001: /*
002: * Licensed to the Apache Software Foundation (ASF) under one or more
003: * contributor license agreements. See the NOTICE file distributed with
004: * this work for additional information regarding copyright ownership.
005: * The ASF licenses this file to You under the Apache License, Version 2.0
006: * (the "License"); you may not use this file except in compliance with
007: * the License. You may obtain a copy of the License at
008: *
009: * http://www.apache.org/licenses/LICENSE-2.0
010: *
011: * Unless required by applicable law or agreed to in writing, software
012: * distributed under the License is distributed on an "AS IS" BASIS,
013: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014: * See the License for the specific language governing permissions and
015: * limitations under the License.
016: */
017: package org.apache.jetspeed.demo.servlet;
018:
019: import java.io.IOException;
020: import javax.servlet.ServletException;
021: import javax.servlet.http.HttpServlet;
022: import javax.servlet.http.HttpServletRequest;
023: import javax.servlet.http.HttpServletResponse;
024:
025: /**
026: * SSODemoServlet - looks for username, password in the URL for single
027: * signon to this servlet from a SSO portlet.
028: * Username request parameter: ssouser
029: * Password request parameter: ssopw
030: *
031: * @author <a href="mailto:taylor@apache.org">David Sean Taylor</a>
032: * @version $Id: SSODemoServlet.java 517121 2007-03-12 07:45:49Z ate $
033: */
034: public class SSODemoServlet extends HttpServlet {
035: public final static String DEMO_SSO_PRINCIPAL_PARAM = "sso-principal";
036: public final static String DEMO_SSO_CREDENTIAL_PARAM = "sso-credential";
037: public final static String DEMO_SSO_CREDENTIAL = "secret-password";
038:
039: public final void doGet(HttpServletRequest request,
040: HttpServletResponse response) throws IOException,
041: ServletException {
042: String principal = request
043: .getParameter(DEMO_SSO_PRINCIPAL_PARAM);
044: String credential = request
045: .getParameter(DEMO_SSO_CREDENTIAL_PARAM);
046: String authenticatedPrincipal = "007";
047:
048: /*
049: * this is not working on Tomcat 5.0.30
050: Principal userPrincipal = request.getUserPrincipal();
051: if (userPrincipal == null)
052: {
053: authenticatedPrincipal = "guest";
054: }
055: else
056: {
057: authenticatedPrincipal = userPrincipal.toString();
058: }
059: */
060: if (principal == null) {
061: error403(request, response,
062: "SSO Principal is not valid. Please provide a valid SSO principal.");
063: return;
064: }
065:
066: if (credential == null) {
067: error403(request, response,
068: "SSO Credential is not valid. Please provide a valid SSO credential.");
069: return;
070: }
071: if (!principal.equals(authenticatedPrincipal)) {
072: error403(request, response,
073: "SSO Principal not found on SSO Server. Please provide a valid SSO principal.");
074: return;
075: }
076: if (!credential.equals(DEMO_SSO_CREDENTIAL)) {
077: error403(request, response,
078: "SSO Credential does not match. Please provide a valid SSO credential.");
079: return;
080: }
081:
082: // authenticated
083: response.getWriter().println(
084: "<b>Welcome to the SSO Gateway!</b><br/>");
085: response.getWriter().println(
086: "Remote Principal has been authenticated.<br/>");
087: response.getWriter().println(
088: "Remote User = " + authenticatedPrincipal + "<br/>");
089: }
090:
091: private void error403(HttpServletRequest request,
092: HttpServletResponse response, String message)
093: throws IOException, ServletException {
094: response
095: .getWriter()
096: .println(
097: "<b>HTTP Status 403: Access to SSO Demo Site not permitted.<br/>");
098: response.getWriter().println(message + "<br/>");
099: response
100: .getWriter()
101: .println(
102: "To configure the SSO Principal, switch to Edit Mode.<br/>");
103: return;
104:
105: }
106:
107: public final void doPost(HttpServletRequest req,
108: HttpServletResponse res) throws IOException,
109: ServletException {
110: doGet(req, res);
111: }
112:
113: }
|