View Javadoc

1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one or more
3    * contributor license agreements.  See the NOTICE file distributed with
4    * this work for additional information regarding copyright ownership.
5    * The ASF licenses this file to You under the Apache License, Version 2.0
6    * (the "License"); you may not use this file except in compliance with
7    * the License.  You may obtain a copy of the License at
8    * 
9    *      http://www.apache.org/licenses/LICENSE-2.0
10   * 
11   * Unless required by applicable law or agreed to in writing, software
12   * distributed under the License is distributed on an "AS IS" BASIS,
13   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14   * See the License for the specific language governing permissions and
15   * limitations under the License.
16   */
17  package org.apache.jetspeed.login.filter;
18  
19  import java.io.IOException;
20  import java.security.Principal;
21  import java.util.HashSet;
22  import java.util.Set;
23  
24  import javax.security.auth.Subject;
25  import javax.servlet.Filter;
26  import javax.servlet.FilterChain;
27  import javax.servlet.FilterConfig;
28  import javax.servlet.ServletException;
29  import javax.servlet.ServletRequest;
30  import javax.servlet.ServletResponse;
31  import javax.servlet.http.HttpServletRequest;
32  import javax.servlet.http.HttpSession;
33  
34  import org.apache.jetspeed.Jetspeed;
35  import org.apache.jetspeed.PortalReservedParameters;
36  import org.apache.jetspeed.administration.PortalAuthenticationConfiguration;
37  import org.apache.jetspeed.administration.PortalConfiguration;
38  import org.apache.jetspeed.audit.AuditActivity;
39  import org.apache.jetspeed.login.LoginConstants;
40  import org.apache.jetspeed.request.RequestContext;
41  import org.apache.jetspeed.security.SecurityException;
42  import org.apache.jetspeed.security.SecurityHelper;
43  import org.apache.jetspeed.security.User;
44  import org.apache.jetspeed.security.UserManager;
45  import org.apache.jetspeed.security.UserPrincipal;
46  import org.apache.jetspeed.security.impl.PrincipalsSet;
47  import org.apache.jetspeed.security.impl.UserPrincipalImpl;
48  import org.apache.jetspeed.security.impl.UserSubjectPrincipalImpl;
49  
50  public class PortalFilter implements Filter
51  {
52      protected String guest = "guest";
53      
54      public void init(FilterConfig filterConfig) throws ServletException
55      {
56          PortalConfiguration config = Jetspeed.getConfiguration();
57          if (config != null)
58              guest = config.getString("default.user.principal");                
59      }
60  
61      public void doFilter(ServletRequest sRequest,
62              ServletResponse sResponse, FilterChain filterChain)
63              throws IOException, ServletException
64      {
65          if (sRequest instanceof HttpServletRequest)
66          {
67              HttpServletRequest request = (HttpServletRequest)sRequest;
68              String username = request.getParameter(LoginConstants.USERNAME);
69              String password = request.getParameter(LoginConstants.PASSWORD);            
70              if (username != null)
71              {
72                  UserManager userManager = (UserManager)Jetspeed.getComponentManager().getComponent("org.apache.jetspeed.security.UserManager");
73                  AuditActivity audit = (AuditActivity)Jetspeed.getComponentManager().getComponent("org.apache.jetspeed.audit.AuditActivity");                
74                  boolean success = userManager.authenticate(username, password);
75                  if (success)
76                  {
77                      audit.logUserActivity(username, request.getRemoteAddr(), AuditActivity.AUTHENTICATION_SUCCESS, "PortalFilter");
78                      PortalAuthenticationConfiguration authenticationConfiguration = (PortalAuthenticationConfiguration)
79                          Jetspeed.getComponentManager().getComponent("org.apache.jetspeed.administration.PortalAuthenticationConfiguration");
80                      if (authenticationConfiguration.isCreateNewSessionOnLogin())
81                      {
82                          request.getSession().invalidate();
83                      }
84                      Subject subject = null;
85                      try
86                      {
87                          // load the user principals (roles, groups, credentials)
88                          User user = userManager.getUser(username);
89                          if ( user != null )
90                          {
91                              subject = user.getSubject();
92                          }
93                      }
94                      catch (SecurityException sex)
95                      {
96                          subject = null;
97                      }       
98                      if (subject == null)
99                      {
100                         Set principals = new PrincipalsSet();
101                         subject = new Subject(true, principals, new HashSet(), new HashSet());
102                         UserPrincipal userPrincipal = new UserSubjectPrincipalImpl(username, subject);
103                         principals.add(userPrincipal);
104                     }
105                     Principal principal = SecurityHelper.getPrincipal(subject, UserPrincipal.class);
106                     sRequest = wrapperRequest(request, subject, principal);
107                     request.getSession().removeAttribute(LoginConstants.ERRORCODE);
108                     HttpSession session = request.getSession(true);
109                     session.setAttribute(PortalReservedParameters.SESSION_KEY_SUBJECT, subject);
110                     //System.out.println("*** login session = " + session);
111                 }
112                 else
113                 {
114                     audit.logUserActivity(username, request.getRemoteAddr(), AuditActivity.AUTHENTICATION_FAILURE, "PortalFilter");                    
115                     request.getSession().setAttribute(LoginConstants.ERRORCODE, LoginConstants.ERROR_INVALID_PASSWORD);                    
116                 }
117             }
118             else
119             {
120                 //HttpSession session = request.getSession();
121                 //System.out.println("*** session = " + session);
122                 Subject subject = (Subject)request.getSession().getAttribute(PortalReservedParameters.SESSION_KEY_SUBJECT);
123                 if (subject != null)
124                 {
125                     Principal principal = SecurityHelper.getPrincipal(subject, UserPrincipal.class);
126                     if (principal != null && principal.getName().equals(this.guest))
127                     {                        
128                     }
129                     else
130                     {
131                         sRequest = wrapperRequest(request, subject, principal);
132                     }
133                 }                
134             }              
135 
136             sRequest.setAttribute(PortalReservedParameters.PORTAL_FILTER_ATTRIBUTE, "true");
137         }
138         
139         if (filterChain != null)
140         {
141             filterChain.doFilter(sRequest, sResponse);
142         }
143     }
144     
145     private ServletRequest wrapperRequest(HttpServletRequest request, Subject subject, Principal principal)
146     {
147         PortalRequestWrapper wrapper = new PortalRequestWrapper(request, subject, principal);
148         return wrapper;
149     }
150 
151     public void destroy()
152     {
153     }
154 }