001/* 002 * (C) Copyright 2006-2007 Nuxeo SAS (http://nuxeo.com/) and contributors. 003 * 004 * All rights reserved. This program and the accompanying materials 005 * are made available under the terms of the GNU Lesser General Public License 006 * (LGPL) version 2.1 which accompanies this distribution, and is available at 007 * http://www.gnu.org/licenses/lgpl.html 008 * 009 * This library is distributed in the hope that it will be useful, 010 * but WITHOUT ANY WARRANTY; without even the implied warranty of 011 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 012 * Lesser General Public License for more details. 013 * 014 * Contributors: 015 * Nuxeo - initial API and implementation 016 * 017 * $Id: JOOoConvertPluginImpl.java 18651 2007-05-13 20:28:53Z sfermigier $ 018 */ 019 020package org.nuxeo.ecm.platform.ui.web.auth.plugins; 021 022import static org.nuxeo.ecm.platform.ui.web.auth.NXAuthConstants.ERROR_CONNECTION_FAILED; 023import static org.nuxeo.ecm.platform.ui.web.auth.NXAuthConstants.ERROR_USERNAME_MISSING; 024import static org.nuxeo.ecm.platform.ui.web.auth.NXAuthConstants.FORM_SUBMITTED_MARKER; 025import static org.nuxeo.ecm.platform.ui.web.auth.NXAuthConstants.LOGIN_CONNECTION_FAILED; 026import static org.nuxeo.ecm.platform.ui.web.auth.NXAuthConstants.LOGIN_ERROR; 027import static org.nuxeo.ecm.platform.ui.web.auth.NXAuthConstants.LOGIN_FAILED; 028import static org.nuxeo.ecm.platform.ui.web.auth.NXAuthConstants.LOGIN_MISSING; 029import static org.nuxeo.ecm.platform.ui.web.auth.NXAuthConstants.PASSWORD_KEY; 030import static org.nuxeo.ecm.platform.ui.web.auth.NXAuthConstants.REQUESTED_URL; 031import static org.nuxeo.ecm.platform.ui.web.auth.NXAuthConstants.SESSION_TIMEOUT; 032import static org.nuxeo.ecm.platform.ui.web.auth.NXAuthConstants.START_PAGE_SAVE_KEY; 033import static org.nuxeo.ecm.platform.ui.web.auth.NXAuthConstants.USERNAME_KEY; 034 035import java.io.IOException; 036import java.util.ArrayList; 037import java.util.Enumeration; 038import java.util.HashMap; 039import java.util.List; 040import java.util.Map; 041 042import javax.servlet.http.HttpServletRequest; 043import javax.servlet.http.HttpServletResponse; 044import javax.servlet.http.HttpSession; 045 046import org.apache.commons.logging.Log; 047import org.apache.commons.logging.LogFactory; 048import org.nuxeo.common.utils.URIUtils; 049import org.nuxeo.ecm.platform.api.login.UserIdentificationInfo; 050import org.nuxeo.ecm.platform.ui.web.auth.interfaces.NuxeoAuthenticationPlugin; 051 052public class FormAuthenticator implements NuxeoAuthenticationPlugin { 053 054 private static final Log log = LogFactory.getLog(FormAuthenticator.class); 055 056 protected String loginPage = "login.jsp"; 057 058 protected String usernameKey = USERNAME_KEY; 059 060 protected String passwordKey = PASSWORD_KEY; 061 062 protected String getLoginPage() { 063 return loginPage; 064 } 065 066 public Boolean handleLoginPrompt(HttpServletRequest httpRequest, HttpServletResponse httpResponse, String baseURL) { 067 try { 068 log.debug("Forward to Login Screen"); 069 Map<String, String> parameters = new HashMap<String, String>(); 070 String redirectUrl = baseURL + getLoginPage(); 071 @SuppressWarnings("unchecked") 072 Enumeration<String> paramNames = httpRequest.getParameterNames(); 073 while (paramNames.hasMoreElements()) { 074 String name = paramNames.nextElement(); 075 String value = httpRequest.getParameter(name); 076 parameters.put(name, value); 077 } 078 HttpSession session = httpRequest.getSession(false); 079 String requestedUrl = null; 080 boolean isTimeout = false; 081 if (session != null) { 082 requestedUrl = (String) session.getAttribute(START_PAGE_SAVE_KEY); 083 Object obj = session.getAttribute(SESSION_TIMEOUT); 084 if (obj != null) { 085 isTimeout = (Boolean) obj; 086 } 087 } 088 if (requestedUrl != null && !requestedUrl.equals("")) { 089 parameters.put(REQUESTED_URL, requestedUrl); 090 } 091 String loginError = (String) httpRequest.getAttribute(LOGIN_ERROR); 092 if (loginError != null) { 093 if (ERROR_USERNAME_MISSING.equals(loginError)) { 094 parameters.put(LOGIN_MISSING, "true"); 095 } else if (ERROR_CONNECTION_FAILED.equals(loginError)) { 096 parameters.put(LOGIN_CONNECTION_FAILED, "true"); 097 parameters.put(LOGIN_FAILED, "true"); // compat 098 } else { 099 parameters.put(LOGIN_FAILED, "true"); 100 } 101 } 102 if (isTimeout) { 103 parameters.put(SESSION_TIMEOUT, "true"); 104 } 105 106 // avoid resending the password in clear !!! 107 parameters.remove(passwordKey); 108 redirectUrl = URIUtils.addParametersToURIQuery(redirectUrl, parameters); 109 httpResponse.sendRedirect(redirectUrl); 110 } catch (IOException e) { 111 log.error(e, e); 112 return Boolean.FALSE; 113 } 114 return Boolean.TRUE; 115 } 116 117 public UserIdentificationInfo handleRetrieveIdentity(HttpServletRequest httpRequest, 118 HttpServletResponse httpResponse) { 119 log.debug("Looking for user/password in the request"); 120 String userName = httpRequest.getParameter(usernameKey); 121 String password = httpRequest.getParameter(passwordKey); 122 // NXP-2650: ugly hack to check if form was submitted 123 if (httpRequest.getParameter(FORM_SUBMITTED_MARKER) != null && (userName == null || userName.length() == 0)) { 124 httpRequest.setAttribute(LOGIN_ERROR, ERROR_USERNAME_MISSING); 125 } 126 if (userName == null || userName.length() == 0) { 127 return null; 128 } 129 return new UserIdentificationInfo(userName, password); 130 } 131 132 public Boolean needLoginPrompt(HttpServletRequest httpRequest) { 133 return Boolean.TRUE; 134 } 135 136 public void initPlugin(Map<String, String> parameters) { 137 if (parameters.get("LoginPage") != null) { 138 loginPage = parameters.get("LoginPage"); 139 } 140 if (parameters.get("UsernameKey") != null) { 141 usernameKey = parameters.get("UsernameKey"); 142 } 143 if (parameters.get("PasswordKey") != null) { 144 passwordKey = parameters.get("PasswordKey"); 145 } 146 } 147 148 public List<String> getUnAuthenticatedURLPrefix() { 149 // Login Page is unauthenticated ! 150 List<String> prefix = new ArrayList<String>(); 151 prefix.add(getLoginPage()); 152 return prefix; 153 } 154 155}