Mercurial > dive4elements > river

view gwt-client/src/main/java/org/dive4elements/river/client/server/LoginServlet.java @ 5948:d7b9b3e3c61a

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Make instantiation of saml.User easier. Most of the parameters of the constructor can be taken from the Assertion object, so there's no reason to pass them separately. Also, trying to check the validity dates isn't useful for the single sign on case. See comments in the hasExpired method.
author Bernhard Herzog <bh@intevation.de>
date Wed, 08 May 2013 17:56:14 +0200
parents 1b939742629e
children 24dc13ac8e6c
line wrap: on
line source
/* Copyright (C) 2011, 2012, 2013 by Bundesanstalt für Gewässerkunde
 * Software engineering by Intevation GmbH
 *
 * This file is Free Software under the GNU AGPL (>=v3) 
 * and comes with ABSOLUTELY NO WARRANTY! Check out the
 * documentation coming with Dive4Elements River for details. 
 */

package org.dive4elements.river.client.server;

import java.io.IOException;

import javax.servlet.ServletException;
import javax.servlet.ServletContext;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import org.apache.log4j.Logger;

import org.dive4elements.river.client.server.auth.Authentication;
import org.dive4elements.river.client.server.auth.AuthenticationException;
import org.dive4elements.river.client.server.auth.AuthenticationFactory;
import org.dive4elements.river.client.server.auth.User;
import org.dive4elements.river.client.server.auth.UserClient;
import org.dive4elements.river.client.server.features.Features;

public class LoginServlet extends HttpServlet {

    private static Logger logger = Logger.getLogger(LoginServlet.class);

    private static final String FLYS_PAGE = "FLYS.html";
    private static final String LOGIN_PAGE = "login.jsp";

    private void redirectFailure(HttpServletResponse resp, String path)
        throws IOException {
        resp.sendRedirect(path + "/" + LOGIN_PAGE);
    }

    private void redirectFailure(HttpServletResponse resp, String path,
            Exception e) throws IOException {
        this.redirectFailure(resp, path, e.getMessage());
    }

    private void redirectFailure(HttpServletResponse resp, String path,
            String message) throws IOException {
        resp.sendRedirect(path + "/" + LOGIN_PAGE + "?error=" + message);
    }

    private void redirectSuccess(HttpServletResponse resp, String path,
            String uri) throws IOException {
        if (uri == null) {
            String redirecturl = getServletContext().getInitParameter("redirect-url");
            if (redirecturl == null) {
                redirecturl = FLYS_PAGE;
            }
            uri = "/" + redirecturl;
        }
        resp.sendRedirect(uri);
    }

    @Override
    protected void doGet(HttpServletRequest req, HttpServletResponse resp)
    throws ServletException, IOException {
        logger.debug("Processing get request");
        this.redirectFailure(resp, req.getContextPath());
    }

    @Override
    protected void doPost(HttpServletRequest req, HttpServletResponse resp)
    throws ServletException, IOException
    {
        String encoding = req.getCharacterEncoding();
        String username = req.getParameter("username");
        String password = req.getParameter("password");

        logger.debug("Processing post request");

        if (username == null || password == null) {
            logger.debug("No username or password provided");
            this.redirectFailure(resp, req.getContextPath());
            return;
        }

        try {
            Authentication aresp = this.auth(username, password, encoding);
            if (aresp == null || !aresp.isSuccess()) {
                logger.debug("Authentication not successful");
                this.redirectFailure(resp, req.getContextPath());
                return;
            }
            User user = aresp.getUser();

            String url = getServletContext().getInitParameter("server-url");
            UserClient client = new UserClient(url);
            if (!client.userExists(user)) {
                logger.debug("Creating db user");
                if (!client.createUser(user)) {
                    this.redirectFailure(resp, req.getContextPath(),
                            "Could not create new user");
                    return;
                }
            }

            HttpSession session = req.getSession();
            session.setAttribute("user", user);

            String uri = (String)session.getAttribute("requesturi");

            this.redirectSuccess(resp, req.getContextPath(), uri);
        }
        catch(AuthenticationException e) {
            logger.error(e, e);
            this.redirectFailure(resp, req.getContextPath(), e);
        }
    }

    private Authentication auth(String username, String password, String encoding)
        throws AuthenticationException, IOException
    {
        ServletContext sc = this.getServletContext();
        Features features = (Features)sc.getAttribute(Features.CONTEXT_ATTRIBUTE);
        String auth = sc.getInitParameter("authentication");
        return AuthenticationFactory.getInstance(auth).auth(username, password,
                encoding, features, sc);
    }
}
http://dive4elements.wald.intevation.org