + isAuthenticated);
118         authenticatedUserName = userName;
119         
120         if(!isAuthenticated)
121         {
122             String JavaDoc referringUrl = request.getRequestURI();
123             if(request.getParameter("referringUrl") != null)
124                 referringUrl = request.getParameter("referringUrl");
125         
126             String JavaDoc requestQueryString = request.getQueryString();
127             if(requestQueryString != null)
128                 requestQueryString = "?" + requestQueryString;
129             else
130                 requestQueryString = "";
131             
132             logger.info("requestQueryString:" + requestQueryString);
133
134             String JavaDoc redirectUrl = "";
135
136             if(referringUrl.indexOf("?") > 0)
137                 redirectUrl = invalidLoginUrl + "?userName=" + URLEncoder.encode(userName, "UTF-8") + "&errorMessage=" + URLEncoder.encode("Invalid login - please try again..", "UTF-8") + "&referringUrl=" + URLEncoder.encode(referringUrl + requestQueryString, "UTF-8");
138             else
139                 redirectUrl = invalidLoginUrl + "?userName=" + URLEncoder.encode(userName, "UTF-8") + "?errorMessage=" + URLEncoder.encode("Invalid login - please try again..", "UTF-8") + "&referringUrl=" + URLEncoder.encode(referringUrl + requestQueryString, "UTF-8");
140             
141             //String redirectUrl = invalidLoginUrl + "?userName=" + URLEncoder.encode(userName, "UTF-8") + "&errorMessage=" + URLEncoder.encode("Invalid login - please try again..", "UTF-8") + "&referringUrl=" + URLEncoder.encode(referringUrl + requestQueryString, "UTF-8");
142
logger.info("redirectUrl:" + redirectUrl);
143             response.sendRedirect(redirectUrl);
144             return null;
145         }
146
147         //fc.doFilter(request, response);
148
return authenticatedUserName;
149     }
150     
151     
152     /**
153      * This method handles all of the logic for checking how to handle a login.
154      */

155     
156     public String JavaDoc authenticateUser(Map JavaDoc request) throws Exception JavaDoc
157     {
158         String JavaDoc authenticatedUserName = null;
159
160         //otherwise, we need to authenticate somehow
161
String JavaDoc userName = (String JavaDoc)request.get("j_username");
162         String JavaDoc password = (String JavaDoc)request.get("j_password");
163
164         logger.info("authenticateUser:userName:" + userName);
165         
166         // no userName? abort request processing and redirect
167
if (userName == null || userName.equals(""))
168         {
169             return null;
170         }
171         
172         boolean isAuthenticated = authenticate(userName, password, new HashMap JavaDoc());
173         logger.info("authenticated:" + isAuthenticated);
174         
175         if(!isAuthenticated)
176         {
177             return null;
178         }
179
180         authenticatedUserName = userName;
181         
182         return authenticatedUserName;
183     }
184     
185     /**
186      * This method handles all of the logic for checking how to handle a login.
187      */

188     
189     public String JavaDoc getLoginDialogUrl(HttpServletRequest JavaDoc request, HttpServletResponse JavaDoc response) throws Exception JavaDoc
190     {
191         String JavaDoc returnAddress = null;
192
193         String JavaDoc referer = request.getHeader("Referer");
194         
195         if(referer == null || referer.indexOf("ViewStructureToolToolBar.action") != -1)
196             referer = "/";
197
198         logger.info("successLoginUrl:" + successLoginUrl);
199         if(successLoginUrl != null)
200         {
201             returnAddress = successLoginUrl;
202         }
203         else
204         {
205             returnAddress = request.getRequestURL().toString() + "?" + request.getQueryString() + "&referer=" + URLEncoder.encode(referer, "UTF-8") + "&date=" + System.currentTimeMillis();
206         }
207         
208         logger.info("returnAddress:" + returnAddress);
209         return request.getContextPath() + "/ExtranetLogin!loginForm.action?returnAddress=" + URLEncoder.encode(returnAddress, "UTF-8");
210     }
211     
212     /**
213      * This method authenticates against the infoglue extranet user database.
214      */

215     
216     private boolean authenticate(String JavaDoc userName, String JavaDoc password, Map JavaDoc parameters) throws Exception JavaDoc
217     {
218         boolean isAuthenticated = false;
219         
220         String JavaDoc administratorUserName = CmsPropertyHandler.getAdministratorUserName();
221         String JavaDoc administratorPassword = CmsPropertyHandler.getAdministratorPassword();
222         //logger.info("administratorUserName:" + administratorUserName);
223
//logger.info("administratorPassword:" + administratorPassword);
224
//logger.info("userName:" + userName);
225
//logger.info("password:" + password);
226
boolean isAdministrator = (userName.equalsIgnoreCase(administratorUserName) && password.equalsIgnoreCase(administratorPassword)) ? true : false;
227         
228         if(this.transactionObject != null)
229         {
230             if(isAdministrator || SystemUserController.getController().getSystemUserVO(this.transactionObject, userName, password) != null)
231                 isAuthenticated = true;
232         }
233         else
234         {
235             if(isAdministrator || SystemUserController.getController().getSystemUserVO(userName, password) != null)
236                 isAuthenticated = true;
237         }
238
239         return isAuthenticated;
240     }
241
242     public Principal JavaDoc loginUser(HttpServletRequest JavaDoc request, HttpServletResponse JavaDoc response, Map JavaDoc status) throws Exception JavaDoc
243     {
244         return null;
245     }
246
247     public boolean logoutUser(HttpServletRequest JavaDoc request, HttpServletResponse JavaDoc response) throws Exception JavaDoc
248     {
249         String JavaDoc returnAddress = null;
250
251         logger.info("loginUrl:" + this.loginUrl);
252         logger.info("logoutUrl:" + this.logoutUrl);
253         logger.info("successLoginUrl:" + this.successLoginUrl);
254
255         if(this.logoutUrl != null && this.logoutUrl.equals("Login!logout.action"))
256         {
257             String JavaDoc referer = request.getHeader("Referer");
258             
259             if(referer == null || referer.indexOf("ViewStructureToolToolBar.action") != -1)
260                 referer = "/";
261     
262             logger.info("successLoginUrl:" + successLoginUrl);
263             if(successLoginUrl != null)
264             {
265                 returnAddress = "" + successLoginUrl;
266             }
267             else
268             {
269                 returnAddress = "" + request.getContextPath() + "/ViewCMSTool.action";
270             }
271                 
272             logger.info("returnAddress:" + returnAddress);
273             //String redirectAddress = request.getContextPath() + "/ExtranetLogin!loginForm.action?returnAddress=" + URLEncoder.encode(returnAddress, "UTF-8");
274

