From: maxcooper Date: Mon, 26 Jan 2004 09:19:10 +0000 (+0000) Subject: remember me initial integration X-Git-Tag: rel-2_0-alpha1~13 X-Git-Url: https://git.internetallee.de/?a=commitdiff_plain;h=e15f323a5e08f46b75a519dddbc34e534192f2b0;p=securityfilter.git remember me initial integration --- diff --git a/src/share/org/securityfilter/authenticator/Authenticator.java b/src/share/org/securityfilter/authenticator/Authenticator.java index fb3187b..b0177da 100644 --- a/src/share/org/securityfilter/authenticator/Authenticator.java +++ b/src/share/org/securityfilter/authenticator/Authenticator.java @@ -1,7 +1,7 @@ /* - * $Header: /cvsroot/securityfilter/securityfilter/src/share/org/securityfilter/authenticator/Authenticator.java,v 1.3 2004/01/26 07:14:53 anoncvs_webpanels Exp $ - * $Revision: 1.3 $ - * $Date: 2004/01/26 07:14:53 $ + * $Header: /cvsroot/securityfilter/securityfilter/src/share/org/securityfilter/authenticator/Authenticator.java,v 1.4 2004/01/26 09:19:10 maxcooper Exp $ + * $Revision: 1.4 $ + * $Date: 2004/01/26 09:19:10 $ * * ==================================================================== * The SecurityFilter Software License, Version 1.1 @@ -67,7 +67,7 @@ import java.io.IOException; * method, such as FORM or BASIC (others are possible). * * @author Max Cooper (max@maxcooper.com) - * @version $Revision: 1.3 $ $Date: 2004/01/26 07:14:53 $ + * @version $Revision: 1.4 $ $Date: 2004/01/26 09:19:10 $ */ public interface Authenticator { @@ -110,9 +110,15 @@ public interface Authenticator { * Perform any logout processing that is required. * * @param request + * @param response + * @param patternMatcher * @return true if this is a logout request, false otherwise */ - public boolean processLogout(SecurityRequestWrapper request, URLPatternMatcher patternMatcher) throws Exception; + public boolean processLogout( + SecurityRequestWrapper request, + HttpServletResponse response, + URLPatternMatcher patternMatcher + ) throws Exception; /** * Return true if security checks should be bypassed for this request. diff --git a/src/share/org/securityfilter/authenticator/BasicAuthenticator.java b/src/share/org/securityfilter/authenticator/BasicAuthenticator.java index 2897878..e9510c0 100644 --- a/src/share/org/securityfilter/authenticator/BasicAuthenticator.java +++ b/src/share/org/securityfilter/authenticator/BasicAuthenticator.java @@ -1,7 +1,7 @@ /* - * $Header: /cvsroot/securityfilter/securityfilter/src/share/org/securityfilter/authenticator/BasicAuthenticator.java,v 1.4 2004/01/26 07:14:53 anoncvs_webpanels Exp $ - * $Revision: 1.4 $ - * $Date: 2004/01/26 07:14:53 $ + * $Header: /cvsroot/securityfilter/securityfilter/src/share/org/securityfilter/authenticator/BasicAuthenticator.java,v 1.5 2004/01/26 09:19:10 maxcooper Exp $ + * $Revision: 1.5 $ + * $Date: 2004/01/26 09:19:10 $ * * ==================================================================== * The SecurityFilter Software License, Version 1.1 @@ -70,7 +70,7 @@ import java.security.Principal; * * @author Daya Sharma (iamdaya@yahoo.com, billydaya@sbcglobal.net) * @author Max Cooper (max@maxcooper.com) - * @version $Revision: 1.4 $ $Date: 2004/01/26 07:14:53 $ + * @version $Revision: 1.5 $ $Date: 2004/01/26 09:19:10 $ */ public class BasicAuthenticator implements Authenticator { public static final String LOGIN_ATTEMPTS = BasicAuthenticator.class.getName() + ".LOGIN_ATTEMPTS"; @@ -184,10 +184,15 @@ public class BasicAuthenticator implements Authenticator { * Always returns false for BASIC authenticator. * * @param request + * @param response * @param patternMatcher * @return always returns false */ - public boolean processLogout(SecurityRequestWrapper request, URLPatternMatcher patternMatcher) { + public boolean processLogout( + SecurityRequestWrapper request, + HttpServletResponse response, + URLPatternMatcher patternMatcher + ) { return false; } diff --git a/src/share/org/securityfilter/authenticator/FormAuthenticator.java b/src/share/org/securityfilter/authenticator/FormAuthenticator.java index 791d444..5671348 100644 --- a/src/share/org/securityfilter/authenticator/FormAuthenticator.java +++ b/src/share/org/securityfilter/authenticator/FormAuthenticator.java @@ -1,7 +1,7 @@ /* - * $Header: /cvsroot/securityfilter/securityfilter/src/share/org/securityfilter/authenticator/FormAuthenticator.java,v 1.6 2004/01/26 07:14:53 anoncvs_webpanels Exp $ - * $Revision: 1.6 $ - * $Date: 2004/01/26 07:14:53 $ + * $Header: /cvsroot/securityfilter/securityfilter/src/share/org/securityfilter/authenticator/FormAuthenticator.java,v 1.7 2004/01/26 09:19:10 maxcooper Exp $ + * $Revision: 1.7 $ + * $Date: 2004/01/26 09:19:10 $ * * ==================================================================== * The SecurityFilter Software License, Version 1.1 @@ -58,6 +58,7 @@ package org.securityfilter.authenticator; import org.securityfilter.config.SecurityConfig; import org.securityfilter.filter.