001/* 002 * (C) Copyright 2006-2007 Nuxeo SA (http://nuxeo.com/) and others. 003 * 004 * Licensed under the Apache License, Version 2.0 (the "License"); 005 * you may not use this file except in compliance with the License. 006 * You may obtain a copy of the License at 007 * 008 * http://www.apache.org/licenses/LICENSE-2.0 009 * 010 * Unless required by applicable law or agreed to in writing, software 011 * distributed under the License is distributed on an "AS IS" BASIS, 012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 013 * See the License for the specific language governing permissions and 014 * limitations under the License. 015 * 016 * Contributors: 017 * Nuxeo - initial API and implementation 018 * 019 * $Id: JOOoConvertPluginImpl.java 18651 2007-05-13 20:28:53Z sfermigier $ 020 */ 021 022package org.nuxeo.ecm.webengine.login; 023 024import java.io.IOException; 025import java.util.Collections; 026import java.util.List; 027import java.util.Map; 028 029import javax.servlet.http.HttpServletRequest; 030import javax.servlet.http.HttpServletResponse; 031 032import org.apache.commons.logging.Log; 033import org.apache.commons.logging.LogFactory; 034import org.nuxeo.ecm.platform.api.login.UserIdentificationInfo; 035import org.nuxeo.ecm.platform.ui.web.auth.interfaces.LoginResponseHandler; 036import org.nuxeo.ecm.platform.ui.web.auth.interfaces.NuxeoAuthenticationPlugin; 037 038public class WebEngineFormAuthenticator implements NuxeoAuthenticationPlugin, LoginResponseHandler { 039 040 private static final Log log = LogFactory.getLog(WebEngineFormAuthenticator.class); 041 042 protected static String usernameKey = "username"; 043 044 protected static String passwordKey = "password"; 045 046 public static final String LOGIN_KEY = "/@@login"; 047 048 @Override 049 public Boolean handleLoginPrompt(HttpServletRequest request, HttpServletResponse response, String baseURL) { 050 return false; // TODO doesn't have a login page ? 051 } 052 053 /** 054 * Gets the path info to be used to redirect after login. 055 */ 056 protected String getLoginPathInfo(HttpServletRequest request) { 057 String path = request.getRequestURI(); 058 if (path != null) { 059 if (path.endsWith(LOGIN_KEY)) { 060 return path.substring(0, path.length() - LOGIN_KEY.length()); 061 } 062 } 063 return null; 064 } 065 066 public static boolean isLoginRequest(HttpServletRequest request) { 067 String path = request.getPathInfo(); 068 if (path != null) { 069 if (path.endsWith(LOGIN_KEY)) { 070 return true; 071 } 072 } 073 return false; 074 } 075 076 @Override 077 public UserIdentificationInfo handleRetrieveIdentity(HttpServletRequest httpRequest, 078 HttpServletResponse httpResponse) { 079 // Only accept POST requests 080 String method = httpRequest.getMethod(); 081 if (!"POST".equals(method)) { 082 log.debug("Request method is " + method + ", only accepting POST"); 083 return null; 084 } 085 if (!isLoginRequest(httpRequest)) { 086 return null; 087 } 088 String userName = httpRequest.getParameter(usernameKey); 089 String password = httpRequest.getParameter(passwordKey); 090 return new UserIdentificationInfo(userName, password); 091 } 092 093 @Override 094 public Boolean needLoginPrompt(HttpServletRequest httpRequest) { 095 return true; 096 } 097 098 @Override 099 public void initPlugin(Map<String, String> parameters) { 100 if (parameters.get("UsernameKey") != null) { 101 usernameKey = parameters.get("UsernameKey"); 102 } 103 if (parameters.get("PasswordKey") != null) { 104 passwordKey = parameters.get("PasswordKey"); 105 } 106 } 107 108 @Override 109 public List<String> getUnAuthenticatedURLPrefix() { 110 return Collections.emptyList(); 111 } 112 113 @Override 114 public boolean onError(HttpServletRequest request, HttpServletResponse response) { 115 try { 116 String path = getLoginPathInfo(request); 117 if (path == null) { // this should never happens 118 return false; 119 } 120 // ajax request 121 if (request.getParameter("caller") != null) { 122 response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Authentication Failed"); 123 } else { // normal request 124 response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); 125 response.sendRedirect(path + "?failed=true"); 126 } 127 } catch (IOException e) { 128 log.error(e); 129 return false; 130 } 131 return true; 132 } 133 134 @Override 135 public boolean onSuccess(HttpServletRequest request, HttpServletResponse response) { 136 try { 137 String path = getLoginPathInfo(request); 138 if (path == null) { // this should never happens 139 return false; 140 } 141 // ajax request 142 if (request.getParameter("caller") != null) { 143 response.sendError(HttpServletResponse.SC_OK); 144 } else { // normal request 145 response.sendRedirect(path); 146 } 147 } catch (IOException e) { 148 log.error(e); 149 return false; 150 } 151 return true; 152 } 153 154}