1 22 package org.jboss.web.tomcat.security; 23 24 import java.io.IOException ; 25 26 import javax.servlet.http.HttpSession ; 27 28 import org.apache.catalina.Session; 29 import org.apache.catalina.authenticator.Constants; 30 import org.apache.catalina.authenticator.FormAuthenticator; 31 import org.apache.catalina.connector.Request; 32 import org.apache.catalina.connector.Response; 33 import org.apache.catalina.deploy.LoginConfig; 34 35 import org.jboss.logging.Logger; 36 37 48 public class ExtendedFormAuthenticator extends FormAuthenticator 49 { 50 public static final String LOGIN_EXCEPTION = "j_exception"; 51 public static final String DID_POPULATE = "did_populate"; 52 private static Logger log = Logger.getLogger(ExtendedFormAuthenticator.class); 53 private static boolean trace = log.isTraceEnabled(); 54 private boolean includePassword; 55 56 public boolean isIncludePassword() 57 { 58 return includePassword; 59 } 60 public void setIncludePassword(boolean includePassword) 61 { 62 this.includePassword = includePassword; 63 } 64 65 78 public boolean authenticate(Request request, 79 Response response, 80 LoginConfig config) 81 throws IOException { 82 83 boolean didPopulate = false; 84 85 boolean alreadyAuthenticated = super.authenticate(request, response, config); 87 88 Session session = request.getSessionInternal(false); 89 if(session != null) 90 { 91 Boolean b = (Boolean )session.getNote(DID_POPULATE); 93 if(b!=null) 94 didPopulate = b.booleanValue(); 95 } 96 97 if(!alreadyAuthenticated && !didPopulate) 99 { 100 populateSession(request); 101 } 102 103 session.removeNote(DID_POPULATE); 105 106 return alreadyAuthenticated; 108 } 109 110 111 119 protected void forwardToErrorPage(Request request, Response response, LoginConfig config) 120 { 121 if( trace ) 122 log.trace("forwardToErrorPage"); 123 populateSession(request); 124 super.forwardToErrorPage(request, response, config); 125 SecurityAssociationActions.clearAuthException(); 126 } 127 128 136 protected void forwardToLoginPage(Request request, Response response, LoginConfig config) 137 { 138 if( trace ) 139 log.trace("forwardToLoginPage"); 140 populateSession(request); 141 super.forwardToLoginPage(request, response, config); 142 } 143 144 151 protected void populateSession(Request request) 152 { 153 Session session = request.getSessionInternal(false); 154 155 if(session != null) 157 { 158 HttpSession httpSession = session.getSession(); 159 160 if(trace) 161 log.trace("SessionID: " + httpSession.getId()); 162 163 String username = request.getParameter(Constants.FORM_USERNAME); 165 if(trace) 166 log.trace("Setting " + Constants.FORM_USERNAME + " = " + username); 167 httpSession.setAttribute(Constants.FORM_USERNAME, username); 168 169 if(includePassword) 171 { 172 String password = request.getParameter(Constants.FORM_PASSWORD); 173 String displayPassword = (password==null?" = null":" = --hidden--"); 174 if(trace) 175 log.trace("Setting " + Constants.FORM_PASSWORD + displayPassword); 176 httpSession.setAttribute(Constants.FORM_PASSWORD, password); 177 } 178 179 Throwable t = SecurityAssociationActions.getAuthException(); 181 if(trace) 182 log.trace("Setting " + LOGIN_EXCEPTION + " = " + t); 183 httpSession.setAttribute(LOGIN_EXCEPTION, t); 184 185 session.setNote(DID_POPULATE, Boolean.TRUE); 187 } 188 else 189 { 190 if(trace) 191 log.trace("No Session to store login parameters in"); 192 } 193 } 194 195 } 196 | Popular Tags |