View Javadoc

1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one or more
3    * contributor license agreements.  See the NOTICE file distributed with
4    * this work for additional information regarding copyright ownership.
5    * The ASF licenses this file to You under the Apache License, Version 2.0
6    * (the "License"); you may not use this file except in compliance with
7    * the License.  You may obtain a copy of the License at
8    * 
9    *      http://www.apache.org/licenses/LICENSE-2.0
10   * 
11   * Unless required by applicable law or agreed to in writing, software
12   * distributed under the License is distributed on an "AS IS" BASIS,
13   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14   * See the License for the specific language governing permissions and
15   * limitations under the License.
16   */
17  package org.apache.jetspeed.demo.servlet;
18  
19  import java.io.IOException;
20  import javax.servlet.ServletException;
21  import javax.servlet.http.HttpServlet;
22  import javax.servlet.http.HttpServletRequest;
23  import javax.servlet.http.HttpServletResponse;
24  
25  
26  /***
27   * SSODemoServlet - looks for username, password in the URL for single
28   * signon to this servlet from a SSO portlet.
29   * Username request parameter: ssouser
30   * Password request parameter: ssopw
31   * 
32   * @author <a href="mailto:taylor@apache.org">David Sean Taylor</a>
33   * @version $Id: SSODemoServlet.java 517121 2007-03-12 07:45:49Z ate $
34   */
35  public class SSODemoServlet extends HttpServlet
36  {
37      public final static String DEMO_SSO_PRINCIPAL_PARAM = "sso-principal";
38      public final static String DEMO_SSO_CREDENTIAL_PARAM = "sso-credential";
39      public final static String DEMO_SSO_CREDENTIAL = "secret-password";
40      
41      public final void doGet(HttpServletRequest request, HttpServletResponse response) 
42          throws IOException, ServletException
43      {
44          String principal = request.getParameter(DEMO_SSO_PRINCIPAL_PARAM);
45          String credential = request.getParameter(DEMO_SSO_CREDENTIAL_PARAM);
46          String authenticatedPrincipal = "007";
47          
48          /*
49           * this is not working on Tomcat 5.0.30
50          Principal userPrincipal = request.getUserPrincipal();
51          if (userPrincipal == null)
52          {
53              authenticatedPrincipal = "guest";    
54          }
55          else
56          {
57              authenticatedPrincipal = userPrincipal.toString();
58          }
59   */       
60          if (principal == null)
61          {
62              error403(request, response, "SSO Principal is not valid. Please provide a valid SSO principal.");
63              return;
64          }
65          
66          if (credential == null)
67          {
68              error403(request, response, "SSO Credential is not valid. Please provide a valid SSO credential.");
69              return;
70          }
71          if (!principal.equals(authenticatedPrincipal))
72          {
73              error403(request, response, "SSO Principal not found on SSO Server. Please provide a valid SSO principal.");
74              return;
75          }
76          if (!credential.equals(DEMO_SSO_CREDENTIAL))
77          {
78              error403(request, response, "SSO Credential does not match. Please provide a valid SSO credential.");
79              return;
80          }
81  
82          // authenticated
83          response.getWriter().println("<b>Welcome to the SSO Gateway!</b><br/>");
84          response.getWriter().println("Remote Principal has been authenticated.<br/>");
85          response.getWriter().println("Remote User  = " + authenticatedPrincipal + "<br/>");
86      }
87  
88      private void error403(HttpServletRequest request, HttpServletResponse response, String message)
89      throws IOException, ServletException
90      {
91          response.getWriter().println("<b>HTTP Status 403: Access to SSO Demo Site not permitted.<br/>");            
92          response.getWriter().println(message + "<br/>");
93          response.getWriter().println("To configure the SSO Principal, switch to Edit Mode.<br/>");
94          return;
95          
96      }
97      
98      public final void doPost(HttpServletRequest req, HttpServletResponse res) throws IOException, ServletException
99      {
100         doGet(req, res);
101     }
102     
103 }