<%@ page import="org.apache.log4j.*" %> <%@ page import="com.ecyrd.jspwiki.*" %> <%@ page import="com.ecyrd.jspwiki.attachment.*" %> <%@ page import="java.util.*" %> <%@ page import="java.security.Principal" %> <%@ page import="com.ecyrd.jspwiki.tags.WikiTagBase" %> <%@ page import="com.ecyrd.jspwiki.auth.*" %> <%@ page import="com.ecyrd.jspwiki.auth.login.CookieAssertionLoginModule" %> <%@ page errorPage="/Error.jsp" %> <%@ taglib uri="/WEB-INF/jspwiki.tld" prefix="wiki" %> <%! public void jspInit() { wiki = WikiEngine.getInstance( getServletConfig() ); } Category log = Category.getInstance("JSPWiki"); WikiEngine wiki; %> <% AuthenticationManager mgr = wiki.getAuthenticationManager(); WikiContext wikiContext = wiki.createContext( request, WikiContext.LOGIN ); WikiSession wikiSession = wikiContext.getWikiSession(); NDC.push( wiki.getApplicationName() + ":Login.jsp" ); session.setAttribute("msg",""); if( !mgr.isContainerAuthenticated() ) { // If user got here and is already authenticated, it means // they just aren't allowed access to what they asked for. // Weepy tears and hankies all 'round. if ( wikiSession.isAuthenticated() ) { response.sendError( HttpServletResponse.SC_FORBIDDEN, "It seems you don't have access to that. Sorry." ); } // If using custom auth, we need to do the login now String action = request.getParameter("action"); if( "login".equals(action) ) { String uid = request.getParameter( "j_username" ); String passwd = request.getParameter( "j_password" ); log.debug( "Attempting to authenticate user " + uid ); // Log the user in! if ( mgr.login( wikiSession, uid, passwd ) ) { log.info( "Successfully authenticated user " + uid + " (custom auth)" ); } else { log.error( "Failed to authenticate user " + uid ); if ( passwd.length() > 0 && passwd.toUpperCase().equals(passwd) ) { session.setAttribute("msg", "Invalid login (please check your Caps Lock key)"); } else { session.setAttribute("msg", "Not a valid login."); } } } } else { // If using container auth, the container will have automatically // attempted to log in the user before Login.jsp was loaded. // Thus, if we got here, the container must have authenticated // the user already. All we do is simply record that fact. // Nice and easy. Principal user = wikiSession.getLoginPrincipal(); log.info( "Successfully authenticated user " + user.getName() + " (container auth)" ); } // If user logged in, set the user cookie with the wiki principal's name. // redirect to wherever we're supposed to go. If login.jsp // was called without parameters, this will be the front page. Otherwise, // there's probably a 'page' parameter telling us where to go. if ( wikiSession.isAuthenticated() ) { // Set user cookie Principal principal = wikiSession.getUserPrincipal(); CookieAssertionLoginModule.setUserCookie( response, principal.getName() ); // If wiki page was "Login", redirect to main, otherwise use the page supplied String redirectPage = wikiContext.getPage().getName(); String viewUrl = ( "Login".equals( redirectPage ) ) ? "Wiki.jsp" : wiki.getViewURL( redirectPage ); // Redirect! log.info( "Redirecting user to " + viewUrl ); response.sendRedirect( viewUrl ); NDC.pop(); NDC.remove(); } // If we've gotten here, the user hasn't authenticated yet. // So, find the login form and include it. This should be in the same directory // as this page. We don't need to use the wiki:Include tag. %> <% NDC.pop(); NDC.remove(); %>