Source code

001/*
002 * (C) Copyright 2006-2007 Nuxeo SAS (http://nuxeo.com/) and contributors.
003 *
004 * All rights reserved. This program and the accompanying materials
005 * are made available under the terms of the GNU Lesser General Public License
006 * (LGPL) version 2.1 which accompanies this distribution, and is available at
007 * http://www.gnu.org/licenses/lgpl.html
008 *
009 * This library is distributed in the hope that it will be useful,
010 * but WITHOUT ANY WARRANTY; without even the implied warranty of
011 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
012 * Lesser General Public License for more details.
013 *
014 * Contributors:
015 *     Nuxeo - initial API and implementation
016 *
017 * $Id: JOOoConvertPluginImpl.java 18651 2007-05-13 20:28:53Z sfermigier $
018 */
019
020package org.nuxeo.ecm.platform.ui.web.auth.plugins;
021
022import static org.nuxeo.ecm.platform.ui.web.auth.NXAuthConstants.ERROR_CONNECTION_FAILED;
023import static org.nuxeo.ecm.platform.ui.web.auth.NXAuthConstants.ERROR_USERNAME_MISSING;
024import static org.nuxeo.ecm.platform.ui.web.auth.NXAuthConstants.FORM_SUBMITTED_MARKER;
025import static org.nuxeo.ecm.platform.ui.web.auth.NXAuthConstants.LOGIN_CONNECTION_FAILED;
026import static org.nuxeo.ecm.platform.ui.web.auth.NXAuthConstants.LOGIN_ERROR;
027import static org.nuxeo.ecm.platform.ui.web.auth.NXAuthConstants.LOGIN_FAILED;
028import static org.nuxeo.ecm.platform.ui.web.auth.NXAuthConstants.LOGIN_MISSING;
029import static org.nuxeo.ecm.platform.ui.web.auth.NXAuthConstants.PASSWORD_KEY;
030import static org.nuxeo.ecm.platform.ui.web.auth.NXAuthConstants.REQUESTED_URL;
031import static org.nuxeo.ecm.platform.ui.web.auth.NXAuthConstants.SESSION_TIMEOUT;
032import static org.nuxeo.ecm.platform.ui.web.auth.NXAuthConstants.START_PAGE_SAVE_KEY;
033import static org.nuxeo.ecm.platform.ui.web.auth.NXAuthConstants.USERNAME_KEY;
034
035import java.io.IOException;
036import java.util.ArrayList;
037import java.util.Enumeration;
038import java.util.HashMap;
039import java.util.List;
040import java.util.Map;
041
042import javax.servlet.http.HttpServletRequest;
043import javax.servlet.http.HttpServletResponse;
044import javax.servlet.http.HttpSession;
045
046import org.apache.commons.logging.Log;
047import org.apache.commons.logging.LogFactory;
048import org.nuxeo.common.utils.URIUtils;
049import org.nuxeo.ecm.platform.api.login.UserIdentificationInfo;
050import org.nuxeo.ecm.platform.ui.web.auth.interfaces.NuxeoAuthenticationPlugin;
051
052public class FormAuthenticator implements NuxeoAuthenticationPlugin {
053
054    private static final Log log = LogFactory.getLog(FormAuthenticator.class);
055
056    protected String loginPage = "login.jsp";
057
058    protected String usernameKey = USERNAME_KEY;
059
060    protected String passwordKey = PASSWORD_KEY;
061
062    protected String getLoginPage() {
063        return loginPage;
064    }
065
066    public Boolean handleLoginPrompt(HttpServletRequest httpRequest, HttpServletResponse httpResponse, String baseURL) {
067        try {
068            log.debug("Forward to Login Screen");
069            Map<String, String> parameters = new HashMap<String, String>();
070            String redirectUrl = baseURL + getLoginPage();
071            @SuppressWarnings("unchecked")
072            Enumeration<String> paramNames = httpRequest.getParameterNames();
073            while (paramNames.hasMoreElements()) {
074                String name = paramNames.nextElement();
075                String value = httpRequest.getParameter(name);
076                parameters.put(name, value);
077            }
078            HttpSession session = httpRequest.getSession(false);
079            String requestedUrl = null;
080            boolean isTimeout = false;
081            if (session != null) {
082                requestedUrl = (String) session.getAttribute(START_PAGE_SAVE_KEY);
083                Object obj = session.getAttribute(SESSION_TIMEOUT);
084                if (obj != null) {
085                    isTimeout = (Boolean) obj;
086                }
087            }
088            if (requestedUrl != null && !requestedUrl.equals("")) {
089                parameters.put(REQUESTED_URL, requestedUrl);
090            }
091            String loginError = (String) httpRequest.getAttribute(LOGIN_ERROR);
092            if (loginError != null) {
093                if (ERROR_USERNAME_MISSING.equals(loginError)) {
094                    parameters.put(LOGIN_MISSING, "true");
095                } else if (ERROR_CONNECTION_FAILED.equals(loginError)) {
096                    parameters.put(LOGIN_CONNECTION_FAILED, "true");
097                    parameters.put(LOGIN_FAILED, "true"); // compat
098                } else {
099                    parameters.put(LOGIN_FAILED, "true");
100                }
101            }
102            if (isTimeout) {
103                parameters.put(SESSION_TIMEOUT, "true");
104            }
105
106            // avoid resending the password in clear !!!
107            parameters.remove(passwordKey);
108            redirectUrl = URIUtils.addParametersToURIQuery(redirectUrl, parameters);
109            httpResponse.sendRedirect(redirectUrl);
110        } catch (IOException e) {
111            log.error(e, e);
112            return Boolean.FALSE;
113        }
114        return Boolean.TRUE;
115    }
116
117    public UserIdentificationInfo handleRetrieveIdentity(HttpServletRequest httpRequest,
118            HttpServletResponse httpResponse) {
119        log.debug("Looking for user/password in the request");
120        String userName = httpRequest.getParameter(usernameKey);
121        String password = httpRequest.getParameter(passwordKey);
122        // NXP-2650: ugly hack to check if form was submitted
123        if (httpRequest.getParameter(FORM_SUBMITTED_MARKER) != null && (userName == null || userName.length() == 0)) {
124            httpRequest.setAttribute(LOGIN_ERROR, ERROR_USERNAME_MISSING);
125        }
126        if (userName == null || userName.length() == 0) {
127            return null;
128        }
129        return new UserIdentificationInfo(userName, password);
130    }
131
132    public Boolean needLoginPrompt(HttpServletRequest httpRequest) {
133        return Boolean.TRUE;
134    }
135
136    public void initPlugin(Map<String, String> parameters) {
137        if (parameters.get("LoginPage") != null) {
138            loginPage = parameters.get("LoginPage");
139        }
140        if (parameters.get("UsernameKey") != null) {
141            usernameKey = parameters.get("UsernameKey");
142        }
143        if (parameters.get("PasswordKey") != null) {
144            passwordKey = parameters.get("PasswordKey");
145        }
146    }
147
148    public List<String> getUnAuthenticatedURLPrefix() {
149        // Login Page is unauthenticated !
150        List<String> prefix = new ArrayList<String>();
151        prefix.add(getLoginPage());
152        return prefix;
153    }
154
155}