1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 package org.apache.jetspeed.login.filter;
18
19 import java.io.IOException;
20 import java.security.Principal;
21 import java.util.HashSet;
22 import java.util.Set;
23
24 import javax.security.auth.Subject;
25 import javax.servlet.Filter;
26 import javax.servlet.FilterChain;
27 import javax.servlet.FilterConfig;
28 import javax.servlet.ServletException;
29 import javax.servlet.ServletRequest;
30 import javax.servlet.ServletResponse;
31 import javax.servlet.http.HttpServletRequest;
32 import javax.servlet.http.HttpSession;
33
34 import org.apache.jetspeed.Jetspeed;
35 import org.apache.jetspeed.PortalReservedParameters;
36 import org.apache.jetspeed.administration.PortalAuthenticationConfiguration;
37 import org.apache.jetspeed.administration.PortalConfiguration;
38 import org.apache.jetspeed.audit.AuditActivity;
39 import org.apache.jetspeed.login.LoginConstants;
40 import org.apache.jetspeed.request.RequestContext;
41 import org.apache.jetspeed.security.SecurityException;
42 import org.apache.jetspeed.security.SecurityHelper;
43 import org.apache.jetspeed.security.User;
44 import org.apache.jetspeed.security.UserManager;
45 import org.apache.jetspeed.security.UserPrincipal;
46 import org.apache.jetspeed.security.impl.PrincipalsSet;
47 import org.apache.jetspeed.security.impl.UserPrincipalImpl;
48 import org.apache.jetspeed.security.impl.UserSubjectPrincipalImpl;
49
50 public class PortalFilter implements Filter
51 {
52 protected String guest = "guest";
53
54 public void init(FilterConfig filterConfig) throws ServletException
55 {
56 PortalConfiguration config = Jetspeed.getConfiguration();
57 if (config != null)
58 guest = config.getString("default.user.principal");
59 }
60
61 public void doFilter(ServletRequest sRequest,
62 ServletResponse sResponse, FilterChain filterChain)
63 throws IOException, ServletException
64 {
65 if (sRequest instanceof HttpServletRequest)
66 {
67 HttpServletRequest request = (HttpServletRequest)sRequest;
68 String username = request.getParameter(LoginConstants.USERNAME);
69 String password = request.getParameter(LoginConstants.PASSWORD);
70 if (username != null)
71 {
72 UserManager userManager = (UserManager)Jetspeed.getComponentManager().getComponent("org.apache.jetspeed.security.UserManager");
73 AuditActivity audit = (AuditActivity)Jetspeed.getComponentManager().getComponent("org.apache.jetspeed.audit.AuditActivity");
74 boolean success = userManager.authenticate(username, password);
75 if (success)
76 {
77 audit.logUserActivity(username, request.getRemoteAddr(), AuditActivity.AUTHENTICATION_SUCCESS, "PortalFilter");
78 PortalAuthenticationConfiguration authenticationConfiguration = (PortalAuthenticationConfiguration)
79 Jetspeed.getComponentManager().getComponent("org.apache.jetspeed.administration.PortalAuthenticationConfiguration");
80 if (authenticationConfiguration.isCreateNewSessionOnLogin())
81 {
82 request.getSession().invalidate();
83 }
84 Subject subject = null;
85 try
86 {
87
88 User user = userManager.getUser(username);
89 if ( user != null )
90 {
91 subject = user.getSubject();
92 }
93 }
94 catch (SecurityException sex)
95 {
96 subject = null;
97 }
98 if (subject == null)
99 {
100 Set principals = new PrincipalsSet();
101 subject = new Subject(true, principals, new HashSet(), new HashSet());
102 UserPrincipal userPrincipal = new UserSubjectPrincipalImpl(username, subject);
103 principals.add(userPrincipal);
104 }
105 Principal principal = SecurityHelper.getPrincipal(subject, UserPrincipal.class);
106 sRequest = wrapperRequest(request, subject, principal);
107 request.getSession().removeAttribute(LoginConstants.ERRORCODE);
108 HttpSession session = request.getSession(true);
109 session.setAttribute(PortalReservedParameters.SESSION_KEY_SUBJECT, subject);
110
111 }
112 else
113 {
114 audit.logUserActivity(username, request.getRemoteAddr(), AuditActivity.AUTHENTICATION_FAILURE, "PortalFilter");
115 request.getSession().setAttribute(LoginConstants.ERRORCODE, LoginConstants.ERROR_INVALID_PASSWORD);
116 }
117 }
118 else
119 {
120
121
122 Subject subject = (Subject)request.getSession().getAttribute(PortalReservedParameters.SESSION_KEY_SUBJECT);
123 if (subject != null)
124 {
125 Principal principal = SecurityHelper.getPrincipal(subject, UserPrincipal.class);
126 if (principal != null && principal.getName().equals(this.guest))
127 {
128 }
129 else
130 {
131 sRequest = wrapperRequest(request, subject, principal);
132 }
133 }
134 }
135
136 sRequest.setAttribute(PortalReservedParameters.PORTAL_FILTER_ATTRIBUTE, "true");
137 }
138
139 if (filterChain != null)
140 {
141 filterChain.doFilter(sRequest, sResponse);
142 }
143 }
144
145 private ServletRequest wrapperRequest(HttpServletRequest request, Subject subject, Principal principal)
146 {
147 PortalRequestWrapper wrapper = new PortalRequestWrapper(request, subject, principal);
148 return wrapper;
149 }
150
151 public void destroy()
152 {
153 }
154 }