PortalFilter xref

View Javadoc

1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one or more
3    * contributor license agreements.  See the NOTICE file distributed with
4    * this work for additional information regarding copyright ownership.
5    * The ASF licenses this file to You under the Apache License, Version 2.0
6    * (the "License"); you may not use this file except in compliance with
7    * the License.  You may obtain a copy of the License at
8    * 
9    *      http://www.apache.org/licenses/LICENSE-2.0
10   * 
11   * Unless required by applicable law or agreed to in writing, software
12   * distributed under the License is distributed on an "AS IS" BASIS,
13   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14   * See the License for the specific language governing permissions and
15   * limitations under the License.
16   */
17  package org.apache.jetspeed.login.filter;
18  
19  import java.io.IOException;
20  import java.security.Principal;
21  import java.util.HashSet;
22  import java.util.Set;
23  
24  import javax.security.auth.Subject;
25  import javax.servlet.Filter;
26  import javax.servlet.FilterChain;
27  import javax.servlet.FilterConfig;
28  import javax.servlet.ServletException;
29  import javax.servlet.ServletRequest;
30  import javax.servlet.ServletResponse;
31  import javax.servlet.http.HttpServletRequest;
32  import javax.servlet.http.HttpSession;
33  
34  import org.apache.jetspeed.Jetspeed;
35  import org.apache.jetspeed.PortalReservedParameters;
36  import org.apache.jetspeed.administration.PortalAuthenticationConfiguration;
37  import org.apache.jetspeed.administration.PortalConfiguration;
38  import org.apache.jetspeed.audit.AuditActivity;
39  import org.apache.jetspeed.login.LoginConstants;
40  import org.apache.jetspeed.security.SecurityException;
41  import org.apache.jetspeed.security.SecurityHelper;
42  import org.apache.jetspeed.security.User;
43  import org.apache.jetspeed.security.UserManager;
44  import org.apache.jetspeed.security.UserPrincipal;
45  import org.apache.jetspeed.security.impl.PrincipalsSet;
46  import org.apache.jetspeed.security.impl.UserSubjectPrincipalImpl;
47  
48  public class PortalFilter implements Filter
49  {
50      protected String guest = "guest";
51      
52      public void init(FilterConfig filterConfig) throws ServletException
53      {
54          PortalConfiguration config = Jetspeed.getConfiguration();
55          if (config != null)
56              guest = config.getString("default.user.principal");                
57      }
58  
59      public void doFilter(ServletRequest sRequest,
60              ServletResponse sResponse, FilterChain filterChain)
61              throws IOException, ServletException
62      {
63          if (sRequest instanceof HttpServletRequest)
64          {
65              HttpServletRequest request = (HttpServletRequest)sRequest;
66              String username = request.getParameter(LoginConstants.USERNAME);
67              String password = request.getParameter(LoginConstants.PASSWORD);            
68              if (username != null)
69              {
70                  UserManager userManager = (UserManager)Jetspeed.getComponentManager().getComponent("org.apache.jetspeed.security.UserManager");
71                  AuditActivity audit = (AuditActivity)Jetspeed.getComponentManager().getComponent("org.apache.jetspeed.audit.AuditActivity");                
72                  boolean success = userManager.authenticate(username, password);
73                  if (success)
74                  {
75                      audit.logUserActivity(username, request.getRemoteAddr(), AuditActivity.AUTHENTICATION_SUCCESS, "PortalFilter");
76                      PortalAuthenticationConfiguration authenticationConfiguration = (PortalAuthenticationConfiguration)
77                          Jetspeed.getComponentManager().getComponent("org.apache.jetspeed.administration.PortalAuthenticationConfiguration");
78                      if (authenticationConfiguration.isCreateNewSessionOnLogin())
79                      {
80                          request.getSession().invalidate();
81                      }
82                      Subject subject = null;
83                      try
84                      {
85                          // load the user principals (roles, groups, credentials)
86                          User user = userManager.getUser(username);
87                          if ( user != null )
88                          {
89                              subject = user.getSubject();
90                          }
91                      }
92                      catch (SecurityException sex)
93                      {
94                      }       
95                      if (subject == null)
96                      {
97                          Set principals = new PrincipalsSet();
98                          UserSubjectPrincipalImpl userPrincipal = new UserSubjectPrincipalImpl(username);
99                          principals.add(userPrincipal);
100                         subject = new Subject(true, principals, new HashSet(), new HashSet());
101                         userPrincipal.setSubject(subject);
102                     }
103                     Principal principal = SecurityHelper.getPrincipal(subject, UserPrincipal.class);
104                     sRequest = wrapperRequest(request, subject, principal);
105                     request.getSession().removeAttribute(LoginConstants.ERRORCODE);
106                     HttpSession session = request.getSession(true);
107                     session.setAttribute(PortalReservedParameters.SESSION_KEY_SUBJECT, subject);
108                     //System.out.println("*** login session = " + session);
109                 }
110                 else
111                 {
112                     audit.logUserActivity(username, request.getRemoteAddr(), AuditActivity.AUTHENTICATION_FAILURE, "PortalFilter");                    
113                     request.getSession().setAttribute(LoginConstants.ERRORCODE, LoginConstants.ERROR_INVALID_PASSWORD);                    
114                 }
115             }
116             else
117             {
118                 //HttpSession session = request.getSession();
119                 //System.out.println("*** session = " + session);
120                 Subject subject = (Subject)request.getSession().getAttribute(PortalReservedParameters.SESSION_KEY_SUBJECT);
121                 if (subject != null)
122                 {
123                     Principal principal = SecurityHelper.getPrincipal(subject, UserPrincipal.class);
124                     if (principal != null && principal.getName().equals(this.guest))
125                     {                        
126                     }
127                     else
128                     {
129                         sRequest = wrapperRequest(request, subject, principal);
130                     }
131                 }                
132             }              
133 
134             sRequest.setAttribute(PortalReservedParameters.PORTAL_FILTER_ATTRIBUTE, "true");
135         }
136         
137         if (filterChain != null)
138         {
139             filterChain.doFilter(sRequest, sResponse);
140         }
141     }
142     
143     private ServletRequest wrapperRequest(HttpServletRequest request, Subject subject, Principal principal)
144     {
145         PortalRequestWrapper wrapper = new PortalRequestWrapper(request, subject, principal);
146         return wrapper;
147     }
148 
149     public void destroy()
150     {
151     }
152 }