KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > roller > presentation > LoginServlet


1 package org.roller.presentation;
2
3 import org.apache.commons.logging.Log;
4 import org.apache.commons.logging.LogFactory;
5 import org.roller.presentation.util.SslUtil;
6 import org.roller.util.Utilities;
7
8 import java.io.IOException JavaDoc;
9
10 import javax.servlet.ServletContext JavaDoc;
11 import javax.servlet.ServletException JavaDoc;
12 import javax.servlet.http.HttpServlet JavaDoc;
13 import javax.servlet.http.HttpServletRequest JavaDoc;
14 import javax.servlet.http.HttpServletResponse JavaDoc;
15 import org.roller.config.RollerConfig;
16
17
18
19 /**
20  * Implementation of <strong>HttpServlet</strong> that is used
21  * to get a username and password and mEncrypt the password
22  * before sending to container-managed authentication.
23  *
24  * <p><a HREF="LoginServlet.java.htm"><i>View Source</i></a></p>
25  *
26  * @author <a HREF="mailto:matt@raibledesigns.com">Matt Raible</a>
27  * @version $Revision: 1.19 $ $Date: 2005/06/07 18:30:18 $
28  *
29  * @web.servlet
30  * display-name="Login Servlet"
31  * load-on-startup="3"
32  * name="login"
33  *
34  * @web.servlet-init-param
35  * name="authURL"
36  * value="/j_security_check"
37  *
38  * @web.servlet-mapping
39  * url-pattern="/auth/*"
40  */
41 public class LoginServlet extends HttpServlet JavaDoc
42 {
43     static final long serialVersionUID = 8054268881470797053L;
44     
45     protected static String JavaDoc mAuthURL = "/j_security_check";
46     protected static String JavaDoc mAlgorithm = "SHA";
47     protected static Boolean JavaDoc mEncrypt = Boolean.FALSE;
48     
49     private boolean secureLogin = false;
50     private String JavaDoc loginHttpsPort = SslUtil.STD_HTTPS_PORT;
51     
52     //=========================================================================
53 // Private Member Variables
54 //=========================================================================
55 private static Log mLogger = LogFactory.getLog(LoginServlet.class);
56
57     // --------------------------------------------------------- Public Methods
58
59     /**
60      * Validates the Init and Context parameters, configures authentication URL
61      *
62      * @throws ServletException if the init parameters are invalid or any
63      * other problems occur during initialisation
64      */
65     public void init() throws ServletException JavaDoc
66     {
67         // Get the container authentication URL for FORM-based Authentication
68 // J2EE spec says should be j_security_check
69 if (getInitParameter("authURL") != null)
70         {
71                 mAuthURL = getInitParameter("authURL");
72         }
73         
74         String JavaDoc secureLogin = RollerConfig.getProperty("securelogin.enabled");
75         if(secureLogin != null && "true".equalsIgnoreCase(secureLogin))
76             this.secureLogin = true;
77         
78         String JavaDoc secureLoginPort = RollerConfig.getProperty("securelogin.https.port");
79         if(secureLoginPort != null)
80             this.loginHttpsPort = secureLoginPort;
81         
82         mLogger.info("secure login enabled: "+this.secureLogin);
83         mLogger.info("secure login port: "+this.loginHttpsPort);
84     }
85
86     /**
87      * Route the user to the execute method
88      *
89      * @param request The HTTP request we are processing
90      * @param response The HTTP response we are creating
91      *
92      * @exception IOException if an input/output error occurs
93      * @exception ServletException if a servlet exception occurs
94      */
95     public void doGet(HttpServletRequest JavaDoc request, HttpServletResponse JavaDoc response)
96                throws IOException JavaDoc, ServletException JavaDoc
97     {
98         execute(request, response);
99     }
100
101     /**
102      * Route the user to the execute method
103      *
104      * @param request The HTTP request we are processing
105      * @param response The HTTP response we are creating
106      *
107      * @exception IOException if an input/output error occurs
108      * @exception ServletException if a servlet exception occurs
109      */
110     public void doPost(HttpServletRequest JavaDoc request, HttpServletResponse JavaDoc response)
111                 throws IOException JavaDoc, ServletException JavaDoc
112     {
113         execute(request, response);
114     }
115
116     /**
117      * Process the specified HTTP request, and create the corresponding HTTP
118      * response (or forward to another web component that will create it).
