001: /*
002: * Licensed to the Apache Software Foundation (ASF) under one or more
003: * contributor license agreements. See the NOTICE file distributed with
004: * this work for additional information regarding copyright ownership.
005: * The ASF licenses this file to You under the Apache License, Version 2.0
006: * (the "License"); you may not use this file except in compliance with
007: * the License. You may obtain a copy of the License at
008: *
009: * http://www.apache.org/licenses/LICENSE-2.0
010: *
011: * Unless required by applicable law or agreed to in writing, software
012: * distributed under the License is distributed on an "AS IS" BASIS,
013: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014: * See the License for the specific language governing permissions and
015: * limitations under the License.
016: */
017: package org.apache.jetspeed.login;
018:
019: import java.io.IOException;
020: import java.util.Iterator;
021: import java.util.List;
022:
023: import javax.servlet.ServletConfig;
024: import javax.servlet.ServletException;
025: import javax.servlet.http.HttpServlet;
026: import javax.servlet.http.HttpServletRequest;
027: import javax.servlet.http.HttpServletResponse;
028: import javax.servlet.http.HttpSession;
029:
030: import org.apache.jetspeed.Jetspeed;
031: import org.apache.jetspeed.PortalReservedParameters;
032: import org.apache.jetspeed.administration.PortalAuthenticationConfiguration;
033: import org.apache.jetspeed.security.activeauthentication.ActiveAuthenticationIdentityProvider;
034: import org.apache.jetspeed.security.activeauthentication.IdentityToken;
035:
036: /**
037: * LoginProxyServlet
038: *
039: * @author <a href="mailto:ate@douma.nu">Ate Douma </a>
040: * @version $Id: LoginProxyServlet.java 584923 2007-10-15 21:14:46Z taylor $
041: */
042: public class LoginProxyServlet extends HttpServlet {
043: private boolean credentialsFromRequest = true;
044:
045: public void init(ServletConfig config) throws ServletException {
046: super .init(config);
047: String s = config.getInitParameter("credentialsFromRequest");
048: if (s != null) {
049: credentialsFromRequest = s.equalsIgnoreCase("true");
050: }
051: }
052:
053: public void doGet(HttpServletRequest request,
054: HttpServletResponse response) throws IOException,
055: ServletException {
056: String parameter;
057: String username;
058: request.setCharacterEncoding("UTF-8");
059:
060: HttpSession session = request.getSession(true);
061:
062: parameter = request.getParameter(LoginConstants.DESTINATION);
063: if (parameter != null)
064: session.setAttribute(LoginConstants.DESTINATION, parameter);
065: else
066: session.removeAttribute(LoginConstants.DESTINATION);
067: if (credentialsFromRequest) {
068: username = request.getParameter(LoginConstants.USERNAME);
069: if (username != null)
070: session.setAttribute(LoginConstants.USERNAME, username);
071: else
072: session.removeAttribute(LoginConstants.USERNAME);
073: parameter = request.getParameter(LoginConstants.PASSWORD);
074: if (parameter != null)
075: session
076: .setAttribute(LoginConstants.PASSWORD,
077: parameter);
078: else
079: session.removeAttribute(LoginConstants.PASSWORD);
080: } else {
081: username = (String) session
082: .getAttribute(LoginConstants.USERNAME);
083: parameter = (String) session
084: .getAttribute(LoginConstants.PASSWORD);
085: }
086:
087: // Globaly override all psml themes
088: if (request
089: .getParameter(PortalReservedParameters.PAGE_THEME_OVERRIDE_ATTRIBUTE) != null) {
090: String decoratorName = request
091: .getParameter(PortalReservedParameters.PAGE_THEME_OVERRIDE_ATTRIBUTE);
092: session
093: .setAttribute(
094: PortalReservedParameters.PAGE_THEME_OVERRIDE_ATTRIBUTE,
095: decoratorName);
096: }
097:
098: PortalAuthenticationConfiguration authenticationConfiguration = (PortalAuthenticationConfiguration) Jetspeed
099: .getComponentManager()
100: .getComponent(
101: "org.apache.jetspeed.administration.PortalAuthenticationConfiguration");
102: if (authenticationConfiguration.isCreateNewSessionOnLogin()) {
103:
104: ActiveAuthenticationIdentityProvider identityProvider = (ActiveAuthenticationIdentityProvider) Jetspeed
105: .getComponentManager()
106: .getComponent(
107: "org.apache.jetspeed.security.activeauthentication.ActiveAuthenticationIdentityProvider");
108: IdentityToken token = identityProvider
109: .createIdentityToken(username);
110: saveState(session, token, identityProvider
111: .getSessionAttributeNames());
112: request.getSession().invalidate();
113: HttpSession newSession = request.getSession(true);
114: restoreState(newSession, token);
115: response.sendRedirect(response.encodeURL(request
116: .getContextPath()
117: + "/login/redirector?token=")
118: + token.getToken());
119:
120: } else {
121: response.sendRedirect(response.encodeURL(request
122: .getContextPath()
123: + "/login/redirector"));
124: }
125: }
126:
127: protected void saveState(HttpSession session, IdentityToken token,
128: List sessionAttributes) {
129: Iterator sessionNames = sessionAttributes.iterator();
130: while (sessionNames.hasNext()) {
131: String name = (String) sessionNames.next();
132: token.setAttribute(name, session.getAttribute(name));
133: }
134: }
135:
136: protected void restoreState(HttpSession session, IdentityToken token) {
137: Iterator names = token.getAttributeNames();
138: while (names.hasNext()) {
139: String name = (String) names.next();
140: Object attribute = token.getAttribute(name);
141: session.setAttribute(name, attribute);
142: }
143: }
144:
145: public final void doPost(HttpServletRequest request,
146: HttpServletResponse response) throws IOException,
147: ServletException {
148: doGet(request, response);
149: }
150:
151: }
|