Java > Open Source Codes > org > infoglue > cms > security > InfoGlueJ2EEAuthenticationModule


1 /* ===============================================================================
2  *
3  * Part of the InfoGlue Content Management Platform (www.infoglue.org)
4  *
5  * ===============================================================================
6  *
7  * Copyright (C)
8  *
9  * This program is free software; you can redistribute it and/or modify it under
10  * the terms of the GNU General Public License version 2, as published by the
11  * Free Software Foundation. See the file LICENSE.html for more information.
12  *
13  * This program is distributed in the hope that it will be useful, but WITHOUT
14  * ANY WARRANTY, including the implied warranty of MERCHANTABILITY or FITNESS
15  * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
16  *
17  * You should have received a copy of the GNU General Public License along with
18  * this program; if not, write to the Free Software Foundation, Inc. / 59 Temple
19  * Place, Suite 330 / Boston, MA 02111-1307 / USA.
20  *
21  * ===============================================================================
22  */
23
24 package org.infoglue.cms.security;
25
26 import java.net.URLEncoder ;
27 import java.security.Principal ;
28 import java.util.HashMap ;
29 import java.util.Map ;
30 import java.util.Properties ;
31
32 import javax.servlet.FilterChain ;
33 import javax.servlet.ServletException ;
34 import javax.servlet.http.HttpServletRequest ;
35 import javax.servlet.http.HttpServletResponse ;
36 import javax.servlet.http.HttpSession ;
37
38 import org.apache.log4j.Logger;
39 import org.exolab.castor.jdo.Database;
40 import org.infoglue.cms.controllers.kernel.impl.simple.SystemUserController;
41 import org.infoglue.cms.controllers.kernel.impl.simple.UserControllerProxy;
42 import org.infoglue.cms.exception.SystemException;
43 import org.infoglue.cms.util.CmsPropertyHandler;
44
45 /**
46  * @author Mattias Bogeblad
47  *
48  * This authentication module authenticates an user against the ordinary infoglue database.
49  */
50
51 public class InfoGlueJ2EEAuthenticationModule extends AuthenticationModule
52 {
53     private final static Logger logger = Logger.getLogger(InfoGlueJ2EEAuthenticationModule.class.getName());
54
55     private String loginUrl = null;
56     private String logoutUrl = null;
57     private String invalidLoginUrl = null;
58     private String successLoginUrl = null;
59     private String authenticatorClass = null;
60     private String authorizerClass = null;
61     private String serverName = null;
62     private String casServiceUrl = null;
63     private String casRenew = null;
64     private String casValidateUrl = null;
65     private String casLogoutUrl = null;
66     private String casAuthorizedProxy = null;
67     private Properties extraProperties = null;
68     private transient Database transactionObject = null;
69     
70     /**
71      * This method handles all of the logic for checking how to handle a login.
72      */
73     
74     public String authenticateUser(HttpServletRequest request, HttpServletResponse response, FilterChain fc) throws Exception
75     {
76         String authenticatedUserName = null;
77
78         if(request.getUserPrincipal() != null)
79         {
80             logger.info("The container had the user logged in:" + request.getUserPrincipal());
81             return request.getUserPrincipal().getName();
82         }
83         else
84             logger.info("No container user logged in:" + request.getUserPrincipal());
85         
86         HttpSession session = ((HttpServletRequest )request).getSession();
87
88         //otherwise, we need to authenticate somehow
89 String userName = request.getParameter("j_username");
90         String password = request.getParameter("j_password");
91
92         // no userName? abort request processing and redirect
93 if (userName == null || userName.equals(""))
94         {
95             if (loginUrl == null)
96             {
97                 throw new ServletException (
98                         "When InfoGlueFilter protects pages that do not receive a 'userName' " +
99                         "parameter, it needs a org.infoglue.cms.security.loginUrl " +
100                         "filter parameter");
101             }
102   
103             String requestURI = request.getRequestURI();
104             
105             String requestQueryString = request.getQueryString();
106             if(requestQueryString != null)
107                 requestQueryString = "?" + requestQueryString;
108             else
109                 requestQueryString = "";
110             
111             logger.info("requestQueryString:" + requestQueryString);
112
113             String redirectUrl = "";
114                 
115             if(requestURI.indexOf("?") > 0)
116                 redirectUrl = request.getContextPath() + (loginUrl.indexOf("/") == 0 ? "" : "/") + loginUrl + "&referringUrl=" + URLEncoder.encode(requestURI + requestQueryString, "UTF-8");
117             else
118                 redirectUrl = request.getContextPath() + (loginUrl.indexOf("/") == 0 ? "" : "/") + loginUrl + "?referringUrl=" + URLEncoder.encode(requestURI + requestQueryString, "UTF-8");
