1 25 package org.snipsnap.net; 26 27 import org.radeox.util.logging.Logger; 28 import org.snipsnap.app.Application; 29 import org.snipsnap.config.Configuration; 30 import org.snipsnap.container.Components; 31 import org.snipsnap.container.SessionService; 32 import org.snipsnap.net.filter.MultipartWrapper; 33 import org.snipsnap.user.AuthenticationService; 34 import org.snipsnap.user.User; 35 36 import javax.servlet.RequestDispatcher ; 37 import javax.servlet.ServletException ; 38 import javax.servlet.http.HttpServlet ; 39 import javax.servlet.http.HttpServletRequest ; 40 import javax.servlet.http.HttpServletResponse ; 41 import javax.servlet.http.HttpSession ; 42 import java.io.IOException ; 43 44 50 public class LoginServlet extends HttpServlet { 51 private final static String ERR_PASSWORD = ""; 52 53 public void doPost(HttpServletRequest request, HttpServletResponse response) 54 throws ServletException , IOException { 55 Configuration config = Application.get().getConfiguration(); 56 57 String type = request.getHeader("Content-Type"); 59 if (type != null && type.startsWith("multipart/form-data")) { 60 try { 61 request = new MultipartWrapper(request, config.getEncoding() != null ? config.getEncoding() : "UTF-8"); 62 } catch (IllegalArgumentException e) { 63 Logger.warn("FileUploadServlet: multipart/form-data wrapper:" + e.getMessage()); 64 } 65 } 66 67 String login = request.getParameter("login"); 68 String password = request.getParameter("password"); 69 String referer = sanitize(request.getParameter("referer")); 70 71 if (request.getParameter("cancel") == null) { 72 User user = ((AuthenticationService) Components.getComponent(AuthenticationService.class)).authenticate(login, password); 73 if (Application.getCurrentUsers().contains(user)) { 74 Application.getCurrentUsers().remove(user); 75 } 76 77 HttpSession session = request.getSession(); 78 if (null == user) { 79 request.setAttribute("tmpLogin", login); 80 request.setAttribute("referer", referer); 81 request.setAttribute("error", ERR_PASSWORD); 82 RequestDispatcher dispatcher = request.getRequestDispatcher("/exec/login.jsp"); 83 dispatcher.forward(request, response); 84 return; 85 } 86 87 session.removeAttribute("referer"); 88 Application.get().setUser(user, session); 89 90 SessionService service = (SessionService) Components.getComponent(SessionService.class); 91 service.setUser(request, response, user); 92 } 93 94 response.sendRedirect(referer); 95 } 96 97 private String sanitize(String parameter) { 98 if (null != parameter) { 99 return parameter.split("[\r\n]")[0]; 100 } 101 return parameter; 102 } 103 104 protected void doGet(HttpServletRequest request, HttpServletResponse response) 105 throws ServletException , IOException { 106 String referer = request.getHeader("REFERER"); 107 if (referer == null || referer.length() == 0) { 108 Configuration config = Application.get().getConfiguration(); 109 referer = config.getSnipUrl(config.getStartSnip()); 110 } 111 112 if ("true".equals(request.getParameter("logoff"))) { 113 HttpSession session = request.getSession(); 114 SessionService service = (SessionService) Components.getComponent(SessionService.class); 115 service.removeCookie(request, response); 116 Application.get().setUser(null); 119 session.invalidate(); 120 } else if ("true".equals(request.getParameter("timeout"))) { 121 HttpSession session = request.getSession(); 122 Application.removeCurrentUser(session); 123 session.invalidate(); 124 } 125 126 response.sendRedirect(referer); 127 } 128 } 129 | Popular Tags |