1 7 package winstone.auth; 8 9 import java.io.IOException ; 10 import java.util.List ; 11 import java.util.Set ; 12 13 import javax.servlet.ServletException ; 14 import javax.servlet.ServletRequest ; 15 import javax.servlet.ServletResponse ; 16 import javax.servlet.http.HttpServletRequest ; 17 import javax.servlet.http.HttpServletRequestWrapper ; 18 import javax.servlet.http.HttpServletResponse ; 19 import javax.servlet.http.HttpSession ; 20 21 import org.w3c.dom.Node ; 22 23 import winstone.AuthenticationPrincipal; 24 import winstone.AuthenticationRealm; 25 import winstone.Logger; 26 import winstone.WebAppConfiguration; 27 import winstone.WinstoneRequest; 28 29 37 public class FormAuthenticationHandler extends BaseAuthenticationHandler { 38 private static final String ELEM_FORM_LOGIN_CONFIG = "form-login-config"; 39 private static final String ELEM_FORM_LOGIN_PAGE = "form-login-page"; 40 private static final String ELEM_FORM_ERROR_PAGE = "form-error-page"; 41 private static final String FORM_ACTION = "j_security_check"; 42 private static final String FORM_USER = "j_username"; 43 private static final String FORM_PASS = "j_password"; 44 private static final String AUTHENTICATED_USER = "winstone.auth.FormAuthenticationHandler.AUTHENTICATED_USER"; 45 private static final String CACHED_REQUEST = "winstone.auth.FormAuthenticationHandler.CACHED_REQUEST"; 46 47 private String loginPage; 48 private String errorPage; 49 50 62 public FormAuthenticationHandler(Node loginConfigNode, 63 List constraintNodes, Set rolesAllowed, 64 AuthenticationRealm realm) { 65 super(loginConfigNode, constraintNodes, rolesAllowed, realm); 66 67 for (int n = 0; n < loginConfigNode.getChildNodes().getLength(); n++) { 68 Node loginElm = loginConfigNode.getChildNodes().item(n); 69 if (loginElm.getNodeName().equals(ELEM_FORM_LOGIN_CONFIG)) { 70 for (int k = 0; k < loginElm.getChildNodes().getLength(); k++) { 71 Node formElm = loginElm.getChildNodes().item(k); 72 if (formElm.getNodeType() != Node.ELEMENT_NODE) 73 continue; 74 else if (formElm.getNodeName().equals(ELEM_FORM_LOGIN_PAGE)) 75 loginPage = WebAppConfiguration.getTextFromNode(formElm); 76 else if (formElm.getNodeName().equals(ELEM_FORM_ERROR_PAGE)) 77 errorPage = WebAppConfiguration.getTextFromNode(formElm); 78 } 79 } 80 } 81 Logger.log(Logger.DEBUG, AUTH_RESOURCES, 82 "FormAuthenticationHandler.Initialised", realmName); 83 } 84 85 92 public boolean processAuthentication(ServletRequest request, 93 ServletResponse response, String pathRequested) throws IOException , 94 ServletException { 95 if (pathRequested.equals(this.loginPage) 96 || pathRequested.equals(this.errorPage)) 97 return true; 98 else 99 return super 100 .processAuthentication(request, response, pathRequested); 101 } 102 103 106 protected void requestAuthentication(HttpServletRequest request, 107 HttpServletResponse response, String pathRequested) 108 throws ServletException , IOException { 109 WinstoneRequest actualRequest = null; 111 if (request instanceof WinstoneRequest) 112 actualRequest = (WinstoneRequest) request; 113 else if (request instanceof HttpServletRequestWrapper ) { 114 HttpServletRequestWrapper wrapper = (HttpServletRequestWrapper ) request; 115 if (wrapper.getRequest() instanceof WinstoneRequest) 116 actualRequest = (WinstoneRequest) wrapper.getRequest(); 117 else 118 Logger.log(Logger.WARNING, AUTH_RESOURCES, 119 "FormAuthenticationHandler.CantSetUser", wrapper 120 .getRequest().getClass().getName()); 121 } else 122 Logger.log(Logger.WARNING, AUTH_RESOURCES, 123 "FormAuthenticationHandler.CantSetUser", request.getClass() 124 .getName()); 125 126 HttpSession session = actualRequest.getSession(true); 127 session.setAttribute(CACHED_REQUEST, new CachedRequest(actualRequest)); 128 129 Logger.log(Logger.FULL_DEBUG, AUTH_RESOURCES, 131 "FormAuthenticationHandler.GoToLoginPage"); 132 javax.servlet.RequestDispatcher rd = request 133 .getRequestDispatcher(this.loginPage); 134 setNoCache(response); 135 rd.forward(request, response); 136 } 137 138 143 protected boolean validatePossibleAuthenticationResponse( 144 HttpServletRequest request, HttpServletResponse response, 145 String pathRequested) throws ServletException , IOException { 146 if (pathRequested.endsWith(FORM_ACTION)) { 148 String username = request.getParameter(FORM_USER); 149 String password = request.getParameter(FORM_PASS); 150 151 AuthenticationPrincipal principal = this.realm 153 .authenticateByUsernamePassword(username, password); 154 if (principal == null) { 155 javax.servlet.RequestDispatcher rd = request 156 .getRequestDispatcher(this.errorPage); 157 rd.forward(request, response); 158 } 159 160 else { 162 ServletRequest wrapperCheck = request; 164 while (wrapperCheck instanceof HttpServletRequestWrapper ) 165 wrapperCheck = ((HttpServletRequestWrapper ) wrapperCheck) 166 .getRequest(); 167 168 WinstoneRequest actualRequest = null; 170 if (wrapperCheck instanceof WinstoneRequest) { 171 actualRequest = (WinstoneRequest) wrapperCheck; 172 actualRequest.setRemoteUser(principal); 173 } else 174 Logger.log(Logger.WARNING, AUTH_RESOURCES, 175 "FormAuthenticationHandler.CantSetUser", 176 wrapperCheck.getClass().getName()); 177 178 HttpSession session = request.getSession(true); 179 String previousLocation = this.loginPage; 180 CachedRequest cachedRequest = (CachedRequest) session.getAttribute(CACHED_REQUEST); 181 if ((cachedRequest != null) 182 && (actualRequest != null)) { 183 cachedRequest.transferContent(actualRequest); 185 previousLocation = request.getServletPath(); 186 } else 189 Logger.log(Logger.DEBUG, AUTH_RESOURCES, 190 "FormAuthenticationHandler.NoCachedRequest"); 191 192 if (doRoleCheck(request, response, previousLocation)) { 194 principal.setAuthType(HttpServletRequest.FORM_AUTH); 195 session.setAttribute(AUTHENTICATED_USER, principal); 196 javax.servlet.RequestDispatcher rd = request 197 .getRequestDispatcher(previousLocation); 198 rd.forward(request, response); 199 } else { 200 javax.servlet.RequestDispatcher rd = request 201 .getRequestDispatcher(this.errorPage); 202 rd.forward(request, response); 203 } 204 } 205 return false; 206 } 207 208 else { 211 WinstoneRequest actualRequest = null; 212 if (request instanceof WinstoneRequest) 213 actualRequest = (WinstoneRequest) request; 214 else if (request instanceof HttpServletRequestWrapper ) { 215 HttpServletRequestWrapper wrapper = (HttpServletRequestWrapper ) request; 216 if (wrapper.getRequest() instanceof WinstoneRequest) 217 actualRequest = (WinstoneRequest) wrapper.getRequest(); 218 else 219 Logger.log(Logger.WARNING, AUTH_RESOURCES, 220 "FormAuthenticationHandler.CantSetUser", wrapper 221 .getRequest().getClass().getName()); 222 } else 223 Logger.log(Logger.WARNING, AUTH_RESOURCES, 224 "FormAuthenticationHandler.CantSetUser", request 225 .getClass().getName()); 226 227 HttpSession session = actualRequest.getSession(false); 228 if (session != null) { 229 AuthenticationPrincipal authenticatedUser = (AuthenticationPrincipal) 230 session.getAttribute(AUTHENTICATED_USER); 231 if (authenticatedUser != null) { 232 actualRequest.setRemoteUser(authenticatedUser); 233 Logger.log(Logger.FULL_DEBUG, AUTH_RESOURCES, 234 "FormAuthenticationHandler.GotUserFromSession"); 235 } 236 } 237 return true; 238 } 239 } 240 } 241 | Popular Tags |