LoginProxyServlet xref

View Javadoc

1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one or more
3    * contributor license agreements.  See the NOTICE file distributed with
4    * this work for additional information regarding copyright ownership.
5    * The ASF licenses this file to You under the Apache License, Version 2.0
6    * (the "License"); you may not use this file except in compliance with
7    * the License.  You may obtain a copy of the License at
8    * 
9    *      http://www.apache.org/licenses/LICENSE-2.0
10   * 
11   * Unless required by applicable law or agreed to in writing, software
12   * distributed under the License is distributed on an "AS IS" BASIS,
13   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14   * See the License for the specific language governing permissions and
15   * limitations under the License.
16   */
17  package org.apache.jetspeed.login;
18  
19  import java.io.IOException;
20  import java.util.Iterator;
21  import java.util.List;
22  
23  import javax.servlet.ServletConfig;
24  import javax.servlet.ServletException;
25  import javax.servlet.http.HttpServlet;
26  import javax.servlet.http.HttpServletRequest;
27  import javax.servlet.http.HttpServletResponse;
28  import javax.servlet.http.HttpSession;
29  
30  import org.apache.jetspeed.Jetspeed;
31  import org.apache.jetspeed.PortalReservedParameters;
32  import org.apache.jetspeed.administration.PortalAuthenticationConfiguration;
33  import org.apache.jetspeed.security.activeauthentication.ActiveAuthenticationIdentityProvider;
34  import org.apache.jetspeed.security.activeauthentication.IdentityToken;
35  
36  /***
37   * LoginProxyServlet
38   * 
39   * @author <a href="mailto:ate@douma.nu">Ate Douma </a>
40   * @version $Id: LoginProxyServlet.java 584923 2007-10-15 21:14:46Z taylor $
41   */
42  public class LoginProxyServlet extends HttpServlet
43  {
44      private boolean credentialsFromRequest = true;
45      
46      public void init(ServletConfig config) throws ServletException
47      {
48          super.init(config);
49          String s = config.getInitParameter("credentialsFromRequest");
50          if (s != null)
51          {
52              credentialsFromRequest = s.equalsIgnoreCase("true");
53          }
54      }
55  
56      public void doGet(HttpServletRequest request,
57              HttpServletResponse response) throws IOException, ServletException
58      {
59          String parameter;
60          String username;
61          request.setCharacterEncoding( "UTF-8" );
62                  
63          HttpSession session = request.getSession(true);
64  
65          parameter = request.getParameter(LoginConstants.DESTINATION);
66          if (parameter != null)
67              session.setAttribute(LoginConstants.DESTINATION, parameter);
68          else
69              session.removeAttribute(LoginConstants.DESTINATION);
70          if (credentialsFromRequest)
71          {
72              username = request.getParameter(LoginConstants.USERNAME);
73              if (username != null)
74                  session.setAttribute(LoginConstants.USERNAME, username);
75              else
76                  session.removeAttribute(LoginConstants.USERNAME);
77              parameter = request.getParameter(LoginConstants.PASSWORD);
78              if (parameter != null)
79                  session.setAttribute(LoginConstants.PASSWORD, parameter);
80              else
81                  session.removeAttribute(LoginConstants.PASSWORD);
82          }
83          else
84          {
85              username = (String)session.getAttribute(LoginConstants.USERNAME);
86              parameter = (String)session.getAttribute(LoginConstants.PASSWORD);            
87          }
88          
89          // Globaly override all psml themes
90          if (request
91                  .getParameter(PortalReservedParameters.PAGE_THEME_OVERRIDE_ATTRIBUTE) != null)
92          {
93              String decoratorName = request
94                      .getParameter(PortalReservedParameters.PAGE_THEME_OVERRIDE_ATTRIBUTE);
95              session.setAttribute(
96                      PortalReservedParameters.PAGE_THEME_OVERRIDE_ATTRIBUTE,
97                      decoratorName);
98          }
99  
100         PortalAuthenticationConfiguration authenticationConfiguration = (PortalAuthenticationConfiguration)
101         Jetspeed.getComponentManager().getComponent("org.apache.jetspeed.administration.PortalAuthenticationConfiguration");   
102         if (authenticationConfiguration.isCreateNewSessionOnLogin())
103         {
104     
105             ActiveAuthenticationIdentityProvider identityProvider = (ActiveAuthenticationIdentityProvider) 
106                 Jetspeed.getComponentManager().getComponent("org.apache.jetspeed.security.activeauthentication.ActiveAuthenticationIdentityProvider");
107             IdentityToken token = identityProvider.createIdentityToken(username);
108             saveState(session, token, identityProvider.getSessionAttributeNames());
109             request.getSession().invalidate();
110             HttpSession newSession = request.getSession(true);
111             restoreState(newSession, token);
112             response.sendRedirect(response.encodeURL(request.getContextPath()
113                     + "/login/redirector?token=") + token.getToken());
114             
115         }
116         else
117         {
118             response.sendRedirect(response.encodeURL(request.getContextPath()
119                     + "/login/redirector"));
120         }
121     }
122 
123     protected void saveState(HttpSession session, IdentityToken token, List sessionAttributes)
124     {
125         Iterator sessionNames = sessionAttributes.iterator();
126         while (sessionNames.hasNext())
127         {
128             String name = (String)sessionNames.next();
129             token.setAttribute(name, session.getAttribute(name));
130         }
131     }
132 
133     protected void restoreState(HttpSession session, IdentityToken token)
134     {
135         Iterator names = token.getAttributeNames();
136         while (names.hasNext())
137         {
138             String name = (String)names.next();
139             Object attribute = token.getAttribute(name);
140             session.setAttribute(name, attribute);
141         }        
142     }
143     
144     public final void doPost(HttpServletRequest request,
145             HttpServletResponse response) throws IOException, ServletException
146     {
147         doGet(request, response);
148     }
149 
150 }