Java > Open Source Codes > org > infoglue > cms > security > InfoGlueBasicAuthenticationModule


1 /* ===============================================================================
2  *
3  * Part of the InfoGlue Content Management Platform (www.infoglue.org)
4  *
5  * ===============================================================================
6  *
7  * Copyright (C)
8  *
9  * This program is free software; you can redistribute it and/or modify it under
10  * the terms of the GNU General Public License version 2, as published by the
11  * Free Software Foundation. See the file LICENSE.html for more information.
12  *
13  * This program is distributed in the hope that it will be useful, but WITHOUT
14  * ANY WARRANTY, including the implied warranty of MERCHANTABILITY or FITNESS
15  * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
16  *
17  * You should have received a copy of the GNU General Public License along with
18  * this program; if not, write to the Free Software Foundation, Inc. / 59 Temple
19  * Place, Suite 330 / Boston, MA 02111-1307 / USA.
20  *
21  * ===============================================================================
22  */
23
24 package org.infoglue.cms.security;
25
26 import java.net.URLEncoder ;
27 import java.security.Principal ;
28 import java.util.HashMap ;
29 import java.util.Map ;
30 import java.util.Properties ;
31
32 import javax.servlet.FilterChain ;
33 import javax.servlet.ServletException ;
34 import javax.servlet.http.HttpServletRequest ;
35 import javax.servlet.http.HttpServletResponse ;
36 import javax.servlet.http.HttpSession ;
37
38 import org.apache.log4j.Logger;
39 import org.exolab.castor.jdo.Database;
40 import org.infoglue.cms.controllers.kernel.impl.simple.SystemUserController;
41 import org.infoglue.cms.util.CmsPropertyHandler;
42
43 /**
44  * @author Mattias Bogeblad
45  *
46  * This authentication module authenticates an user against the ordinary infoglue database.
47  */
48
49 public class InfoGlueBasicAuthenticationModule extends AuthenticationModule
50 {
51     private final static Logger logger = Logger.getLogger(InfoGlueBasicAuthenticationModule.class.getName());
52
53     private String loginUrl = null;
54     private String logoutUrl = null;
55     private String invalidLoginUrl = null;
56     private String successLoginUrl = null;
57     private String authenticatorClass = null;
58     private String authorizerClass = null;
59     private String serverName = null;
60     private String casServiceUrl = null;
61     private String casRenew = null;
62     private String casValidateUrl = null;
63     private String casLogoutUrl = null;
64     private String casAuthorizedProxy = null;
65     private Properties extraProperties = null;
66     private transient Database transactionObject = null;
67     
68     /**
69      * This method handles all of the logic for checking how to handle a login.
70      */
71     
72     public String authenticateUser(HttpServletRequest request, HttpServletResponse response, FilterChain fc) throws Exception
73     {
74         String authenticatedUserName = null;
75
76         HttpSession session = ((HttpServletRequest )request).getSession();
77
78         //otherwise, we need to authenticate somehow
79 String userName = request.getParameter("j_username");
80         String password = request.getParameter("j_password");
81
82         // no userName? abort request processing and redirect
83 if (userName == null || userName.equals(""))
84         {
85             if (loginUrl == null)
86             {
87                 throw new ServletException (
88                         "When InfoGlueFilter protects pages that do not receive a 'userName' " +
89                         "parameter, it needs a org.infoglue.cms.security.loginUrl " +
90                         "filter parameter");
91             }
92   
93             String requestURI = request.getRequestURI();
94             
95             String requestQueryString = request.getQueryString();
96             if(requestQueryString != null)
97                 requestQueryString = "?" + requestQueryString;
98             else
99                 requestQueryString = "";
100             
101             logger.info("requestQueryString:" + requestQueryString);
102
103             String redirectUrl = "";
104                 
105             if(requestURI.indexOf("?") > 0)
106                 redirectUrl = loginUrl + "&referringUrl=" + URLEncoder.encode(requestURI + requestQueryString, "UTF-8");
107             else
108                 redirectUrl = loginUrl + "?referringUrl=" + URLEncoder.encode(requestURI + requestQueryString, "UTF-8");
109     
110             logger.info("redirectUrl:" + redirectUrl);
111             response.sendRedirect(redirectUrl);
112
113             return null;
114         }
115         
116         boolean isAuthenticated = authenticate(userName, password, new HashMap ());
117         logger.info("authenticated:" + isAuthenticated);
118         authenticatedUserName = userName;
119         
120         if(!isAuthenticated)
121         {
122             String referringUrl = request.getRequestURI();
123             if(request.getParameter("referringUrl") != null)
124                 referringUrl = request.getParameter("referringUrl");
125         
126             String requestQueryString = request.getQueryString();
127             if(requestQueryString != null)
