VerifyCookieInterceptor


1   package org.javabb.interceptor;
2   
3   import java.util.Map  ;
4   
5   import javax.servlet.http.Cookie  ;
6   import javax.servlet.http.HttpServletRequest  ;
7   import javax.servlet.http.HttpServletResponse  ;
8   
9   import org.javabb.infra.UserContext;
10  import org.javabb.infra.Utils;
11  import org.javabb.transaction.UserTransaction;
12  import org.javabb.vo.User;
13  
14  import com.opensymphony.webwork.ServletActionContext;
15  import com.opensymphony.xwork.ActionContext;
16  import com.opensymphony.xwork.ActionInvocation;
17  import com.opensymphony.xwork.interceptor.AroundInterceptor;
18  
19  /*
20   * Copyright 2004 JavaFree.org
21   *
22   * Licensed under the Apache License, Version 2.0 (the "License");
23   * you may not use this file except in compliance with the License.
24   * You may obtain a copy of the License at
25   *
26   *     http://www.apache.org/licenses/LICENSE-2.0
27   *
28   * Unless required by applicable law or agreed to in writing, software
29   * distributed under the License is distributed on an "AS IS" BASIS,
30   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
31   * See the License for the specific language governing permissions and
32   * limitations under the License.
33   */
34  
35  /**
36   * $Id: VerifyCookieInterceptor.java,v 1.17.2.3.2.3.2.4 2006/08/02 04:07:34 daltoncamargo Exp $
37   * @author Dalton Camargo - <a HREF="mailto:dalton@javabb.org">dalton@javabb.org </a> <br>
38   * @author Ronald Tetsuo Miura
39   */
40  public class VerifyCookieInterceptor extends AroundInterceptor {
41  
42      private static final String   AUTOMATIC_LOGIN_COOKIE = "automatic_cookie_login";
43      private UserTransaction userTransaction;
44  
45      /**
46       * @param userTransaction the new userTransaction value
47       */
48      public void setUserTransaction(UserTransaction userTransaction) {
49          this.userTransaction = userTransaction;
50      }
51  
52      /**
53       * @param invocation
54       * @param result
55       * @throws Exception
56       * @see com.opensymphony.xwork.interceptor.AroundInterceptor#after(com.opensymphony.xwork.ActionInvocation,
57       *      java.lang.String)
58       */
59      protected void after(ActionInvocation invocation, String   result) throws Exception   {
60  
61      }
62  
63      /**
64       * @param invocation
65       * @throws Exception
66       * @see com.opensymphony.xwork.interceptor.AroundInterceptor#before(com.opensymphony.xwork.ActionInvocation)
67       */
68      protected void before(ActionInvocation invocation) throws Exception   {
69          try {
70              ActionContext ctx = ActionContext.getContext();
71              Map   session = ctx.getSession();
72              User user = UserContext.getContext().getUser();
73              String   removeCookie = (String  ) session.get("jbbRemoveCookie");
74  
75              if ((removeCookie != null) && "1".equalsIgnoreCase(removeCookie)) {
76                  removeCookie();
77              } else {
78                  User userCookie = getCookie();
79  
80                  if ((userCookie != null) && (userCookie.getUserCode() != null)) {
81                      String   idSession = Utils.randomNumber();
82                      
83                      if((user != null) && (user.getIdUser() != null && user.getUserCode() != null)){
84  //                  userTransaction.verifyUserCode(user.getIdUser(), user.getUserCode());
85                          //Trying to crack
86                          if(!userCookie.getUserCode().equals(user.getUserCode())){
87                              UserContext.getContext().deauthenticate();
88                              return;
89                          }
90                          
91                          userCookie = UserContext.getContext().getUser(); 
92                      } else {
93                          userCookie = userTransaction.verifyUserCode(userCookie.getId(), userCookie.getUserCode());
94                          
95                          //Setting the last date visit of this user!
96                          userTransaction.updateVisitTimestamp();
97  
98                          log.debug("Updating last visit of user " + userCookie.getUser());
99                          log.debug(userCookie.getUser() + "`s IP is " + ServletActionContext.getRequest().getRemoteAddr());
100                     }
101 
102                     if(userCookie != null){
103                         addCookie(userCookie);
104                     }
105                     ctx.getSession().put("jbbguest", idSession);
106 
107 
108                 } else if ((user != null) && (user.getUserCode() != null)) {
109                     user = userTransaction.verifyUserCode(user.getIdUser(), user.getUserCode());
110                     addCookie(user);
111                 }
112             }
113         } catch (Exception   e) {
114             removeCookie();
115         }
116     }
117 
118     /**
119      * @param u
120      */
121     public void addCookie(User u) {
122         HttpServletResponse   r = ServletActionContext.getResponse();
123 
124         // String domain = JbbConfig.getForumConfig().getDomain();
125         Cookie   cookieCode = new Cookie  (AUTOMATIC_LOGIN_COOKIE, u.getId() + "|" + u.getUserCode());
126         cookieCode.setMaxAge(2243200);
127 
128         // cookie1.setDomain(domain);
129         r.addCookie(cookieCode);
130         r.setContentType("text/html");
131     }
132 
133     /**
134      * @return User bind with cookie
135      */
136     public User getCookie() {
137         HttpServletRequest   a = ServletActionContext.getRequest();
138         User u = null;
139         Cookie  [] c = a.getCookies();
140         Cookie   cAt = null;
141 
142         for (int i = 0; (c != null) && (i < c.length); i++) {
143             cAt = c[i];
144             if (AUTOMATIC_LOGIN_COOKIE.equals(cAt.getName())) {
145                 String   value = cAt.getValue();
146                 String   userId = value.substring(0, value.indexOf('|'));
147                 String   userCode = value.substring(value.indexOf('|') + 1);
148                 if (userCode != null) {
149                     u = new User();
150                     u.setId(new Long  (userId));
151                     u.setUserCode(userCode);
152                 }
153             }
154         }
155         return u;
156     }
157 
158     /**
159      *
160      */
161     public void removeCookie() {
162         HttpServletResponse   r = ServletActionContext.getResponse();
163         Cookie   cookie1 = new Cookie  (AUTOMATIC_LOGIN_COOKIE, null);
164         cookie1.setMaxAge(0); // One month
165 
166         // cookie1.setDomain(domain);
167         r.addCookie(cookie1);
168         r.setContentType("text/html");
169     }
170 }
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Free Books Free Magazines
Popular Tags