/*
- * $Header: /cvsroot/securityfilter/securityfilter/src/share/org/securityfilter/authenticator/Authenticator.java,v 1.3 2004/01/26 07:14:53 anoncvs_webpanels Exp $
- * $Revision: 1.3 $
- * $Date: 2004/01/26 07:14:53 $
+ * $Header: /cvsroot/securityfilter/securityfilter/src/share/org/securityfilter/authenticator/Authenticator.java,v 1.4 2004/01/26 09:19:10 maxcooper Exp $
+ * $Revision: 1.4 $
+ * $Date: 2004/01/26 09:19:10 $
*
* ====================================================================
* The SecurityFilter Software License, Version 1.1
* method, such as FORM or BASIC (others are possible).
*
* @author Max Cooper (max@maxcooper.com)
- * @version $Revision: 1.3 $ $Date: 2004/01/26 07:14:53 $
+ * @version $Revision: 1.4 $ $Date: 2004/01/26 09:19:10 $
*/
public interface Authenticator {
* Perform any logout processing that is required.
*
* @param request
+ * @param response
+ * @param patternMatcher
* @return true if this is a logout request, false otherwise
*/
- public boolean processLogout(SecurityRequestWrapper request, URLPatternMatcher patternMatcher) throws Exception;
+ public boolean processLogout(
+ SecurityRequestWrapper request,
+ HttpServletResponse response,
+ URLPatternMatcher patternMatcher
+ ) throws Exception;
/**
* Return true if security checks should be bypassed for this request.
/*
- * $Header: /cvsroot/securityfilter/securityfilter/src/share/org/securityfilter/authenticator/BasicAuthenticator.java,v 1.4 2004/01/26 07:14:53 anoncvs_webpanels Exp $
- * $Revision: 1.4 $
- * $Date: 2004/01/26 07:14:53 $
+ * $Header: /cvsroot/securityfilter/securityfilter/src/share/org/securityfilter/authenticator/BasicAuthenticator.java,v 1.5 2004/01/26 09:19:10 maxcooper Exp $
+ * $Revision: 1.5 $
+ * $Date: 2004/01/26 09:19:10 $
*
* ====================================================================
* The SecurityFilter Software License, Version 1.1
*
* @author Daya Sharma (iamdaya@yahoo.com, billydaya@sbcglobal.net)
* @author Max Cooper (max@maxcooper.com)
- * @version $Revision: 1.4 $ $Date: 2004/01/26 07:14:53 $
+ * @version $Revision: 1.5 $ $Date: 2004/01/26 09:19:10 $
*/
public class BasicAuthenticator implements Authenticator {
public static final String LOGIN_ATTEMPTS = BasicAuthenticator.class.getName() + ".LOGIN_ATTEMPTS";
* Always returns false for BASIC authenticator.
*
* @param request
+ * @param response
* @param patternMatcher
* @return always returns false
*/
- public boolean processLogout(SecurityRequestWrapper request, URLPatternMatcher patternMatcher) {
+ public boolean processLogout(
+ SecurityRequestWrapper request,
+ HttpServletResponse response,
+ URLPatternMatcher patternMatcher
+ ) {
return false;
}
/*
- * $Header: /cvsroot/securityfilter/securityfilter/src/share/org/securityfilter/authenticator/FormAuthenticator.java,v 1.6 2004/01/26 07:14:53 anoncvs_webpanels Exp $
- * $Revision: 1.6 $
- * $Date: 2004/01/26 07:14:53 $
+ * $Header: /cvsroot/securityfilter/securityfilter/src/share/org/securityfilter/authenticator/FormAuthenticator.java,v 1.7 2004/01/26 09:19:10 maxcooper Exp $
+ * $Revision: 1.7 $
+ * $Date: 2004/01/26 09:19:10 $
*
* ====================================================================
* The SecurityFilter Software License, Version 1.1
import org.securityfilter.config.SecurityConfig;
import org.securityfilter.filter.*;
import org.securityfilter.realm.SecurityRealmInterface;
+import org.securityfilter.persistent.PersistentLoginManagerInterface;
import javax.servlet.FilterConfig;
import javax.servlet.http.*;
* FormAuthenticator - authenticator implementation for the FORM auth method.