128                 requestQueryString = "?" + requestQueryString;
129             else
130                 requestQueryString = "";
131             
132             logger.info("requestQueryString:" + requestQueryString);
133
134             String redirectUrl = "";
135
136             if(referringUrl.indexOf("?") > 0)
137                 redirectUrl = invalidLoginUrl + "?userName=" + URLEncoder.encode(userName, "UTF-8") + "&errorMessage=" + URLEncoder.encode("Invalid login - please try again..", "UTF-8") + "&referringUrl=" + URLEncoder.encode(referringUrl + requestQueryString, "UTF-8");
138             else
139                 redirectUrl = invalidLoginUrl + "?userName=" + URLEncoder.encode(userName, "UTF-8") + "?errorMessage=" + URLEncoder.encode("Invalid login - please try again..", "UTF-8") + "&referringUrl=" + URLEncoder.encode(referringUrl + requestQueryString, "UTF-8");
140             
141             //String redirectUrl = invalidLoginUrl + "?userName=" + URLEncoder.encode(userName, "UTF-8") + "&errorMessage=" + URLEncoder.encode("Invalid login - please try again..", "UTF-8") + "&referringUrl=" + URLEncoder.encode(referringUrl + requestQueryString, "UTF-8");
142 logger.info("redirectUrl:" + redirectUrl);
143             response.sendRedirect(redirectUrl);
144             return null;
145         }
146
147         //fc.doFilter(request, response);
148 return authenticatedUserName;
149     }
150     
151     
152     /**
153      * This method handles all of the logic for checking how to handle a login.
154      */
155     
156     public String authenticateUser(Map request) throws Exception
157     {
158         String authenticatedUserName = null;
159
160         //otherwise, we need to authenticate somehow
161 String userName = (String )request.get("j_username");
162         String password = (String )request.get("j_password");
163
164         logger.info("authenticateUser:userName:" + userName);
165         
166         // no userName? abort request processing and redirect
167 if (userName == null || userName.equals(""))
168         {
169             return null;
170         }
171         
172         boolean isAuthenticated = authenticate(userName, password, new HashMap ());
173         logger.info("authenticated:" + isAuthenticated);
174         
175         if(!isAuthenticated)
176         {
177             return null;
178         }
179
180         authenticatedUserName = userName;
181         
182         return authenticatedUserName;
183     }
184     
185     /**
186      * This method handles all of the logic for checking how to handle a login.
187      */
188     
189     public String getLoginDialogUrl(HttpServletRequest request, HttpServletResponse response) throws Exception
190     {
191         String returnAddress = null;
192
193         String referer = request.getHeader("Referer");
194         
195         if(referer == null || referer.indexOf("ViewStructureToolToolBar.action") != -1)
196             referer = "/";
197
198         logger.info("successLoginUrl:" + successLoginUrl);
199         if(successLoginUrl != null)
200         {
201             returnAddress = successLoginUrl;
202         }
203         else
204         {
205             returnAddress = request.getRequestURL().toString() + "?" + request.getQueryString() + "&referer=" + URLEncoder.encode(referer, "UTF-8") + "&date=" + System.currentTimeMillis();
206         }
207         
208         logger.info("returnAddress:" + returnAddress);
209         return request.getContextPath() + "/ExtranetLogin!loginForm.action?returnAddress=" + URLEncoder.encode(returnAddress, "UTF-8");
210     }
211     
212     /**
213      * This method authenticates against the infoglue extranet user database.
214      */
215     
216     private boolean authenticate(String userName, String password, Map parameters) throws Exception
217     {
218         boolean isAuthenticated = false;
219         
220         String administratorUserName = CmsPropertyHandler.getAdministratorUserName();
221         String administratorPassword = CmsPropertyHandler.getAdministratorPassword();
222         //logger.info("administratorUserName:" + administratorUserName);
223 //logger.info("administratorPassword:" + administratorPassword);
224 //logger.info("userName:" + userName);
225 //logger.info("password:" + password);
226 boolean isAdministrator = (userName.equalsIgnoreCase(administratorUserName) && password.equalsIgnoreCase(administratorPassword)) ? true : false;
227         
228         if(this.transactionObject != null)
229         {
230             if(isAdministrator || SystemUserController.getController().getSystemUserVO(this.transactionObject, userName, password) != null)
231                 isAuthenticated = true;
232         }
233         else
234         {
235             if(isAdministrator || SystemUserController.getController().getSystemUserVO(userName, password) != null)
236                 isAuthenticated = true;
237         }
238
239         return isAuthenticated;
240     }
241
242     public Principal loginUser(HttpServletRequest request, HttpServletResponse response, Map status) throws Exception
243     {
244         return null;
245     }
246
247     public boolean logoutUser(HttpServletRequest request, HttpServletResponse response) throws Exception
248     {
249         String returnAddress = null;
250
251         logger.info("loginUrl:" + this.loginUrl);