119     
120             logger.info("Directing user to [" + request.getContextPath() + (loginUrl.indexOf("/") == 0 ? "" : "/") + loginUrl + "]");
121
122             logger.info("redirectUrl:" + redirectUrl);
123             response.sendRedirect(redirectUrl);
124
125             return null;
126         }
127         
128         boolean isAuthenticated = authenticate(userName, password, new HashMap ());
129         logger.info("authenticated:" + isAuthenticated);
130         authenticatedUserName = userName;
131         
132         if(!isAuthenticated)
133         {
134             String referringUrl = request.getRequestURI();
135             if(request.getParameter("referringUrl") != null)
136                 referringUrl = request.getParameter("referringUrl");
137         
138             String requestQueryString = request.getQueryString();
139             if(requestQueryString != null)
140                 requestQueryString = "?" + requestQueryString;
141             else
142                 requestQueryString = "";
143             
144             logger.info("requestQueryString:" + requestQueryString);
145
146             String redirectUrl = "";
147
148             if(referringUrl.indexOf("?") > 0)
149                 redirectUrl = invalidLoginUrl + "?userName=" + URLEncoder.encode(userName, "UTF-8") + "&errorMessage=" + URLEncoder.encode("Invalid login - please try again..", "UTF-8") + "&referringUrl=" + URLEncoder.encode(referringUrl + requestQueryString, "UTF-8");
150             else
151                 redirectUrl = invalidLoginUrl + "?userName=" + URLEncoder.encode(userName, "UTF-8") + "?errorMessage=" + URLEncoder.encode("Invalid login - please try again..", "UTF-8") + "&referringUrl=" + URLEncoder.encode(referringUrl + requestQueryString, "UTF-8");
152             
153             //String redirectUrl = invalidLoginUrl + "?userName=" + URLEncoder.encode(userName, "UTF-8") + "&errorMessage=" + URLEncoder.encode("Invalid login - please try again..", "UTF-8") + "&referringUrl=" + URLEncoder.encode(referringUrl + requestQueryString, "UTF-8");
154 logger.info("redirectUrl:" + redirectUrl);
155             response.sendRedirect(redirectUrl);
156             return null;
157         }
158
159         //fc.doFilter(request, response);
160 return authenticatedUserName;
161     }
162     
163     
164     /**
165      * This method handles all of the logic for checking how to handle a login.
166      */
167     
168     public String authenticateUser(Map request) throws Exception
169     {
170         String authenticatedUserName = null;
171
172         //otherwise, we need to authenticate somehow
173 String userName = (String )request.get("j_username");
174         String password = (String )request.get("j_password");
175
176         logger.info("authenticateUser:userName:" + userName);
177         
178         // no userName? abort request processing and redirect
179 if (userName == null || userName.equals(""))
180         {
181             return null;
182         }
183         
184         boolean isAuthenticated = authenticate(userName, password, new HashMap ());
185         logger.info("authenticated:" + isAuthenticated);
186         
187         if(!isAuthenticated)
188         {
189             return null;
190         }
191
192         authenticatedUserName = userName;
193         
194         return authenticatedUserName;
195     }
196     
197     /**
198      * This method handles all of the logic for checking how to handle a login.
199      */
200     
201     public String getLoginDialogUrl(HttpServletRequest request, HttpServletResponse response) throws Exception
202     {
203         String returnAddress = null;
204
205         String referer = request.getHeader("Referer");
206         
207         if(referer == null || referer.indexOf("ViewStructureToolToolBar.action") != -1)
208             referer = "/";
209
210         logger.info("successLoginUrl:" + successLoginUrl);
211         if(successLoginUrl != null)
212         {
213             returnAddress = successLoginUrl;
214         }
215         else
216         {
217             returnAddress = request.getRequestURL().toString() + "?" + request.getQueryString() + "&referer=" + URLEncoder.encode(referer, "UTF-8") + "&date=" + System.currentTimeMillis();
218         }
219         
220         logger.info("returnAddress:" + returnAddress);
221         logger.info("Directing user to [" + request.getContextPath() + (loginUrl.indexOf("/") == 0 ? "" : "/") + loginUrl + "]");
222         
223         return request.getContextPath() + (loginUrl.indexOf("/") == 0 ? "" : "/") + loginUrl + "?returnAddress=" + URLEncoder.encode(returnAddress, "UTF-8");
224     }
225     
226     /**
227      * This method authenticates against the infoglue extranet user database.
228      */
229     
230     private boolean authenticate(String userName, String password, Map parameters) throws Exception
231     {
232         boolean isAuthenticated = false;
233         
234         String administratorUserName = CmsPropertyHandler.getAdministratorUserName();
235         String administratorPassword = CmsPropertyHandler.getAdministratorPassword();
236         //logger.info("administratorUserName:" + administratorUserName);
