Source Code Cross Referenced for HTTPAuthentication.java in  » Ajax » Laszlo-4.0.10 » org » openlaszlo » auth » Java Source Code / Java DocumentationJava Source Code and Java Documentation

001:        /* *****************************************************************************
002:         * HTTPAuthentication.java
003:         * ****************************************************************************/
004:
005:        /* J_LZ_COPYRIGHT_BEGIN *******************************************************
006:         * Copyright 2001-2004 Laszlo Systems, Inc.  All Rights Reserved.              *
007:         * Use is subject to license terms.                                            *
008:         * J_LZ_COPYRIGHT_END *********************************************************/
009:
010:        package org.openlaszlo.auth;
011:
012:        import org.openlaszlo.data.*;
013:        import org.openlaszlo.server.*;
014:        import org.openlaszlo.servlets.*;
015:        import org.openlaszlo.utils.*;
016:        import java.io.*;
017:        import java.net.*;
018:        import java.security.*;
019:        import java.util.*;
020:        import javax.servlet.http.*;
021:        import org.apache.commons.httpclient.*;
022:        import org.apache.commons.httpclient.methods.*;
023:        import org.apache.log4j.*;
024:        import org.jdom.*;
025:        import org.jdom.input.*;
026:
027:        /** 
028:         * HTTP implementation of Authentication. 
029:         *
030:         * This class implements the Authentication interface 
031:         * methods.  Every public member is an implementation of
032:         * the Authentication interface.  
033:         **/
034:        public class HTTPAuthentication implements  Authentication {
035:            /** Default URL */
036:            private String mDefaultURL = null;
037:
038:            /** Builder to create documents with */
039:            private SAXBuilder mBuilder = new SAXBuilder();
040:
041:            /** HTTPAuthentication logger */
042:            protected static Logger mLogger = Logger
043:                    .getLogger(HTTPAuthentication.class);
044:
045:            public void init(Properties prop) {
046:                mDefaultURL = prop.getProperty("httpauthentication.url");
047:                mLogger.debug("default url: " + mDefaultURL);
048:            }
049:
050:            /**
051:             * ?rt=login&usr=username&pwd=password
052:             *
053:             * [successful login]
054:             * <authentication>
055:             *     <response type="login">
056:             *         <status code="0" msg="ok"/>
057:             *         <username>username</username>
058:             *     </response>
059:             * </authentication>
060:             *
061:             * [login failure]
062:             * <authentication>
063:             *     <response type="login">
064:             *         <status code="3" msg="invalid"/>
065:             *     </response>
066:             * </authentication>
067:             */
068:            public int login(HttpServletRequest req, HttpServletResponse res,
069:                    HashMap param, StringBuffer xmlResponse)
070:                    throws AuthenticationException {
071:
072:                mLogger.debug("login(req,res,param,xmlResponse)");
073:                int code = 1;
074:                String usr = req.getParameter("usr");
075:                String pwd = req.getParameter("pwd");
076:                String query = "rt=login&usr=" + usr + "&pwd=" + pwd;
077:                callAuthenticationServer(req, res, param, query, xmlResponse);
078:                if (xmlResponse.toString().indexOf("code=\"0\"") != -1)
079:                    code = 0;
080:                return code;
081:            }
082:
083:            /**
084:             * ?rt=logout
085:             *
086:             * [logout w/valid session]
087:             * <authentication>
088:             *     <response type="logout">
089:             *         <status code="0" msg="ok"/>
090:             *     </response>
091:             * </authentication>
092:             *
093:             * [logout w/invalid session]
094:             * <authentication>
095:             *     <response type="logout">
096:             *         <status code="4" msg="invalid session"/>
097:             *     </response>
098:             * </authentication>
099:             */
100:            public int logout(HttpServletRequest req, HttpServletResponse res,
101:                    HashMap param, StringBuffer xmlResponse)
102:                    throws AuthenticationException {
103:
104:                mLogger.debug("logout(req,res,param,xmlResponse)");
105:                int code = 1;
106:                String query = "rt=logout";