252         logger.info("logoutUrl:" + this.logoutUrl);
253         logger.info("successLoginUrl:" + this.successLoginUrl);
254
255         if(this.logoutUrl != null && this.logoutUrl.equals("Login!logout.action"))
256         {
257             String referer = request.getHeader("Referer");
258             
259             if(referer == null || referer.indexOf("ViewStructureToolToolBar.action") != -1)
260                 referer = "/";
261     
262             logger.info("successLoginUrl:" + successLoginUrl);
263             if(successLoginUrl != null)
264             {
265                 returnAddress = "" + successLoginUrl;
266             }
267             else
268             {
269                 returnAddress = "" + request.getContextPath() + "/ViewCMSTool.action";
270             }
271                 
272             logger.info("returnAddress:" + returnAddress);
273             //String redirectAddress = request.getContextPath() + "/ExtranetLogin!loginForm.action?returnAddress=" + URLEncoder.encode(returnAddress, "UTF-8");
274
275             String redirectAddress = "" + this.loginUrl + "?referringUrl=" + URLEncoder.encode(returnAddress, "utf-8");
276             logger.info("redirectAddress in InfoGlueBasicAuth module:" + returnAddress);
277             response.sendRedirect(returnAddress);
278             
279             return true;
280         }
281         else
282         {
283             if(CmsPropertyHandler.getApplicationName().equals("cms"))
284             {
285                 String redirectAddress = "" + this.logoutUrl + "?returnAddress=" + URLEncoder.encode(request.getContextPath() + "/ViewCMSTool.action", "utf-8");
286                 logger.info("redirectAddress in InfoGlueBasicAuth module:" + redirectAddress);
287                 response.sendRedirect(redirectAddress);
288                 
289                 return true;
290             }
291             else
292                 return false;
293         }
294     }
295
296
297     public String getAuthenticatorClass()
298     {
299         return authenticatorClass;
300     }
301
302     public void setAuthenticatorClass(String authenticatorClass)
303     {
304         this.authenticatorClass = authenticatorClass;
305     }
306
307     public String getAuthorizerClass()
308     {
309         return authorizerClass;
310     }
311
312     public void setAuthorizerClass(String authorizerClass)
313     {
314         this.authorizerClass = authorizerClass;
315     }
316
317     public String getInvalidLoginUrl()
318     {
319         return invalidLoginUrl;
320     }
321
322     public void setInvalidLoginUrl(String invalidLoginUrl)
323     {
324         this.invalidLoginUrl = invalidLoginUrl;
325     }
326
327     public String getLoginUrl()
328     {
329         return loginUrl;
330     }
331
332     public void setLoginUrl(String loginUrl)
333     {
334         this.loginUrl = loginUrl;
335     }
336
337     public String getLogoutUrl()
338     {
339         return logoutUrl;
340     }
341
342     public void setLogoutUrl(String logoutUrl)
343     {
344         this.logoutUrl = logoutUrl;
345     }
346
347     public String getSuccessLoginUrl()
348     {
349         return successLoginUrl;
350     }
351     
352     public void setSuccessLoginUrl(String successLoginUrl)
353     {
354         this.successLoginUrl = successLoginUrl;
355     }
356
357     public String getServerName()
358     {
359         return this.serverName;
360     }
361
362     public void setServerName(String serverName)
363     {
364         this.serverName = serverName;
365     }
366
367     public Properties getExtraProperties()
368     {
369         return extraProperties;
370     }
371
372     public void setExtraProperties(Properties extraProperties)
373     {
374         this.extraProperties = extraProperties;
375     }
376     
377     public String getCasRenew()
378     {
379         return casRenew;
380     }
381
382     public void setCasRenew(String casRenew)
383     {
384         this.casRenew = casRenew;
385     }
386
387     public String getCasServiceUrl()
388     {
389         return casServiceUrl;
390     }
391
392     public void setCasServiceUrl(String casServiceUrl)
393     {
394         this.casServiceUrl = casServiceUrl;
395     }
396
397     public String getCasValidateUrl()
398     {
399         return casValidateUrl;
400     }
401
402     public void setCasValidateUrl(String casValidateUrl)
403     {
404         this.casValidateUrl = casValidateUrl;
405     }
406
407     public String getCasAuthorizedProxy()
408     {
409         return casAuthorizedProxy;
410     }
411
412     public void setCasAuthorizedProxy(String casAuthorizedProxy)
413     {
414         this.casAuthorizedProxy = casAuthorizedProxy;
415     }
416
417     public Object getTransactionObject()
418     {
419         return this.transactionObject;
420     }
421
422     public void setTransactionObject(Object transactionObject)
423     {
424         this.transactionObject = (Database)transactionObject;
425     }
426
427
428     public String getCasLogoutUrl() {
429         return casLogoutUrl;
430     }
431
432
433     public void setCasLogoutUrl(String casLogoutUrl) {
434         this.casLogoutUrl = casLogoutUrl;
435     }
436
437     
438 }
439

A to Z: JavaDoc & Examples

---

Daily Java News & Articles

---

Open Source Projects

---

Open Source Codes

---

Free Computer Books

---

Remove Frame

---

Popular Tags