275             String JavaDoc redirectAddress = "" + this.loginUrl + "?referringUrl=" + URLEncoder.encode(returnAddress, "utf-8");
276             logger.info("redirectAddress in InfoGlueBasicAuth module:" + returnAddress);
277             response.sendRedirect(returnAddress);
278             
279             return true;
280         }
281         else
282         {
283             if(CmsPropertyHandler.getApplicationName().equals("cms"))
284             {
285                 String JavaDoc redirectAddress = "" + this.logoutUrl + "?returnAddress=" + URLEncoder.encode(request.getContextPath() + "/ViewCMSTool.action", "utf-8");
286                 logger.info("redirectAddress in InfoGlueBasicAuth module:" + redirectAddress);
287                 response.sendRedirect(redirectAddress);
288                 
289                 return true;
290             }
291             else
292                 return false;
293         }
294     }
295
296
297     public String JavaDoc getAuthenticatorClass()
298     {
299         return authenticatorClass;
300     }
301
302     public void setAuthenticatorClass(String JavaDoc authenticatorClass)
303     {
304         this.authenticatorClass = authenticatorClass;
305     }
306
307     public String JavaDoc getAuthorizerClass()
308     {
309         return authorizerClass;
310     }
311
312     public void setAuthorizerClass(String JavaDoc authorizerClass)
313     {
314         this.authorizerClass = authorizerClass;
315     }
316
317     public String JavaDoc getInvalidLoginUrl()
318     {
319         return invalidLoginUrl;
320     }
321
322     public void setInvalidLoginUrl(String JavaDoc invalidLoginUrl)
323     {
324         this.invalidLoginUrl = invalidLoginUrl;
325     }
326
327     public String JavaDoc getLoginUrl()
328     {
329         return loginUrl;
330     }
331
332     public void setLoginUrl(String JavaDoc loginUrl)
333     {
334         this.loginUrl = loginUrl;
335     }
336
337     public String JavaDoc getLogoutUrl()
338     {
339         return logoutUrl;
340     }
341
342     public void setLogoutUrl(String JavaDoc logoutUrl)
343     {
344         this.logoutUrl = logoutUrl;
345     }
346
347     public String JavaDoc getSuccessLoginUrl()
348     {
349         return successLoginUrl;
350     }
351     
352     public void setSuccessLoginUrl(String JavaDoc successLoginUrl)
353     {
354         this.successLoginUrl = successLoginUrl;
355     }
356
357     public String JavaDoc getServerName()
358     {
359         return this.serverName;
360     }
361
362     public void setServerName(String JavaDoc serverName)
363     {
364         this.serverName = serverName;
365     }
366
367     public Properties JavaDoc getExtraProperties()
368     {
369         return extraProperties;
370     }
371
372     public void setExtraProperties(Properties JavaDoc extraProperties)
373     {
374         this.extraProperties = extraProperties;
375     }
376     
377     public String JavaDoc getCasRenew()
378     {
379         return casRenew;
380     }
381
382     public void setCasRenew(String JavaDoc casRenew)
383     {
384         this.casRenew = casRenew;
385     }
386
387     public String JavaDoc getCasServiceUrl()
388     {
389         return casServiceUrl;
390     }
391
392     public void setCasServiceUrl(String JavaDoc casServiceUrl)
393     {
394         this.casServiceUrl = casServiceUrl;
395     }
396
397     public String JavaDoc getCasValidateUrl()
398     {
399         return casValidateUrl;
400     }
401
402     public void setCasValidateUrl(String JavaDoc casValidateUrl)
403     {
404         this.casValidateUrl = casValidateUrl;
405     }
406
407     public String JavaDoc getCasAuthorizedProxy()
408     {
409         return casAuthorizedProxy;
410     }
411
412     public void setCasAuthorizedProxy(String JavaDoc casAuthorizedProxy)
413     {
414         this.casAuthorizedProxy = casAuthorizedProxy;
415     }
416
417     public Object JavaDoc getTransactionObject()
418     {
419         return this.transactionObject;
420     }
421
422     public void setTransactionObject(Object JavaDoc transactionObject)
423     {
424         this.transactionObject = (Database)transactionObject;
425     }
426
427
428     public String JavaDoc getCasLogoutUrl() {
429         return casLogoutUrl;
430     }
431
432
433     public void setCasLogoutUrl(String JavaDoc casLogoutUrl) {
434         this.casLogoutUrl = casLogoutUrl;
435     }
436
437     
438 }
439
Popular Tags