107:                callAuthenticationServer(req, res, param, query, xmlResponse);
108:                if (xmlResponse.toString().indexOf("code=\"0\"") != -1)
109:                    code = 0;
110:                return code;
111:            }
112:
113:            /**
114:             * ?rt=getusername
115:             *
116:             * [valid session -- return username]
117:             * <authentication>
118:             *     <response type="getusername">
119:             *         <status code="0" msg="ok"/>
120:             *         <username>username</username>
121:             *     </response>
122:             * </authentication>
123:             *
124:             * [invalid session -- return no username]
125:             * <authentication>
126:             *     <response type="getusername">
127:             *         <status code="4" msg="invalid session"/>
128:             *     </response>
129:             * </authentication>
130:             */
131:            public String getUsername(HttpServletRequest req,
132:                    HttpServletResponse res, HashMap param)
133:                    throws AuthenticationException {
134:                mLogger.debug("getUsername(req,res,param)");
135:                try {
136:                    String query = "rt=getusername";
137:                    StringBuffer buf = new StringBuffer();
138:
139:                    callAuthenticationServer(req, res, param, query, buf);
140:
141:                    StringReader reader = new StringReader(buf.toString());
142:                    Document document = mBuilder.build(reader);
143:                    Element root = document.getRootElement();
144:                    Element eUsername = root.getChild("response");
145:                    boolean isOk = (getStatusCode(eUsername) == 0);
146:                    return isOk ? eUsername.getChildText("username") : null;
147:                } catch (JDOMException e) {
148:                    throw new AuthenticationException(e.getMessage());
149:                } catch (IOException e) {
150:                    throw new AuthenticationException(e.getMessage());
151:                }
152:            }
153:
154:            /** 
155:             * This proxies request and response headers.
156:             */
157:            private void callAuthenticationServer(HttpServletRequest req,
158:                    HttpServletResponse res, HashMap param, String query,
159:                    StringBuffer xmlResponse) throws AuthenticationException {
160:                if (mDefaultURL == null) {
161:                    String scheme = req.getScheme();
162:                    String host = req.getServerName();
163:                    int port = req.getServerPort();
164:                    String path = req.getContextPath();
165:                    mDefaultURL = scheme + "://" + host + ":" + port + path
166:                            + "/AuthenticationServlet";
167:                }
168:
169:                Data data = null;
170:                try {
171:
172:                    String urlstr = (String) param.get("url");
173:                    if (urlstr == null)
174:                        urlstr = mDefaultURL;
175:                    urlstr += "?" + query;
176:                    data = HTTPDataSource.getHTTPData(req, res, urlstr, -1);
177:                    xmlResponse.append(data.getAsString());
178:
179:                } catch (DataSourceException e) {
180:                    throw new AuthenticationException(e.getMessage());
181:                } catch (MalformedURLException e) {
182:                    throw new AuthenticationException(e.getMessage());
183:                } catch (IOException e) {
184:                    throw new AuthenticationException(e.getMessage());
185:                } finally {
186:                    if (data != null)
187:                        data.release();
188:                }
189:            }
190:
191:            /** Fetch status code request. 
192:             * @param element element to retrieve status from
193:             * @return <0: error, 0: ok, 0<: ok but warning */
194:            static private int getStatusCode(Element element) {
195:                mLogger.debug("getStatusCode(element)");
196:
197:                int code = 1;
198:                if (element != null) {
199:                    Element eStatus = element.getChild("status");
200:                    String statCode = eStatus.getAttributeValue("code");
201:                    //String statMesg = eStatus.getAttributeValue("msg");
202:                    try {
203:                        code = Integer.parseInt(statCode);
204:                    } catch (NumberFormatException e) {
205:                        mLogger.debug(e.getMessage());
206:                    }
207:                }
208:                return code;
209:            }
210:        }