*
* @author Max Cooper (max@maxcooper.com)
- * @version $Revision: 1.6 $ $Date: 2004/01/26 07:14:53 $
+ * @version $Revision: 1.7 $ $Date: 2004/01/26 09:19:10 $
*/
public class FormAuthenticator implements Authenticator {
protected static final String FORM_USERNAME = "j_username";
protected static final String FORM_PASSWORD = "j_password";
+ protected static final String FORM_REMEMBERME = "j_rememberme";
protected String loginPage;
protected URLPattern loginPagePattern;
-
protected String errorPage;
protected URLPattern errorPagePattern;
+ protected String defaultPage;
+ protected PersistentLoginManagerInterface persistentLoginManager;
protected URLPattern logoutPagePattern;
- protected String defaultPage;
-
protected SecurityRealmInterface realm;
/**
errorPage = securityConfig.getErrorPage();
errorPagePattern = patternFactory.createURLPattern(stripQueryString(errorPage), null, null, 0);
- // error page
+ // -- Persistent Login Info --------------------------------------------------------------------------------------
+
+ // logout page
String logoutPage = securityConfig.getLogoutPage();
- logoutPagePattern = patternFactory.createURLPattern(stripQueryString(logoutPage), null, null, 0);
+ if (logoutPage != null) {
+ logoutPagePattern = patternFactory.createURLPattern(stripQueryString(logoutPage), null, null, 0);
+ }
+
+ // persistent login manager class
+ persistentLoginManager = securityConfig.getPersistentLoginManager();
}
/**
* @return true if the filter should return after this method ends, false otherwise
*/
public boolean processLogin(SecurityRequestWrapper request, HttpServletResponse response) throws Exception {
+
+ // process any persistent login information, if user is not already logged in,
+ // persistent logins are enabled, and the persistent login info is present in this request
+ if (
+ request.getRemoteUser() != null
+ && persistentLoginManager != null
+ && persistentLoginManager.rememberingLogin(request)
+ ) {
+ String username = persistentLoginManager.getRememberedUsername(request, response);
+ String password = persistentLoginManager.getRememberedPassword(request, response);
+ Principal principal = realm.authenticate(username, password);
+ if (principal != null) {
+ request.setUserPrincipal(principal);
+ } else {
+ // failed authentication with remembered login, better forget login now
+ persistentLoginManager.forgetLogin(request, response);
+ }
+ }
+
+ // process login form submittal
if (request.getMatchableURL().endsWith(loginSubmitPattern)) {
String username = request.getParameter(FORM_USERNAME);
String password = request.getParameter(FORM_PASSWORD);
request.getSession().invalidate();
}
+ // manage persistent login info, if persistent login management is enabled
+ if (persistentLoginManager != null) {
+ String rememberme = request.getParameter(FORM_REMEMBERME);
+ // did the user request that their login be persistent?
+ if (rememberme != null) {
+ // remember login
+ persistentLoginManager.rememberLogin(request, response, username, password);
+ } else {
+ // forget login
+ persistentLoginManager.forgetLogin(request, response);
+ }
+ }
+
request.setUserPrincipal(principal);
String continueToURL = getContinueToURL(request);
// This is the url that the user was initially accessing before being prompted for login.
}
return true;
}
+
return false;
}
}
/**
- * Return true if this is a logout request. Always returns false for this Authenticator.
+ * Return true if this is a logout request.
