1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 package org.apache.jetspeed.login.filter;
18
19 import java.io.IOException;
20 import java.security.Principal;
21 import java.util.HashSet;
22 import java.util.Set;
23
24 import javax.security.auth.Subject;
25 import javax.servlet.Filter;
26 import javax.servlet.FilterChain;
27 import javax.servlet.FilterConfig;
28 import javax.servlet.ServletException;
29 import javax.servlet.ServletRequest;
30 import javax.servlet.ServletResponse;
31 import javax.servlet.http.HttpServletRequest;
32 import javax.servlet.http.HttpSession;
33
34 import org.apache.jetspeed.Jetspeed;
35 import org.apache.jetspeed.PortalReservedParameters;
36 import org.apache.jetspeed.administration.PortalAuthenticationConfiguration;
37 import org.apache.jetspeed.administration.PortalConfiguration;
38 import org.apache.jetspeed.audit.AuditActivity;
39 import org.apache.jetspeed.login.LoginConstants;
40 import org.apache.jetspeed.security.SecurityException;
41 import org.apache.jetspeed.security.SecurityHelper;
42 import org.apache.jetspeed.security.User;
43 import org.apache.jetspeed.security.UserManager;
44 import org.apache.jetspeed.security.UserPrincipal;
45 import org.apache.jetspeed.security.impl.PrincipalsSet;
46 import org.apache.jetspeed.security.impl.UserSubjectPrincipalImpl;
47
48 public class PortalFilter implements Filter
49 {
50 protected String guest = "guest";
51
52 public void init(FilterConfig filterConfig) throws ServletException
53 {
54 PortalConfiguration config = Jetspeed.getConfiguration();
55 if (config != null)
56 guest = config.getString("default.user.principal");
57 }
58
59 public void doFilter(ServletRequest sRequest,
60 ServletResponse sResponse, FilterChain filterChain)
61 throws IOException, ServletException
62 {
63 if (sRequest instanceof HttpServletRequest)
64 {
65 HttpServletRequest request = (HttpServletRequest)sRequest;
66 String username = request.getParameter(LoginConstants.USERNAME);
67 String password = request.getParameter(LoginConstants.PASSWORD);
68 if (username != null)
69 {
70 UserManager userManager = (UserManager)Jetspeed.getComponentManager().getComponent("org.apache.jetspeed.security.UserManager");
71 AuditActivity audit = (AuditActivity)Jetspeed.getComponentManager().getComponent("org.apache.jetspeed.audit.AuditActivity");
72 boolean success = userManager.authenticate(username, password);
73 if (success)
74 {
75 audit.logUserActivity(username, request.getRemoteAddr(), AuditActivity.AUTHENTICATION_SUCCESS, "PortalFilter");
76 PortalAuthenticationConfiguration authenticationConfiguration = (PortalAuthenticationConfiguration)
77 Jetspeed.getComponentManager().getComponent("org.apache.jetspeed.administration.PortalAuthenticationConfiguration");
78 if (authenticationConfiguration.isCreateNewSessionOnLogin())
79 {
80 request.getSession().invalidate();
81 }
82 Subject subject = null;
83 try
84 {
85
86 User user = userManager.getUser(username);
87 if ( user != null )
88 {
89 subject = user.getSubject();
90 }
91 }
92 catch (SecurityException sex)
93 {
94 }
95 if (subject == null)
96 {
97 Set principals = new PrincipalsSet();
98 UserSubjectPrincipalImpl userPrincipal = new UserSubjectPrincipalImpl(username);
99 principals.add(userPrincipal);
100 subject = new Subject(true, principals, new HashSet(), new HashSet());
101 userPrincipal.setSubject(subject);
102 }
103 Principal principal = SecurityHelper.getPrincipal(subject, UserPrincipal.class);
104 sRequest = wrapperRequest(request, subject, principal);
105 request.getSession().removeAttribute(LoginConstants.ERRORCODE);
106 HttpSession session = request.getSession(true);
107 session.setAttribute(PortalReservedParameters.SESSION_KEY_SUBJECT, subject);
108
109 }
110 else
111 {
112 audit.logUserActivity(username, request.getRemoteAddr(), AuditActivity.AUTHENTICATION_FAILURE, "PortalFilter");
113 request.getSession().setAttribute(LoginConstants.ERRORCODE, LoginConstants.ERROR_INVALID_PASSWORD);
114 }
115 }
116 else
117 {
118
119
120 Subject subject = (Subject)request.getSession().getAttribute(PortalReservedParameters.SESSION_KEY_SUBJECT);
121 if (subject != null)
122 {
123 Principal principal = SecurityHelper.getPrincipal(subject, UserPrincipal.class);
124 if (principal != null && principal.getName().equals(this.guest))
125 {
126 }
127 else
128 {
129 sRequest = wrapperRequest(request, subject, principal);
130 }
131 }
132 }
133
134 sRequest.setAttribute(PortalReservedParameters.PORTAL_FILTER_ATTRIBUTE, "true");
135 }
136
137 if (filterChain != null)
138 {
139 filterChain.doFilter(sRequest, sResponse);
140 }
141 }
142
143 private ServletRequest wrapperRequest(HttpServletRequest request, Subject subject, Principal principal)
144 {
145 PortalRequestWrapper wrapper = new PortalRequestWrapper(request, subject, principal);
146 return wrapper;
147 }
148
149 public void destroy()
150 {
151 }
152 }