KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > javabb > interceptor > VerifyCookieInterceptor


1 package org.javabb.interceptor;
2
3 import java.util.Map JavaDoc;
4
5 import javax.servlet.http.Cookie JavaDoc;
6 import javax.servlet.http.HttpServletRequest JavaDoc;
7 import javax.servlet.http.HttpServletResponse JavaDoc;
8
9 import org.javabb.infra.UserContext;
10 import org.javabb.infra.Utils;
11 import org.javabb.transaction.UserTransaction;
12 import org.javabb.vo.User;
13
14 import com.opensymphony.webwork.ServletActionContext;
15 import com.opensymphony.xwork.ActionContext;
16 import com.opensymphony.xwork.ActionInvocation;
17 import com.opensymphony.xwork.interceptor.AroundInterceptor;
18
19 /*
20  * Copyright 2004 JavaFree.org
21  *
22  * Licensed under the Apache License, Version 2.0 (the "License");
23  * you may not use this file except in compliance with the License.
24  * You may obtain a copy of the License at
25  *
26  * http://www.apache.org/licenses/LICENSE-2.0
27  *
28  * Unless required by applicable law or agreed to in writing, software
29  * distributed under the License is distributed on an "AS IS" BASIS,
30  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
31  * See the License for the specific language governing permissions and
32  * limitations under the License.
33  */
34
35 /**
36  * $Id: VerifyCookieInterceptor.java,v 1.17.2.3.2.3.2.4 2006/08/02 04:07:34 daltoncamargo Exp $
37  * @author Dalton Camargo - <a HREF="mailto:dalton@javabb.org">dalton@javabb.org </a> <br>
38  * @author Ronald Tetsuo Miura
39  */
40 public class VerifyCookieInterceptor extends AroundInterceptor {
41
42     private static final String JavaDoc AUTOMATIC_LOGIN_COOKIE = "automatic_cookie_login";
43     private UserTransaction userTransaction;
44
45     /**
46      * @param userTransaction the new userTransaction value
47      */
48     public void setUserTransaction(UserTransaction userTransaction) {
49         this.userTransaction = userTransaction;
50     }
51
52     /**
53      * @param invocation
54      * @param result
55      * @throws Exception
56      * @see com.opensymphony.xwork.interceptor.AroundInterceptor#after(com.opensymphony.xwork.ActionInvocation,
57      * java.lang.String)
58      */
59     protected void after(ActionInvocation invocation, String JavaDoc result) throws Exception JavaDoc {
60
61     }
62
63     /**
64      * @param invocation
65      * @throws Exception
66      * @see com.opensymphony.xwork.interceptor.AroundInterceptor#before(com.opensymphony.xwork.ActionInvocation)
67      */
68     protected void before(ActionInvocation invocation) throws Exception JavaDoc {
69         try {
70             ActionContext ctx = ActionContext.getContext();
71             Map JavaDoc session = ctx.getSession();
72             User user = UserContext.getContext().getUser();
73             String JavaDoc removeCookie = (String JavaDoc) session.get("jbbRemoveCookie");
74
75             if ((removeCookie != null) && "1".equalsIgnoreCase(removeCookie)) {
76                 removeCookie();
77             } else {
78                 User userCookie = getCookie();
79
80                 if ((userCookie != null) && (userCookie.getUserCode() != null)) {
81                     String JavaDoc idSession = Utils.randomNumber();
82                     
83                     if((user != null) && (user.getIdUser() != null && user.getUserCode() != null)){
84 // userTransaction.verifyUserCode(user.getIdUser(), user.getUserCode());
85 //Trying to crack
86 if(!userCookie.getUserCode().equals(user.getUserCode())){
87                             UserContext.getContext().deauthenticate();
88                             return;
89                         }
90                         
91                         userCookie = UserContext.getContext().getUser();
92                     } else {
93                         userCookie = userTransaction.verifyUserCode(userCookie.getId(), userCookie.getUserCode());
94                         
95                         //Setting the last date visit of this user!
96 userTransaction.updateVisitTimestamp();
97
98                         log.debug("Updating last visit of user " + userCookie.getUser());
99                         log.debug(userCookie.getUser() + "`s IP is " + ServletActionContext.getRequest().getRemoteAddr());
100                     }
101
102                     if(userCookie != null){
103                         addCookie(userCookie);
104                     }
105                     ctx.getSession().put("jbbguest", idSession);
106
107
108                 } else if ((user != null) && (user.getUserCode() != null)) {
109                     user = userTransaction.verifyUserCode(user.getIdUser(), user.getUserCode());
110                     addCookie(user);
111                 }
112             }
113         } catch (Exception JavaDoc e) {
114             removeCookie();
115         }
116     }
117
118     /**
119      * @param u
120      */
121     public void addCookie(User u) {
122         HttpServletResponse JavaDoc r = ServletActionContext.getResponse();
123
124         // String domain = JbbConfig.getForumConfig().getDomain();
125 Cookie JavaDoc cookieCode = new Cookie JavaDoc(AUTOMATIC_LOGIN_COOKIE, u.getId() + "|" + u.getUserCode());
126         cookieCode.setMaxAge(2243200);
127
128         // cookie1.setDomain(domain);
129 r.addCookie(cookieCode);
130         r.setContentType("text/html");
131     }
132
133     /**
134      * @return User bind with cookie
135      */
136     public User getCookie() {
137         HttpServletRequest JavaDoc a = ServletActionContext.getRequest();
138         User u = null;
139         Cookie JavaDoc[] c = a.getCookies();
140         Cookie JavaDoc cAt = null;
141
142         for (int i = 0; (c != null) && (i < c.length); i++) {
143             cAt = c[i];
144             if (AUTOMATIC_LOGIN_COOKIE.equals(cAt.getName())) {
145                 String JavaDoc value = cAt.getValue();
146                 String JavaDoc userId = value.substring(0, value.indexOf('|'));
147                 String JavaDoc userCode = value.substring(value.indexOf('|') + 1);
148                 if (userCode != null) {
149                     u = new User();
150                     u.setId(new Long JavaDoc(userId));
151                     u.setUserCode(userCode);
152                 }
153             }
154         }
155         return u;
156     }
157
158     /**
159      *
160      */
161     public void removeCookie() {
162         HttpServletResponse JavaDoc r = ServletActionContext.getResponse();
163         Cookie JavaDoc cookie1 = new Cookie JavaDoc(AUTOMATIC_LOGIN_COOKIE, null);
164         cookie1.setMaxAge(0); // One month
165
166         // cookie1.setDomain(domain);
167 r.addCookie(cookie1);
168         r.setContentType("text/html");
169     }
170 }
Popular Tags