*
* @param request
+ * @param response
+ * @param patternMatcher
* @return true if this is a logout request, false otherwise
*/
- public boolean processLogout(SecurityRequestWrapper request, URLPatternMatcher patternMatcher) throws Exception {
+ public boolean processLogout(
+ SecurityRequestWrapper request,
+ HttpServletResponse response,
+ URLPatternMatcher patternMatcher
+ ) throws Exception {
String requestURL = request.getMatchableURL();
- return patternMatcher.match(requestURL, logoutPagePattern);
+ // check if this is a logout request
+ if (matchesLogoutPattern(requestURL, patternMatcher)) {
+ // if remembering this login call forgetLogin() method to forget it
+ if (persistentLoginManager != null && persistentLoginManager.rememberingLogin(request)) {
+ persistentLoginManager.forgetLogin(request, response);
+ }
+ return true;
+ }
+ return false;
}
/**
URLPatternMatcher patternMatcher
) throws Exception {
String requestURL = request.getMatchableURL();
- return patternMatcher.match(requestURL, loginPagePattern) || patternMatcher.match(requestURL, errorPagePattern);
+ return (
+ patternMatcher.match(requestURL, loginPagePattern)
+ || patternMatcher.match(requestURL, errorPagePattern)
+ || matchesLogoutPattern(requestURL, patternMatcher)
+ );
+ }
+
+ /**
+ * Returns true if the logout pattern is not null and the request URL string passed in matches it.
+ *
+ * @param requestURL
+ * @param patternMatcher
+ * @return true if the logout page is defined and the request URL matches it
+ * @throws Exception
+ */
+ private boolean matchesLogoutPattern(String requestURL, URLPatternMatcher patternMatcher) throws Exception {
+ if (logoutPagePattern != null) {
+ return patternMatcher.match(requestURL, logoutPagePattern);
+ }
+ return false;
}
/**
* @return uri with query string removed (if it had one)
*/
private String stripQueryString(String uri) {
- int queryStart = uri.indexOf('?');
- if (queryStart != -1) {
- uri = uri.substring(0, queryStart);
+ if (uri != null) {
+ int queryStart = uri.indexOf('?');
+ if (queryStart != -1) {
+ uri = uri.substring(0, queryStart);
+ }
}
return uri;
}
/*
- * $Header: /cvsroot/securityfilter/securityfilter/src/share/org/securityfilter/config/SecurityConfig.java,v 1.14 2003/11/25 10:15:47 maxcooper Exp $
- * $Revision: 1.14 $
- * $Date: 2003/11/25 10:15:47 $
+ * $Header: /cvsroot/securityfilter/securityfilter/src/share/org/securityfilter/config/SecurityConfig.java,v 1.15 2004/01/26 09:19:10 maxcooper Exp $
+ * $Revision: 1.15 $
+ * $Date: 2004/01/26 09:19:10 $
*
* ====================================================================
* The SecurityFilter Software License, Version 1.1
* @author Max Cooper (max@maxcooper.com)
* @author Daya Sharma (iamdaya@yahoo.com, billydaya@sbcglobal.net)
* @author David Reed (dreed10@neo.rr.com)
- * @version $Revision: 1.14 $ $Date: 2003/11/25 10:15:47 $
+ * @version $Revision: 1.15 $ $Date: 2004/01/26 09:19:10 $
*/
public class SecurityConfig {
}
/**
- * Adds a StickyLoginManager to be used for persisting logins.
+ * Set the PersistentLoginManager to be used for persisting logins.
*
- * @param loginManager StickyLoginManager to use for this implementation
+ * @param persistentLoginManager StickyLoginManager to use for this implementation
*/
- public synchronized void addStickyLoginManager(
- Object loginManager
- ) throws NoSuchMethodException, IllegalAccessException, InvocationTargetException {
- this.persistentLoginManager = (PersistentLoginManagerInterface) loginManager;
+ public void setPersistentLoginManager(PersistentLoginManagerInterface persistentLoginManager) {
+ this.persistentLoginManager = persistentLoginManager;
}
/**
0
);
- // remember me plugin
+ // persistent login manager
digester.addObjectCreate("securityfilter-config/login-config/remember-me", null, "className");
digester.addSetProperty("securityfilter-config/login-config/remember-me/remember-me-param", "name", "value");