119      *
120      * @param request The HTTP request we are processing
121      * @param response The HTTP response we are creating
122      *
123      * @exception IOException if an input/output error occurs
124      * @exception ServletException if a servlet exception occurs
125      */
126     public void execute(HttpServletRequest JavaDoc request,
127                         HttpServletResponse JavaDoc response) throws IOException JavaDoc,
128                                                              ServletException JavaDoc
129     {
130         // if user is already authenticated, it means they probably bookmarked
131 // or typed in the URL to login.jsp directly, route them to the main
132 // menu if this is the case
133 if (request.getRemoteUser() != null) {
134             if (mLogger.isDebugEnabled()) {
135                 mLogger.debug("User '" + request.getRemoteUser() +
136                           "' already logged in, routing to main");
137             }
138             response.sendRedirect(request.getContextPath() + "/main.do");
139             return;
140         }
141         
142         // Extract attributes we will need
143 String JavaDoc username = request.getParameter("j_username");
144         String JavaDoc password = request.getParameter("j_password");
145         
146         String JavaDoc encryptedPassword = getEncryptedPassword(request, username, password);
147
148         String JavaDoc req = null;
149         String JavaDoc contextUrl = null;
150         if (this.secureLogin)
151         {
152             // Secure login and app server may not know it, so we must build URL
153 StringBuffer JavaDoc sb = new StringBuffer JavaDoc("");
154             sb.append("https://");
155             if (this.loginHttpsPort.equals(SslUtil.STD_HTTPS_PORT))
156             {
157                 sb.append(request.getServerName());
158             }
159             else
160             {
161                 sb.append(request.getServerName() + ":" + this.loginHttpsPort);
162             }
163             sb.append(request.getContextPath());
164             contextUrl = sb.toString();
165         }
166         else
167         {
168             contextUrl = request.getContextPath();
169         }
170         // TODO: is there a way we can do this without having password in the URL?
171 req = contextUrl + mAuthURL
172             + "?j_username=" + username
173             + "&j_password=" + encryptedPassword
174             + "&j_uri=" + request.getParameter("j_uri");
175
176         if (mLogger.isDebugEnabled())
177         {
178             mLogger.debug("Authenticating user '" + username + "'");
179         }
180
181         response.sendRedirect(response.encodeRedirectURL(req));
182     }
183
184     /**
185      * Encode the user's password (if necessary) before redirecting to
186      * the Container Managed Security servlet.
187      *
188      * @param request
189      * @param username
190      * @param password
191      * @return
192      */
193     public static String JavaDoc getEncryptedPassword(
194                        HttpServletRequest JavaDoc request, String JavaDoc username, String JavaDoc password)
195     {
196         // This determines if the password should be encrypted programmatically
197 mEncrypt = new Boolean JavaDoc(RollerConfig.getProperty("passwds.encryption.enabled"));
198         mAlgorithm = RollerConfig.getProperty("passwds.encryption.algorithm");
199
200         if (mLogger.isDebugEnabled())
201         {
202             mLogger.debug("Authentication URL: " + mAuthURL);
203             mLogger.debug("Programmatic encryption of password? " + mEncrypt);
204             mLogger.debug("Encryption algorithm: " + mAlgorithm);
205         }
206
207         if (request.getParameter("rememberMe") != null) {
208             request.getSession().setAttribute(RollerRequest.LOGIN_COOKIE, "true");
209         }
210         String JavaDoc encryptedPassword = "";
211         if (mEncrypt.booleanValue() && (request.getAttribute("encrypt") == null))
212         {
213             if (mLogger.isDebugEnabled())
214             {
215                 mLogger.debug("Encrypting password for user '" + username + "'");
216             }
217             encryptedPassword = Utilities.encodePassword(password, mAlgorithm);
218         }
219         else
220         {
221             encryptedPassword = password;
222         }
223         return encryptedPassword;
224     }
225 }
Popular Tags