237 //logger.info("administratorPassword:" + administratorPassword);
238 //logger.info("userName:" + userName);
239 //logger.info("password:" + password);
240 boolean isAdministrator = (userName.equalsIgnoreCase(administratorUserName) && password.equalsIgnoreCase(administratorPassword)) ? true : false;
241         
242         if(this.transactionObject != null)
243         {
244             if(isAdministrator || SystemUserController.getController().getSystemUserVO(this.transactionObject, userName, password) != null)
245                 isAuthenticated = true;
246         }
247         else
248         {
249             if(isAdministrator || SystemUserController.getController().getSystemUserVO(userName, password) != null)
250                 isAuthenticated = true;
251         }
252
253         return isAuthenticated;
254     }
255
256     public Principal loginUser(HttpServletRequest request, HttpServletResponse response, Map status) throws Exception
257     {
258         Principal principal = null;
259
260         if(request.getUserPrincipal() != null)
261         {
262             String authenticatedUserName = request.getUserPrincipal().getName();
263             if(authenticatedUserName != null)
264             {
265                 principal = UserControllerProxy.getController().getUser(authenticatedUserName);
266                 if(principal == null)
267                     throw new SystemException("The J2EE-authenticated user " + authenticatedUserName + " was not located in the authorization system's user database.");
268             }
269         }
270
271         return principal;
272     }
273
274     public boolean logoutUser(HttpServletRequest request, HttpServletResponse response) throws Exception
275     {
276         return false;
277     }
278
279
280     public String getAuthenticatorClass()
281     {
282         return authenticatorClass;
283     }
284
285     public void setAuthenticatorClass(String authenticatorClass)
286     {
287         this.authenticatorClass = authenticatorClass;
288     }
289
290     public String getAuthorizerClass()
291     {
292         return authorizerClass;
293     }
294
295     public void setAuthorizerClass(String authorizerClass)
296     {
297         this.authorizerClass = authorizerClass;
298     }
299
300     public String getInvalidLoginUrl()
301     {
302         return invalidLoginUrl;
303     }
304
305     public void setInvalidLoginUrl(String invalidLoginUrl)
306     {
307         this.invalidLoginUrl = invalidLoginUrl;
308     }
309
310     public String getLoginUrl()
311     {
312         return loginUrl;
313     }
314
315     public void setLoginUrl(String loginUrl)
316     {
317         this.loginUrl = loginUrl;
318     }
319
320     public String getLogoutUrl()
321     {
322         return logoutUrl;
323     }
324
325     public void setLogoutUrl(String logoutUrl)
326     {
327         this.logoutUrl = logoutUrl;
328     }
329
330     public String getSuccessLoginUrl()
331     {
332         return successLoginUrl;
333     }
334     
335     public void setSuccessLoginUrl(String successLoginUrl)
336     {
337         this.successLoginUrl = successLoginUrl;
338     }
339
340     public String getServerName()
341     {
342         return this.serverName;
343     }
344
345     public void setServerName(String serverName)
346     {
347         this.serverName = serverName;
348     }
349
350     public Properties getExtraProperties()
351     {
352         return extraProperties;
353     }
354
355     public void setExtraProperties(Properties extraProperties)
356     {
357         this.extraProperties = extraProperties;
358     }
359     
360     public String getCasRenew()
361     {
362         return casRenew;
363     }
364
365     public void setCasRenew(String casRenew)
366     {
367         this.casRenew = casRenew;
368     }
369
370     public String getCasServiceUrl()
371     {
372         return casServiceUrl;
373     }
374
375     public void setCasServiceUrl(String casServiceUrl)
376     {
377         this.casServiceUrl = casServiceUrl;
378     }
379
380     public String getCasValidateUrl()
381     {
382         return casValidateUrl;
383     }
384
385     public void setCasValidateUrl(String casValidateUrl)
386     {
387         this.casValidateUrl = casValidateUrl;
388     }
389
390     public String getCasAuthorizedProxy()
391     {
392         return casAuthorizedProxy;
393     }
394
395     public void setCasAuthorizedProxy(String casAuthorizedProxy)
396     {
397         this.casAuthorizedProxy = casAuthorizedProxy;
398     }
399
400     public Object getTransactionObject()
401     {
402         return this.transactionObject;
403     }
404
405     public void setTransactionObject(Object transactionObject)
406     {
407         this.transactionObject = (Database)transactionObject;
408     }
409
410
411     public String getCasLogoutUrl() {
412         return casLogoutUrl;
413     }
414
415
416     public void setCasLogoutUrl(String casLogoutUrl) {
417         this.casLogoutUrl = casLogoutUrl;
418     }
419
420     
421 }
422

A to Z: JavaDoc & Examples

---

Daily Java News & Articles

---

Open Source Projects

---

Open Source Codes

---

Free Computer Books

---

Remove Frame

---

Popular Tags