1 7 package org.jboss.web.tomcat.security; 8 9 import java.io.IOException ; 10 import java.security.Principal ; 11 import java.util.StringTokenizer ; 12 13 import javax.management.JMException ; 14 import javax.management.ObjectName ; 15 import javax.servlet.http.Cookie ; 16 17 import org.apache.catalina.Realm; 18 import org.apache.catalina.Session; 19 import org.apache.catalina.authenticator.Constants; 20 import org.apache.catalina.connector.Request; 21 import org.apache.catalina.connector.Response; 22 import org.apache.catalina.deploy.LoginConfig; 23 import org.jboss.logging.Logger; 24 25 37 public class GenericHeaderAuthenticator extends ExtendedFormAuthenticator 38 { 39 protected static Logger log = Logger.getLogger(GenericHeaderAuthenticator.class); 40 protected boolean trace = log.isTraceEnabled(); 41 42 public GenericHeaderAuthenticator() 43 { 44 super(); 45 } 46 47 public boolean authenticate(Request request, 48 Response response, LoginConfig config) 49 throws IOException 50 { 51 log.trace("Authenticating user"); 52 53 Principal principal = request.getUserPrincipal(); 54 if (principal != null) 55 { 56 if (trace) 57 log.trace("Already authenticated '" + principal.getName() + "'"); 58 return true; 59 } 60 61 Realm realm = context.getRealm(); 62 Session session = request.getSessionInternal(true); 63 64 String username = getUserId(request); 65 String password = getSessionCookie(request); 66 67 if(username == null || password == null ) 69 { 70 log.trace("Username is null or password(sessionkey) is null:fallback to form auth"); 71 return super.authenticate(request, response, config); 72 } 73 principal = realm.authenticate(username,password); 74 75 if (principal == null) 76 { 77 forwardToErrorPage(request, response, config); 78 return false; 79 } 80 81 session.setNote(Constants.SESS_USERNAME_NOTE, username); 82 session.setNote(Constants.SESS_PASSWORD_NOTE, password); 83 request.setUserPrincipal(principal); 84 85 register(request, response, principal, Constants.FORM_METHOD, username, password); 86 return true; 87 } 88 89 94 protected String getUserId(Request request) 95 { 96 String ssoid = null; 97 String ids = ""; 99 try 100 { 101 ids = this.getIdentityHeaderId(); 102 } 103 catch (JMException e) 104 { 105 if(trace) 106 log.trace("getUserId exception", e); 107 } 108 StringTokenizer st = new StringTokenizer (ids,","); 109 while(st.hasMoreTokens()) 110 { 111 ssoid = request.getHeader(st.nextToken()); 112 if(ssoid != null) 113 break; 114 } 115 if(trace) 116 log.trace("SSOID-" + ssoid); 117 return ssoid; 118 } 119 120 125 protected String getSessionCookie(Request request) 126 { 127 Cookie [] cookies = request.getCookies(); 128 log.trace("Cookies:"+cookies); 129 int numCookies = cookies != null ? cookies.length : 0; 130 131 String ids = ""; 133 try 134 { 135 ids = this.getSessionCookieId(); 136 log.trace("Session Cookie Ids="+ids); 137 } 138 catch (JMException e) 139 { 140 if(trace) 141 log.trace("checkSessionCookie exception", e); 142 } 143 StringTokenizer st = new StringTokenizer (ids,","); 144 while(st.hasMoreTokens()) 145 { 146 String cookieToken = st.nextToken(); 147 String val = getCookieValue(cookies, numCookies, cookieToken); 148 if(val != null) 149 return val; 150 } 151 if(trace) 152 log.trace("Session Cookie not found"); 153 return null; 154 } 155 156 162 protected String getIdentityHeaderId() throws JMException 163 { 164 return (String )mserver.getAttribute(new ObjectName ("jboss.web:service=WebServer"), 165 "HttpHeaderForSSOAuth"); 166 } 167 168 173 protected String getSessionCookieId() throws JMException 174 { 175 return (String )mserver.getAttribute(new ObjectName ("jboss.web:service=WebServer"), 176 "SessionCookieForSSOAuth"); 177 } 178 179 186 protected String getCookieValue(Cookie [] cookies, int numCookies, 187 String token) 188 { 189 for(int i = 0; i < numCookies; i++) 190 { 191 Cookie cookie = cookies[i]; 192 log.trace("Matching cookieToken:"+token+" with cookie name=" 193 + cookie.getName()); 194 if(token.equals(cookie.getName())) 195 { 196 if(trace) 197 log.trace("Cookie-" + token + " value=" + cookie.getValue()); 198 return cookie.getValue(); 199 } 200 } 201 return null; 202 } 203 } 204 | Popular Tags |