001/* 002 * (C) Copyright 2006-2007 Nuxeo SAS (http://nuxeo.com/) and contributors. 003 * 004 * All rights reserved. This program and the accompanying materials 005 * are made available under the terms of the GNU Lesser General Public License 006 * (LGPL) version 2.1 which accompanies this distribution, and is available at 007 * http://www.gnu.org/licenses/lgpl.html 008 * 009 * This library is distributed in the hope that it will be useful, 010 * but WITHOUT ANY WARRANTY; without even the implied warranty of 011 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 012 * Lesser General Public License for more details. 013 * 014 * Contributors: 015 * Nuxeo - initial API and implementation 016 * 017 * $Id: JOOoConvertPluginImpl.java 18651 2007-05-13 20:28:53Z sfermigier $ 018 */ 019 020package org.nuxeo.ecm.webengine.login; 021 022import java.io.IOException; 023import java.util.Collections; 024import java.util.List; 025import java.util.Map; 026 027import javax.servlet.http.HttpServletRequest; 028import javax.servlet.http.HttpServletResponse; 029 030import org.apache.commons.logging.Log; 031import org.apache.commons.logging.LogFactory; 032import org.nuxeo.ecm.platform.api.login.UserIdentificationInfo; 033import org.nuxeo.ecm.platform.ui.web.auth.interfaces.LoginResponseHandler; 034import org.nuxeo.ecm.platform.ui.web.auth.interfaces.NuxeoAuthenticationPlugin; 035 036public class WebEngineFormAuthenticator implements NuxeoAuthenticationPlugin, LoginResponseHandler { 037 038 private static final Log log = LogFactory.getLog(WebEngineFormAuthenticator.class); 039 040 protected static String usernameKey = "username"; 041 042 protected static String passwordKey = "password"; 043 044 public static final String LOGIN_KEY = "/@@login"; 045 046 public Boolean handleLoginPrompt(HttpServletRequest request, HttpServletResponse response, String baseURL) { 047 return false; // TODO doesn't have a login page ? 048 } 049 050 /** 051 * Gets the path info to be used to redirect after login. 052 */ 053 protected String getLoginPathInfo(HttpServletRequest request) { 054 String path = request.getRequestURI(); 055 if (path != null) { 056 if (path.endsWith(LOGIN_KEY)) { 057 return path.substring(0, path.length() - LOGIN_KEY.length()); 058 } 059 } 060 return null; 061 } 062 063 public static boolean isLoginRequest(HttpServletRequest request) { 064 String path = request.getPathInfo(); 065 if (path != null) { 066 if (path.endsWith(LOGIN_KEY)) { 067 return true; 068 } 069 } 070 return false; 071 } 072 073 public UserIdentificationInfo handleRetrieveIdentity(HttpServletRequest httpRequest, 074 HttpServletResponse httpResponse) { 075 if (!isLoginRequest(httpRequest)) { 076 return null; 077 } 078 String userName = httpRequest.getParameter(usernameKey); 079 String password = httpRequest.getParameter(passwordKey); 080 return new UserIdentificationInfo(userName, password); 081 } 082 083 public Boolean needLoginPrompt(HttpServletRequest httpRequest) { 084 return true; 085 } 086 087 public void initPlugin(Map<String, String> parameters) { 088 if (parameters.get("UsernameKey") != null) { 089 usernameKey = parameters.get("UsernameKey"); 090 } 091 if (parameters.get("PasswordKey") != null) { 092 passwordKey = parameters.get("PasswordKey"); 093 } 094 } 095 096 public List<String> getUnAuthenticatedURLPrefix() { 097 return Collections.emptyList(); 098 } 099 100 public boolean onError(HttpServletRequest request, HttpServletResponse response) { 101 try { 102 String path = getLoginPathInfo(request); 103 if (path == null) { // this should never happens 104 return false; 105 } 106 // ajax request 107 if (request.getParameter("caller") != null) { 108 response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Authentication Failed"); 109 } else { // normal request 110 response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); 111 response.sendRedirect(path + "?failed=true"); 112 } 113 } catch (IOException e) { 114 log.error(e); 115 return false; 116 } 117 return true; 118 } 119 120 public boolean onSuccess(HttpServletRequest request, HttpServletResponse response) { 121 try { 122 String path = getLoginPathInfo(request); 123 if (path == null) { // this should never happens 124 return false; 125 } 126 // ajax request 127 if (request.getParameter("caller") != null) { 128 response.sendError(HttpServletResponse.SC_OK); 129 } else { // normal request 130 response.sendRedirect(path); 131 } 132 } catch (IOException e) { 133 log.error(e); 134 return false; 135 } 136 return true; 137 } 138 139}