001/* 002 * (C) Copyright 2006-2007 Nuxeo SA (http://nuxeo.com/) and others. 003 * 004 * Licensed under the Apache License, Version 2.0 (the "License"); 005 * you may not use this file except in compliance with the License. 006 * You may obtain a copy of the License at 007 * 008 * http://www.apache.org/licenses/LICENSE-2.0 009 * 010 * Unless required by applicable law or agreed to in writing, software 011 * distributed under the License is distributed on an "AS IS" BASIS, 012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 013 * See the License for the specific language governing permissions and 014 * limitations under the License. 015 * 016 * Contributors: 017 * Nuxeo - initial API and implementation 018 * 019 * $Id: JOOoConvertPluginImpl.java 18651 2007-05-13 20:28:53Z sfermigier $ 020 */ 021 022package org.nuxeo.ecm.webengine.login; 023 024import java.io.IOException; 025import java.util.Collections; 026import java.util.List; 027import java.util.Map; 028 029import javax.servlet.http.HttpServletRequest; 030import javax.servlet.http.HttpServletResponse; 031 032import org.apache.commons.logging.Log; 033import org.apache.commons.logging.LogFactory; 034import org.nuxeo.ecm.platform.api.login.UserIdentificationInfo; 035import org.nuxeo.ecm.platform.ui.web.auth.interfaces.LoginResponseHandler; 036import org.nuxeo.ecm.platform.ui.web.auth.interfaces.NuxeoAuthenticationPlugin; 037 038public class WebEngineFormAuthenticator implements NuxeoAuthenticationPlugin, LoginResponseHandler { 039 040 private static final Log log = LogFactory.getLog(WebEngineFormAuthenticator.class); 041 042 protected static String usernameKey = "username"; 043 044 protected static String passwordKey = "password"; 045 046 public static final String LOGIN_KEY = "/@@login"; 047 048 public Boolean handleLoginPrompt(HttpServletRequest request, HttpServletResponse response, String baseURL) { 049 return false; // TODO doesn't have a login page ? 050 } 051 052 /** 053 * Gets the path info to be used to redirect after login. 054 */ 055 protected String getLoginPathInfo(HttpServletRequest request) { 056 String path = request.getRequestURI(); 057 if (path != null) { 058 if (path.endsWith(LOGIN_KEY)) { 059 return path.substring(0, path.length() - LOGIN_KEY.length()); 060 } 061 } 062 return null; 063 } 064 065 public static boolean isLoginRequest(HttpServletRequest request) { 066 String path = request.getPathInfo(); 067 if (path != null) { 068 if (path.endsWith(LOGIN_KEY)) { 069 return true; 070 } 071 } 072 return false; 073 } 074 075 public UserIdentificationInfo handleRetrieveIdentity(HttpServletRequest httpRequest, 076 HttpServletResponse httpResponse) { 077 if (!isLoginRequest(httpRequest)) { 078 return null; 079 } 080 String userName = httpRequest.getParameter(usernameKey); 081 String password = httpRequest.getParameter(passwordKey); 082 return new UserIdentificationInfo(userName, password); 083 } 084 085 public Boolean needLoginPrompt(HttpServletRequest httpRequest) { 086 return true; 087 } 088 089 public void initPlugin(Map<String, String> parameters) { 090 if (parameters.get("UsernameKey") != null) { 091 usernameKey = parameters.get("UsernameKey"); 092 } 093 if (parameters.get("PasswordKey") != null) { 094 passwordKey = parameters.get("PasswordKey"); 095 } 096 } 097 098 public List<String> getUnAuthenticatedURLPrefix() { 099 return Collections.emptyList(); 100 } 101 102 public boolean onError(HttpServletRequest request, HttpServletResponse response) { 103 try { 104 String path = getLoginPathInfo(request); 105 if (path == null) { // this should never happens 106 return false; 107 } 108 // ajax request 109 if (request.getParameter("caller") != null) { 110 response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Authentication Failed"); 111 } else { // normal request 112 response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); 113 response.sendRedirect(path + "?failed=true"); 114 } 115 } catch (IOException e) { 116 log.error(e); 117 return false; 118 } 119 return true; 120 } 121 122 public boolean onSuccess(HttpServletRequest request, HttpServletResponse response) { 123 try { 124 String path = getLoginPathInfo(request); 125 if (path == null) { // this should never happens 126 return false; 127 } 128 // ajax request 129 if (request.getParameter("caller") != null) { 130 response.sendError(HttpServletResponse.SC_OK); 131 } else { // normal request 132 response.sendRedirect(path); 133 } 134 } catch (IOException e) { 135 log.error(e); 136 return false; 137 } 138 return true; 139 } 140 141}