Source code

001/*
002 * (C) Copyright 2006-2007 Nuxeo SA (http://nuxeo.com/) and others.
003 *
004 * Licensed under the Apache License, Version 2.0 (the "License");
005 * you may not use this file except in compliance with the License.
006 * You may obtain a copy of the License at
007 *
008 *     http://www.apache.org/licenses/LICENSE-2.0
009 *
010 * Unless required by applicable law or agreed to in writing, software
011 * distributed under the License is distributed on an "AS IS" BASIS,
012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 * See the License for the specific language governing permissions and
014 * limitations under the License.
015 *
016 * Contributors:
017 *     Nuxeo - initial API and implementation
018 *
019 * $Id: JOOoConvertPluginImpl.java 18651 2007-05-13 20:28:53Z sfermigier $
020 */
021
022package org.nuxeo.ecm.platform.ui.web.auth.plugins;
023
024import static org.nuxeo.ecm.platform.ui.web.auth.NXAuthConstants.ERROR_CONNECTION_FAILED;
025import static org.nuxeo.ecm.platform.ui.web.auth.NXAuthConstants.ERROR_USERNAME_MISSING;
026import static org.nuxeo.ecm.platform.ui.web.auth.NXAuthConstants.FORM_SUBMITTED_MARKER;
027import static org.nuxeo.ecm.platform.ui.web.auth.NXAuthConstants.LOGIN_CONNECTION_FAILED;
028import static org.nuxeo.ecm.platform.ui.web.auth.NXAuthConstants.LOGIN_ERROR;
029import static org.nuxeo.ecm.platform.ui.web.auth.NXAuthConstants.LOGIN_FAILED;
030import static org.nuxeo.ecm.platform.ui.web.auth.NXAuthConstants.LOGIN_MISSING;
031import static org.nuxeo.ecm.platform.ui.web.auth.NXAuthConstants.PASSWORD_KEY;
032import static org.nuxeo.ecm.platform.ui.web.auth.NXAuthConstants.REQUESTED_URL;
033import static org.nuxeo.ecm.platform.ui.web.auth.NXAuthConstants.SESSION_TIMEOUT;
034import static org.nuxeo.ecm.platform.ui.web.auth.NXAuthConstants.START_PAGE_SAVE_KEY;
035import static org.nuxeo.ecm.platform.ui.web.auth.NXAuthConstants.USERNAME_KEY;
036
037import java.io.IOException;
038import java.util.ArrayList;
039import java.util.Enumeration;
040import java.util.HashMap;
041import java.util.List;
042import java.util.Map;
043
044import javax.servlet.http.HttpServletRequest;
045import javax.servlet.http.HttpServletResponse;
046import javax.servlet.http.HttpSession;
047
048import org.apache.commons.logging.Log;
049import org.apache.commons.logging.LogFactory;
050import org.nuxeo.common.utils.URIUtils;
051import org.nuxeo.ecm.platform.api.login.UserIdentificationInfo;
052import org.nuxeo.ecm.platform.ui.web.auth.interfaces.NuxeoAuthenticationPlugin;
053
054public class FormAuthenticator implements NuxeoAuthenticationPlugin {
055
056    private static final Log log = LogFactory.getLog(FormAuthenticator.class);
057
058    protected String loginPage = "login.jsp";
059
060    protected String usernameKey = USERNAME_KEY;
061
062    protected String passwordKey = PASSWORD_KEY;
063
064    protected String getLoginPage() {
065        return loginPage;
066    }
067
068    public Boolean handleLoginPrompt(HttpServletRequest httpRequest, HttpServletResponse httpResponse, String baseURL) {
069        try {
070            log.debug("Forward to Login Screen");
071            Map<String, String> parameters = new HashMap<String, String>();
072            String redirectUrl = baseURL + getLoginPage();
073            @SuppressWarnings("unchecked")
074            Enumeration<String> paramNames = httpRequest.getParameterNames();
075            while (paramNames.hasMoreElements()) {
076                String name = paramNames.nextElement();
077                String value = httpRequest.getParameter(name);
078                parameters.put(name, value);
079            }
080            HttpSession session = httpRequest.getSession(false);
081            String requestedUrl = null;
082            boolean isTimeout = false;
083            if (session != null) {
084                requestedUrl = (String) session.getAttribute(START_PAGE_SAVE_KEY);
085                Object obj = session.getAttribute(SESSION_TIMEOUT);
086                if (obj != null) {
087                    isTimeout = (Boolean) obj;
088                }
089            }
090            if (requestedUrl != null && !requestedUrl.equals("")) {
091                parameters.put(REQUESTED_URL, requestedUrl);
092            }
093            String loginError = (String) httpRequest.getAttribute(LOGIN_ERROR);
094            if (loginError != null) {
095                if (ERROR_USERNAME_MISSING.equals(loginError)) {
096                    parameters.put(LOGIN_MISSING, "true");
097                } else if (ERROR_CONNECTION_FAILED.equals(loginError)) {
098                    parameters.put(LOGIN_CONNECTION_FAILED, "true");
099                    parameters.put(LOGIN_FAILED, "true"); // compat
100                } else {
101                    parameters.put(LOGIN_FAILED, "true");
102                }
103            }
104            if (isTimeout) {
105                parameters.put(SESSION_TIMEOUT, "true");
106            }
107
108            // avoid resending the password in clear !!!
109            parameters.remove(passwordKey);
110            redirectUrl = URIUtils.addParametersToURIQuery(redirectUrl, parameters);
111            httpResponse.sendRedirect(redirectUrl);
112        } catch (IOException e) {
113            log.error(e, e);
114            return Boolean.FALSE;
115        }
116        return Boolean.TRUE;
117    }
118
119    public UserIdentificationInfo handleRetrieveIdentity(HttpServletRequest httpRequest,
120            HttpServletResponse httpResponse) {
121        log.debug("Looking for user/password in the request");
122        String userName = httpRequest.getParameter(usernameKey);
123        String password = httpRequest.getParameter(passwordKey);
124        // NXP-2650: ugly hack to check if form was submitted
125        if (httpRequest.getParameter(FORM_SUBMITTED_MARKER) != null && (userName == null || userName.length() == 0)) {
126            httpRequest.setAttribute(LOGIN_ERROR, ERROR_USERNAME_MISSING);
127        }
128        if (userName == null || userName.length() == 0) {
129            return null;
130        }
131        return new UserIdentificationInfo(userName, password);
132    }
133
134    public Boolean needLoginPrompt(HttpServletRequest httpRequest) {
135        return Boolean.TRUE;
136    }
137
138    public void initPlugin(Map<String, String> parameters) {
139        if (parameters.get("LoginPage") != null) {
140            loginPage = parameters.get("LoginPage");
141        }
142        if (parameters.get("UsernameKey") != null) {
143            usernameKey = parameters.get("UsernameKey");
144        }
145        if (parameters.get("PasswordKey") != null) {
146            passwordKey = parameters.get("PasswordKey");
147        }
148    }
149
150    public List<String> getUnAuthenticatedURLPrefix() {
151        // Login Page is unauthenticated !
152        List<String> prefix = new ArrayList<String>();
153        prefix.add(getLoginPage());
154        return prefix;
155    }
156
157}