View Javadoc

1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one or more
3    * contributor license agreements.  See the NOTICE file distributed with
4    * this work for additional information regarding copyright ownership.
5    * The ASF licenses this file to You under the Apache License, Version 2.0
6    * (the "License"); you may not use this file except in compliance with
7    * the License.  You may obtain a copy of the License at
8    * 
9    *      http://www.apache.org/licenses/LICENSE-2.0
10   * 
11   * Unless required by applicable law or agreed to in writing, software
12   * distributed under the License is distributed on an "AS IS" BASIS,
13   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14   * See the License for the specific language governing permissions and
15   * limitations under the License.
16   */
17  package org.apache.jetspeed.login;
18  
19  import java.io.IOException;
20  import java.util.Iterator;
21  import java.util.List;
22  
23  import javax.servlet.ServletException;
24  import javax.servlet.http.HttpServlet;
25  import javax.servlet.http.HttpServletRequest;
26  import javax.servlet.http.HttpServletResponse;
27  import javax.servlet.http.HttpSession;
28  
29  import org.apache.jetspeed.Jetspeed;
30  import org.apache.jetspeed.PortalReservedParameters;
31  import org.apache.jetspeed.administration.PortalAuthenticationConfiguration;
32  import org.apache.jetspeed.security.activeauthentication.ActiveAuthenticationIdentityProvider;
33  import org.apache.jetspeed.security.activeauthentication.IdentityToken;
34  
35  /***
36   * LoginProxyServlet
37   * 
38   * @author <a href="mailto:ate@douma.nu">Ate Douma </a>
39   * @version $Id: LoginProxyServlet.java 544402 2007-06-05 06:20:00Z taylor $
40   */
41  public class LoginProxyServlet extends HttpServlet
42  {
43  
44      public void doGet(HttpServletRequest request,
45              HttpServletResponse response) throws IOException, ServletException
46      {
47          String parameter;
48  
49          request.setCharacterEncoding( "UTF-8" );
50                  
51          HttpSession session = request.getSession(true);
52  
53          parameter = request.getParameter(LoginConstants.DESTINATION);
54          if (parameter != null)
55              session.setAttribute(LoginConstants.DESTINATION, parameter);
56          else
57              session.removeAttribute(LoginConstants.DESTINATION);
58          String username = request.getParameter(LoginConstants.USERNAME);
59          if (username != null)
60              session.setAttribute(LoginConstants.USERNAME, username);
61          else
62              session.removeAttribute(LoginConstants.USERNAME);
63          parameter = request.getParameter(LoginConstants.PASSWORD);
64          if (parameter != null)
65              session.setAttribute(LoginConstants.PASSWORD, parameter);
66          else
67              session.removeAttribute(LoginConstants.PASSWORD);
68  
69          // Globaly override all psml themes
70          if (request
71                  .getParameter(PortalReservedParameters.PAGE_THEME_OVERRIDE_ATTRIBUTE) != null)
72          {
73              String decoratorName = request
74                      .getParameter(PortalReservedParameters.PAGE_THEME_OVERRIDE_ATTRIBUTE);
75              session.setAttribute(
76                      PortalReservedParameters.PAGE_THEME_OVERRIDE_ATTRIBUTE,
77                      decoratorName);
78          }
79  
80          PortalAuthenticationConfiguration authenticationConfiguration = (PortalAuthenticationConfiguration)
81          Jetspeed.getComponentManager().getComponent("org.apache.jetspeed.administration.PortalAuthenticationConfiguration");   
82          if (authenticationConfiguration.isCreateNewSessionOnLogin())
83          {
84      
85              ActiveAuthenticationIdentityProvider identityProvider = (ActiveAuthenticationIdentityProvider) 
86                  Jetspeed.getComponentManager().getComponent("org.apache.jetspeed.security.activeauthentication.ActiveAuthenticationIdentityProvider");
87              IdentityToken token = identityProvider.createIdentityToken(username);
88              saveState(session, token, identityProvider.getSessionAttributeNames());
89              request.getSession().invalidate();
90              HttpSession newSession = request.getSession(true);
91              restoreState(newSession, token);
92              response.sendRedirect(response.encodeURL(request.getContextPath()
93                      + "/login/redirector?token=") + token.getToken());
94              
95          }
96          else
97          {
98              response.sendRedirect(response.encodeURL(request.getContextPath()
99                      + "/login/redirector"));
100         }
101     }
102 
103     protected void saveState(HttpSession session, IdentityToken token, List sessionAttributes)
104     {
105         Iterator sessionNames = sessionAttributes.iterator();
106         while (sessionNames.hasNext())
107         {
108             String name = (String)sessionNames.next();
109             token.setAttribute(name, session.getAttribute(name));
110         }
111     }
112 
113     protected void restoreState(HttpSession session, IdentityToken token)
114     {
115         Iterator names = token.getAttributeNames();
116         while (names.hasNext())
117         {
118             String name = (String)names.next();
119             Object attribute = token.getAttribute(name);
120             session.setAttribute(name, attribute);
121         }        
122     }
123     
124     public final void doPost(HttpServletRequest request,
125             HttpServletResponse response) throws IOException, ServletException
126     {
127         doGet(request, response);
128     }
129 
130 }