digester.addSetNext(
"securityfilter-config/login-config/remember-me",
- "addPersistentLoginManager",
- "java.lang.Object"
+ "setPersistentLoginManager",
+ "org.securityfilter.persistent.PersistentLoginManagerInterface"
);
// security-constraint
/*
- * $Header: /cvsroot/securityfilter/securityfilter/src/share/org/securityfilter/filter/SecurityFilter.java,v 1.22 2003/10/27 11:16:05 maxcooper Exp $
- * $Revision: 1.22 $
- * $Date: 2003/10/27 11:16:05 $
+ * $Header: /cvsroot/securityfilter/securityfilter/src/share/org/securityfilter/filter/SecurityFilter.java,v 1.23 2004/01/26 09:19:10 maxcooper Exp $
+ * $Revision: 1.23 $
+ * $Date: 2004/01/26 09:19:10 $
*
* ====================================================================
* The SecurityFilter Software License, Version 1.1
* @author Max Cooper (max@maxcooper.com)
* @author Daya Sharma (iamdaya@yahoo.com, billydaya@sbcglobal.net)
* @author Torgeir Veimo (torgeir@pobox.com)
- * @version $Revision: 1.22 $ $Date: 2003/10/27 11:16:05 $
+ * @version $Revision: 1.23 $ $Date: 2004/01/26 09:19:10 $
*/
public class SecurityFilter implements Filter {
public static final String CONFIG_FILE_KEY = "config";
URLPattern match = null;
try {
+ // check if this is a logout request
+ if (authenticator.processLogout(wrappedRequest, hRes, patternMatcher)) {
+ // If logging out destroy and recreate session
+ hReq.getSession().invalidate();
+ hReq.getSession(true);
+ }
+
// check if this request includes login info
if (authenticator.processLogin(wrappedRequest, hRes)) {
return;
} catch (org.xml.sax.SAXException se) {
System.err.println("unable to parse input: " + se);
} catch (Exception e) {
- System.err.println("invalid regular expression pattern: " + e);
+ System.err.println("error: " + e);
+ e.printStackTrace();
}
}
/*
- * $Header: /cvsroot/securityfilter/securityfilter/src/share/org/securityfilter/persistent/Attic/DefaultPersistentLoginManager.java,v 1.1 2003/11/25 10:15:14 maxcooper Exp $
- * $Revision: 1.1 $
- * $Date: 2003/11/25 10:15:14 $
+ * $Header: /cvsroot/securityfilter/securityfilter/src/share/org/securityfilter/persistent/Attic/DefaultPersistentLoginManager.java,v 1.2 2004/01/26 09:19:10 maxcooper Exp $
+ * $Revision: 1.2 $
+ * $Date: 2004/01/26 09:19:10 $
*
* ====================================================================
* The SecurityFilter Software License, Version 1.1
*
* @author David Reed (dreed10@neo.rr.com)
* @author Max Cooper (max@maxcooper.com)
- * @version $Revision: 1.1 $ $Date: 2003/11/25 10:15:14 $
+ * @version $Revision: 1.2 $ $Date: 2004/01/26 09:19:10 $
*/
public class DefaultPersistentLoginManager implements Serializable, PersistentLoginManagerInterface {
}
}
+// ----------------------------------------------------------------------------
+// EOF
\ No newline at end of file
/*
- * $Header: /cvsroot/securityfilter/securityfilter/src/share/org/securityfilter/persistent/Attic/PersistentLoginManagerInterface.java,v 1.1 2003/11/25 10:15:16 maxcooper Exp $
- * $Revision: 1.1 $
- * $Date: 2003/11/25 10:15:16 $
+ * $Header: /cvsroot/securityfilter/securityfilter/src/share/org/securityfilter/persistent/Attic/PersistentLoginManagerInterface.java,v 1.2 2004/01/26 09:19:10 maxcooper Exp $
+ * $Revision: 1.2 $
+ * $Date: 2004/01/26 09:19:10 $
*
* ====================================================================
* The SecurityFilter Software License, Version 1.1
*
* @author David Reed (dreed10@neo.rr.com.com)
* @author Max Cooper (max@maxcooper.com)
- * @version $Revision: 1.1 $ $Date: 2003/11/25 10:15:16 $
+ * @version $Revision: 1.2 $ $Date: 2004/01/26 09:19:10 $
*/
public interface PersistentLoginManagerInterface {
HttpServletResponse response
) throws IOException, ServletException;
}
+
+// ----------------------------------------------------------------------------
+// EOF
\ No newline at end of file
projects / securityfilter.git / commitdiff