teichmann@5861: /* Copyright (C) 2011, 2012, 2013 by Bundesanstalt für Gewässerkunde teichmann@5861: * Software engineering by Intevation GmbH teichmann@5861: * teichmann@5861: * This file is Free Software under the GNU AGPL (>=v3) teichmann@5861: * and comes with ABSOLUTELY NO WARRANTY! Check out the teichmann@5861: * documentation coming with Dive4Elements River for details. teichmann@5861: */ teichmann@5861: teichmann@5835: package org.dive4elements.river.client.server; bjoern@2950: bjoern@2950: import java.io.IOException; bjoern@2950: bjoern@2950: import javax.servlet.ServletException; bjoern@3485: import javax.servlet.ServletContext; bjoern@2950: import javax.servlet.http.HttpServlet; bjoern@2950: import javax.servlet.http.HttpServletRequest; bjoern@2950: import javax.servlet.http.HttpServletResponse; bjoern@2950: import javax.servlet.http.HttpSession; bjoern@2950: bjoern@2950: import org.apache.log4j.Logger; bjoern@2950: teichmann@5835: import org.dive4elements.river.client.server.auth.Authentication; teichmann@5835: import org.dive4elements.river.client.server.auth.AuthenticationException; teichmann@5835: import org.dive4elements.river.client.server.auth.AuthenticationFactory; teichmann@5835: import org.dive4elements.river.client.server.auth.User; teichmann@5835: import org.dive4elements.river.client.server.auth.UserClient; teichmann@5835: import org.dive4elements.river.client.server.features.Features; bjoern@2950: bjoern@2950: public class LoginServlet extends HttpServlet { bjoern@2950: bjoern@2950: private static Logger logger = Logger.getLogger(LoginServlet.class); bjoern@4451: bjoern@4450: private static final String FLYS_PAGE = "FLYS.html"; bjoern@4451: private static final String LOGIN_PAGE = "login.jsp"; bjoern@2950: bjoern@3851: private void redirectFailure(HttpServletResponse resp, String path) bjoern@3851: throws IOException { bjoern@4451: resp.sendRedirect(path + "/" + LOGIN_PAGE); bjoern@2950: } bjoern@2950: bjoern@3851: private void redirectFailure(HttpServletResponse resp, String path, bjoern@3851: Exception e) throws IOException { bjoern@3851: this.redirectFailure(resp, path, e.getMessage()); bjoern@2969: } bjoern@2969: bjoern@3851: private void redirectFailure(HttpServletResponse resp, String path, bjoern@3851: String message) throws IOException { bjoern@4451: resp.sendRedirect(path + "/" + LOGIN_PAGE + "?error=" + message); bjoern@2984: } bjoern@3851: bjoern@3851: private void redirectSuccess(HttpServletResponse resp, String path, bjoern@3851: String uri) throws IOException { bjoern@2950: if (uri == null) { bjoern@4194: String redirecturl = getServletContext().getInitParameter("redirect-url"); bjoern@4450: if (redirecturl == null) { bjoern@4450: redirecturl = FLYS_PAGE; bjoern@4450: } bjoern@4194: uri = "/" + redirecturl; bjoern@2950: } bjoern@2950: resp.sendRedirect(uri); bjoern@2950: } bjoern@2950: bjoern@2950: @Override bjoern@2950: protected void doGet(HttpServletRequest req, HttpServletResponse resp) bjoern@2950: throws ServletException, IOException { bjoern@2950: logger.debug("Processing get request"); bjoern@3851: this.redirectFailure(resp, req.getContextPath()); bjoern@2950: } bjoern@2950: bjoern@2950: @Override bjoern@2950: protected void doPost(HttpServletRequest req, HttpServletResponse resp) sascha@3697: throws ServletException, IOException christian@3696: { bjoern@2950: String encoding = req.getCharacterEncoding(); bjoern@2950: String username = req.getParameter("username"); bjoern@2950: String password = req.getParameter("password"); bjoern@2950: bjoern@2950: logger.debug("Processing post request"); bjoern@2950: bjoern@2950: if (username == null || password == null) { bjoern@2950: logger.debug("No username or password provided"); bjoern@3851: this.redirectFailure(resp, req.getContextPath()); christian@3696: return; bjoern@2950: } sascha@3697: bjoern@2950: try { bjoern@2956: Authentication aresp = this.auth(username, password, encoding); bjoern@2956: if (aresp == null || !aresp.isSuccess()) { christian@3696: logger.debug("Authentication not successful"); bjoern@3851: this.redirectFailure(resp, req.getContextPath()); bjoern@4489: return; bjoern@2950: } bjoern@2984: User user = aresp.getUser(); bjoern@2984: bjoern@2984: String url = getServletContext().getInitParameter("server-url"); bjoern@2984: UserClient client = new UserClient(url); bjoern@2984: if (!client.userExists(user)) { bjoern@3503: logger.debug("Creating db user"); bjoern@2984: if (!client.createUser(user)) { bjoern@3851: this.redirectFailure(resp, req.getContextPath(), bjoern@3851: "Could not create new user"); bjoern@4489: return; bjoern@2984: } bjoern@2984: } bjoern@2984: bjoern@2950: HttpSession session = req.getSession(); bjoern@2950: session.setAttribute("user", user); bjoern@2950: bjoern@2950: String uri = (String)session.getAttribute("requesturi"); bjoern@2950: bjoern@3851: this.redirectSuccess(resp, req.getContextPath(), uri); bjoern@2950: } bjoern@2956: catch(AuthenticationException e) { bjoern@4490: logger.error(e, e); bjoern@3851: this.redirectFailure(resp, req.getContextPath(), e); bjoern@2950: } bjoern@2950: } bjoern@2950: bjoern@2956: private Authentication auth(String username, String password, String encoding) sascha@3697: throws AuthenticationException, IOException christian@3696: { bjoern@3485: ServletContext sc = this.getServletContext(); bjoern@3485: Features features = (Features)sc.getAttribute(Features.CONTEXT_ATTRIBUTE); bjoern@3485: String auth = sc.getInitParameter("authentication"); bjoern@4451: return AuthenticationFactory.getInstance(auth).auth(username, password, bh@5933: encoding, features, sc); bjoern@2950: } bjoern@2950: }