001: /* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
002: *
003: * Licensed under the Apache License, Version 2.0 (the "License");
004: * you may not use this file except in compliance with the License.
005: * You may obtain a copy of the License at
006: *
007: * http://www.apache.org/licenses/LICENSE-2.0
008: *
009: * Unless required by applicable law or agreed to in writing, software
010: * distributed under the License is distributed on an "AS IS" BASIS,
011: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
012: * See the License for the specific language governing permissions and
013: * limitations under the License.
014: */
015:
016: package org.acegisecurity.ui.webapp;
017:
018: import org.acegisecurity.Authentication;
019: import org.acegisecurity.AuthenticationException;
020:
021: import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
022:
023: import org.acegisecurity.ui.AbstractProcessingFilter;
024:
025: import javax.servlet.FilterConfig;
026: import javax.servlet.ServletException;
027: import javax.servlet.http.HttpServletRequest;
028:
029: /**
030: * Processes an authentication form.
031: * <p>Login forms must present two parameters to this filter: a username and
032: * password. The parameter names to use are contained in the static fields {@link #ACEGI_SECURITY_FORM_USERNAME_KEY}
033: * and {@link #ACEGI_SECURITY_FORM_PASSWORD_KEY}.</p>
034: *
035: * <p><b>Do not use this class directly.</b> Instead configure <code>web.xml</code> to use the {@link
036: * org.acegisecurity.util.FilterToBeanProxy}.</p>
037: *
038: * @author Ben Alex
039: * @author Colin Sampaleanu
040: * @version $Id: AuthenticationProcessingFilter.java 2110 2007-09-14 14:32:19Z luke_t $
041: */
042: public class AuthenticationProcessingFilter extends
043: AbstractProcessingFilter {
044: //~ Static fields/initializers =====================================================================================
045:
046: public static final String ACEGI_SECURITY_FORM_USERNAME_KEY = "j_username";
047: public static final String ACEGI_SECURITY_FORM_PASSWORD_KEY = "j_password";
048: public static final String ACEGI_SECURITY_LAST_USERNAME_KEY = "ACEGI_SECURITY_LAST_USERNAME";
049:
050: //~ Methods ========================================================================================================
051:
052: public Authentication attemptAuthentication(
053: HttpServletRequest request) throws AuthenticationException {
054: String username = obtainUsername(request);
055: String password = obtainPassword(request);
056:
057: if (username == null) {
058: username = "";
059: }
060:
061: if (password == null) {
062: password = "";
063: }
064:
065: username = username.trim();
066:
067: UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(
068: username, password);
069:
070: // Place the last username attempted into HttpSession for views
071: request.getSession().setAttribute(
072: ACEGI_SECURITY_LAST_USERNAME_KEY, username);
073:
074: // Allow subclasses to set the "details" property
075: setDetails(request, authRequest);
076:
077: return this .getAuthenticationManager()
078: .authenticate(authRequest);
079: }
080:
081: /**
082: * This filter by default responds to <code>/j_acegi_security_check</code>.
083: *
084: * @return the default
085: */
086: public String getDefaultFilterProcessesUrl() {
087: return "/j_acegi_security_check";
088: }
089:
090: public void init(FilterConfig filterConfig) throws ServletException {
091: }
092:
093: /**
094: * Enables subclasses to override the composition of the password, such as by including additional values
095: * and a separator.<p>This might be used for example if a postcode/zipcode was required in addition to the
096: * password. A delimiter such as a pipe (|) should be used to separate the password and extended value(s). The
097: * <code>AuthenticationDao</code> will need to generate the expected password in a corresponding manner.</p>
098: *
099: * @param request so that request attributes can be retrieved
100: *
101: * @return the password that will be presented in the <code>Authentication</code> request token to the
102: * <code>AuthenticationManager</code>
103: */
104: protected String obtainPassword(HttpServletRequest request) {
105: return request.getParameter(ACEGI_SECURITY_FORM_PASSWORD_KEY);
106: }
107:
108: /**
109: * Enables subclasses to override the composition of the username, such as by including additional values
110: * and a separator.
111: *
112: * @param request so that request attributes can be retrieved
113: *
114: * @return the username that will be presented in the <code>Authentication</code> request token to the
115: * <code>AuthenticationManager</code>
116: */
117: protected String obtainUsername(HttpServletRequest request) {
118: return request.getParameter(ACEGI_SECURITY_FORM_USERNAME_KEY);
119: }
120:
121: /**
122: * Provided so that subclasses may configure what is put into the authentication request's details
123: * property.
124: *
125: * @param request that an authentication request is being created for
126: * @param authRequest the authentication request object that should have its details set
127: */
128: protected void setDetails(HttpServletRequest request,
129: UsernamePasswordAuthenticationToken authRequest) {
130: authRequest.setDetails(authenticationDetailsSource
131: .buildDetails(request));
132: }
133: }
|