001: /**
002: * Copyright (c) 2003-2007, David A. Czarnecki
003: * All rights reserved.
004: *
005: * Redistribution and use in source and binary forms, with or without
006: * modification, are permitted provided that the following conditions are met:
007: *
008: * Redistributions of source code must retain the above copyright notice, this list of conditions and the
009: * following disclaimer.
010: * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the
011: * following disclaimer in the documentation and/or other materials provided with the distribution.
012: * Neither the name of "David A. Czarnecki" and "blojsom" nor the names of its contributors may be used to
013: * endorse or promote products derived from this software without specific prior written permission.
014: * Products derived from this software may not be called "blojsom", nor may "blojsom" appear in their name,
015: * without prior written permission of David A. Czarnecki.
016: *
017: * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
018: * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
019: * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
020: * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
021: * EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE
022: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
023: * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
024: * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
025: * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
026: * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
027: * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
028: * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
029: * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
030: */package org.blojsom.plugin.security;
031:
032: import org.blojsom.blog.Blog;
033: import org.blojsom.blog.Entry;
034: import org.blojsom.plugin.PluginException;
035: import org.blojsom.plugin.admin.BaseAdminPlugin;
036: import org.blojsom.util.BlojsomConstants;
037: import org.blojsom.util.BlojsomUtils;
038:
039: import javax.servlet.http.HttpServletRequest;
040: import javax.servlet.http.HttpServletResponse;
041: import java.io.IOException;
042: import java.util.HashMap;
043: import java.util.Map;
044:
045: /**
046: * This plugin performs authorization after prompting the user in a web form.
047: *
048: * @author Eric Broyles
049: * @author David Czarnecki
050: * @version $Id: FormAuthenticationPlugin.java,v 1.2 2007/01/17 02:35:13 czarneckid Exp $
051: * @since blojsom 3.1
052: */
053: public class FormAuthenticationPlugin extends BaseAdminPlugin {
054:
055: /**
056: * The default initial page to display upon successful login.
057: */
058: private static final String DEFAULT_INITIAL_PAGE = "/html";
059:
060: /**
061: * The page presented to the user for supplying login credentials.
062: */
063: private static final String LOGIN_PAGE = "login";
064:
065: private String initialPage;
066:
067: /**
068: * Default constructor.
069: */
070: public FormAuthenticationPlugin() {
071: }
072:
073: /**
074: * Get the initial page to load on successful authentication. This can be themed.
075: *
076: * @return Initail page to load on successful authentication
077: */
078: public String getInitialPage() {
079: if (initialPage == null) {
080: initialPage = DEFAULT_INITIAL_PAGE;
081: }
082:
083: return initialPage;
084: }
085:
086: /**
087: * Set the initial page to load on successful authentication. This can be themed.
088: *
089: * @param initialPage Initial page to load on successful authentication
090: */
091: public void setInitialPage(String initialPage) {
092: this .initialPage = initialPage;
093: }
094:
095: /**
096: * Initialize the plugin
097: *
098: * @throws PluginException If there is an error on initialization
099: */
100: public void init() throws PluginException {
101: _ignoreParams = new HashMap();
102: _ignoreParams.put("username", "username");
103: _ignoreParams.put("password", "password");
104: _ignoreParams.put("submit", "submit");
105: _ignoreParams.put("reset", "reset");
106: }
107:
108: /**
109: * Process the blog entries
110: *
111: * @param httpServletRequest Request
112: * @param httpServletResponse Response
113: * @param blog {@link Blog} instance
114: * @param context Context
115: * @param entries Blog entries retrieved for the particular request
116: * @return Modified set of blog entries
117: * @throws PluginException If there is an error processing the blog entries
118: */
119: public Entry[] process(HttpServletRequest httpServletRequest,
120: HttpServletResponse httpServletResponse, Blog blog,
121: Map context, Entry entries[]) throws PluginException {
122: if (!authenticateUser(httpServletRequest, httpServletResponse,
123: context, blog)) {
124: httpServletRequest.setAttribute(
125: BlojsomConstants.PAGE_PARAM, LOGIN_PAGE);
126: } else {
127: String page = BlojsomUtils.getRequestValue(
128: BlojsomConstants.PAGE_PARAM, httpServletRequest);
129: if (!BlojsomUtils.checkNullOrBlank(page)) {
130: httpServletRequest.setAttribute(
131: BlojsomConstants.PAGE_PARAM, page);
132: } else {
133: // Don't specify a PAGE_PARAM to dispatch to the default template for the flavor
134: }
135:
136: if (httpServletRequest.getSession().getAttribute(
137: BlojsomConstants.REDIRECT_TO_PARAM) != null) {
138: String redirectURL = (String) httpServletRequest
139: .getSession().getAttribute(
140: BlojsomConstants.REDIRECT_TO_PARAM);
141:
142: try {
143: httpServletRequest.getSession().removeAttribute(
144: BlojsomConstants.REDIRECT_TO_PARAM);
145: httpServletResponse.sendRedirect(redirectURL);
146: } catch (IOException e) {
147: _logger.error(e);
148: }
149: }
150: }
151:
152: return entries;
153: }
154: }
|