001/*
002 * (C) Copyright 2006-2007 Nuxeo SA (http://nuxeo.com/) and others.
003 *
004 * Licensed under the Apache License, Version 2.0 (the "License");
005 * you may not use this file except in compliance with the License.
006 * You may obtain a copy of the License at
007 *
008 *     http://www.apache.org/licenses/LICENSE-2.0
009 *
010 * Unless required by applicable law or agreed to in writing, software
011 * distributed under the License is distributed on an "AS IS" BASIS,
012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 * See the License for the specific language governing permissions and
014 * limitations under the License.
015 *
016 * Contributors:
017 *     Nuxeo - initial API and implementation
018 *
019 * $Id: JOOoConvertPluginImpl.java 18651 2007-05-13 20:28:53Z sfermigier $
020 */
021
022package org.nuxeo.ecm.webengine.login;
023
024import java.io.IOException;
025import java.util.Collections;
026import java.util.List;
027import java.util.Map;
028
029import javax.servlet.http.HttpServletRequest;
030import javax.servlet.http.HttpServletResponse;
031
032import org.apache.commons.logging.Log;
033import org.apache.commons.logging.LogFactory;
034import org.nuxeo.ecm.platform.api.login.UserIdentificationInfo;
035import org.nuxeo.ecm.platform.ui.web.auth.interfaces.LoginResponseHandler;
036import org.nuxeo.ecm.platform.ui.web.auth.interfaces.NuxeoAuthenticationPlugin;
037
038public class WebEngineFormAuthenticator implements NuxeoAuthenticationPlugin, LoginResponseHandler {
039
040    private static final Log log = LogFactory.getLog(WebEngineFormAuthenticator.class);
041
042    protected String usernameKey = "username";
043
044    protected String passwordKey = "password";
045
046    public static final String LOGIN_KEY = "/@@login";
047
048    @Override
049    public Boolean handleLoginPrompt(HttpServletRequest request, HttpServletResponse response, String baseURL) {
050        return false; // TODO doesn't have a login page ?
051    }
052
053    /**
054     * Gets the path info to be used to redirect after login.
055     */
056    protected String getLoginPathInfo(HttpServletRequest request) {
057        String path = request.getRequestURI();
058        if (path != null) {
059            if (path.endsWith(LOGIN_KEY)) {
060                return path.substring(0, path.length() - LOGIN_KEY.length());
061            }
062        }
063        return null;
064    }
065
066    public static boolean isLoginRequest(HttpServletRequest request) {
067        String path = request.getPathInfo();
068        if (path != null) {
069            if (path.endsWith(LOGIN_KEY)) {
070                return true;
071            }
072        }
073        return false;
074    }
075
076    @Override
077    public UserIdentificationInfo handleRetrieveIdentity(HttpServletRequest httpRequest,
078            HttpServletResponse httpResponse) {
079        // Only accept POST requests
080        String method = httpRequest.getMethod();
081        if (!"POST".equals(method)) {
082            log.debug("Request method is " + method + ", only accepting POST");
083            return null;
084        }
085        if (!isLoginRequest(httpRequest)) {
086            return null;
087        }
088        String userName = httpRequest.getParameter(usernameKey);
089        String password = httpRequest.getParameter(passwordKey);
090        return new UserIdentificationInfo(userName, password);
091    }
092
093    @Override
094    public Boolean needLoginPrompt(HttpServletRequest httpRequest) {
095        return true;
096    }
097
098    @Override
099    public void initPlugin(Map<String, String> parameters) {
100        if (parameters.get("UsernameKey") != null) {
101            usernameKey = parameters.get("UsernameKey");
102        }
103        if (parameters.get("PasswordKey") != null) {
104            passwordKey = parameters.get("PasswordKey");
105        }
106    }
107
108    @Override
109    public List<String> getUnAuthenticatedURLPrefix() {
110        return Collections.emptyList();
111    }
112
113    @Override
114    public boolean onError(HttpServletRequest request, HttpServletResponse response) {
115        try {
116            String path = getLoginPathInfo(request);
117            if (path == null) { // this should never happens
118                return false;
119            }
120            // ajax request
121            if (request.getParameter("caller") != null) {
122                response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Authentication Failed");
123            } else { // normal request
124                response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
125                response.sendRedirect(path + "?failed=true");
126            }
127        } catch (IOException e) {
128            log.error(e);
129            return false;
130        }
131        return true;
132    }
133
134    @Override
135    public boolean onSuccess(HttpServletRequest request, HttpServletResponse response) {
136        try {
137            String path = getLoginPathInfo(request);
138            if (path == null) { // this should never happens
139                return false;
140            }
141            // ajax request
142            if (request.getParameter("caller") != null) {
143                response.sendError(HttpServletResponse.SC_OK);
144            } else { // normal request
145                response.sendRedirect(path);
146            }
147        } catch (IOException e) {
148            log.error(e);
149            return false;
150        }
151        return true;
152    }
153
154}