*; import org.securityfilter.realm.SecurityRealmInterface; +import org.securityfilter.persistent.PersistentLoginManagerInterface; import javax.servlet.FilterConfig; import javax.servlet.http.*; @@ -68,7 +69,7 @@ import java.security.Principal; * FormAuthenticator - authenticator implementation for the FORM auth method. * * @author Max Cooper (max@maxcooper.com) - * @version $Revision: 1.6 $ $Date: 2004/01/26 07:14:53 $ + * @version $Revision: 1.7 $ $Date: 2004/01/26 09:19:10 $ */ public class FormAuthenticator implements Authenticator { @@ -78,17 +79,17 @@ public class FormAuthenticator implements Authenticator { protected static final String FORM_USERNAME = "j_username"; protected static final String FORM_PASSWORD = "j_password"; + protected static final String FORM_REMEMBERME = "j_rememberme"; protected String loginPage; protected URLPattern loginPagePattern; - protected String errorPage; protected URLPattern errorPagePattern; + protected String defaultPage; + protected PersistentLoginManagerInterface persistentLoginManager; protected URLPattern logoutPagePattern; - protected String defaultPage; - protected SecurityRealmInterface realm; /** @@ -120,9 +121,16 @@ public class FormAuthenticator implements Authenticator { errorPage = securityConfig.getErrorPage(); errorPagePattern = patternFactory.createURLPattern(stripQueryString(errorPage), null, null, 0); - // error page + // -- Persistent Login Info -------------------------------------------------------------------------------------- + + // logout page String logoutPage = securityConfig.getLogoutPage(); - logoutPagePattern = patternFactory.createURLPattern(stripQueryString(logoutPage), null, null, 0); + if (logoutPage != null) { + logoutPagePattern = patternFactory.createURLPattern(stripQueryString(logoutPage), null, null, 0); + } + + // persistent login manager class + persistentLoginManager = securityConfig.getPersistentLoginManager(); } /** @@ -144,6 +152,26 @@ public class FormAuthenticator implements Authenticator { * @return true if the filter should return after this method ends, false otherwise */ public boolean processLogin(SecurityRequestWrapper request, HttpServletResponse response) throws Exception { + + // process any persistent login information, if user is not already logged in, + // persistent logins are enabled, and the persistent login info is present in this request + if ( + request.getRemoteUser() != null + && persistentLoginManager != null + && persistentLoginManager.rememberingLogin(request) + ) { + String username = persistentLoginManager.getRememberedUsername(request, response); + String password = persistentLoginManager.getRememberedPassword(request, response); + Principal principal = realm.authenticate(username, password); + if (principal != null) { + request.setUserPrincipal(principal); + } else { + // failed authentication with remembered login, better forget login now + persistentLoginManager.forgetLogin(request, response); + } + } + + // process login form submittal if (request.getMatchableURL().endsWith(loginSubmitPattern)) { String username = request.getParameter(FORM_USERNAME); String password = request.getParameter(FORM_PASSWORD); @@ -156,6 +184,19 @@ public class FormAuthenticator implements Authenticator { request.getSession().invalidate(); } + // manage persistent login info, if persistent login management is enabled + if (persistentLoginManager != null) { + String rememberme = request.getParameter(FORM_REMEMBERME); + // did the user request that their login be persistent? + if (rememberme != null) { + // remember login + persistentLoginManager.rememberLogin(request, response, username, password); + } else { + // forget login + persistentLoginManager.forgetLogin(request, response); + } + } + request.setUserPrincipal(principal); String continueToURL = getContinueToURL(request); // This is the url that the user was initially accessing before being prompted for login. @@ -168,6 +209,7 @@ public class FormAuthenticator implements Authenticator { } return true; } + return false; } @@ -190,14 +232,28 @@ public class FormAuthenticator implements Authenticator { } /** - * Return true if this is a logout request. Always returns false for this Authenticator. + * Return true if this is a logout request. * * @param request + * @param response + * @param patternMatcher * @return true if this is a logout request, false otherwise */ - public boolean processLogout(SecurityRequestWrapper request, URLPatternMatcher patternMatcher) throws Exception { + public boolean processLogout( + SecurityRequestWrapper request, + HttpServletResponse response, + URLPatternMatcher patternMatcher + ) throws Exception { String requestURL = request.getMatchableURL(); - return patternMatcher.match(requestURL, logoutPagePattern); + // check if this is a logout request + if (matchesLogoutPattern(requestURL, patternMatcher)) { + // if remembering this login call forgetLogin() method to forget it + if (persistentLoginManager != null && persistentLoginManager.rememberingLogin(request)) { + persistentLoginManager.forgetLogin(request, response); + } + return true; + } + return false; } /** @@ -211,7 +267,26 @@ public class FormAuthenticator implements Authenticator { URLPatternMatcher patternMatcher ) throws Exception { String requestURL = request.getMatchableURL(); - return patternMatcher.match(requestURL, loginPagePattern) || patternMatcher.match(requestURL, errorPagePattern); + return ( + patternMatcher.match(requestURL, loginPagePattern) + || patternMatcher.match(requestURL, errorPagePattern) + || matchesLogoutPattern(requestURL, patternMatcher) + ); + } + + /** + * Returns true if the logout pattern is not null and the request URL string passed in matches it. + * + * @param requestURL + * @param patternMatcher + * @return true if the logout page is defined and the request URL matches it + * @throws Exception + */ + private boolean matchesLogoutPattern(String requestURL, URLPatternMatcher patternMatcher) throws Exception { + if (logoutPagePattern != null) { + return patternMatcher.match(requestURL, logoutPagePattern); + } + return false; } /** @@ -237,9 +312,11 @@ public class FormAuthenticator implements Authenticator { * @return uri with query string removed (if it had one) */ private String stripQueryString(String uri) { - int queryStart = uri.indexOf('?'); - if (queryStart != -1) { - uri = uri.substring(0, queryStart); + if (uri != null) { + int queryStart = uri.indexOf('?'); + if (queryStart != -1) { + uri = uri.substring(0, queryStart); + } } return uri; } diff --git a/src/share/org/securityfilter/config/SecurityConfig.java b/src/share/org/securityfilter/config/SecurityConfig.java index 2199c8f..5720050 100644 --- a/src/share/org/securityfilter/config/SecurityConfig.java +++ b/src/share/org/securityfilter/config/SecurityConfig.java @@ -1,7 +1,7 @@ /* - * $Header: /cvsroot/securityfilter/securityfilter/src/share/org/securityfilter/config/SecurityConfig.java,v 1.14 2003/11/25 10:15:47 maxcooper Exp $ - * $Revision: 1.14 $ - * $Date: 2003/11/25 10:15:47 $ + * $Header: /cvsroot/securityfilter/securityfilter/src/share/org/securityfilter/config/SecurityConfig.java,v 1.15 2004/01/26 09:19:10 maxcooper Exp $ + * $Revision: 1.15 $ + * $Date: 2004/01/26 09:19:10 $ * * ==================================================================== * The SecurityFilter Software License, Version 1.1 @@ -72,7 +72,7 @@ import java.util.*; * @author Max Cooper (max@maxcooper.com) * @author Daya Sharma (iamdaya@yahoo.com, billydaya@sbcglobal.net) * @author David Reed (dreed10@neo.rr.com) - * @version $Revision: 1.14 $ $Date: 2003/11/25 10:15:47 $ + * @version $Revision: 1.15 $ $Date: 2004/01/26 09:19:10 $ */ public class SecurityConfig { @@ -252,14 +252,12 @@ public class SecurityConfig { } /** - * Adds a StickyLoginManager to be used for persisting logins. + * Set the PersistentLoginManager to be used for persisting logins. * - * @param loginManager StickyLoginManager to use for this implementation + * @param persistentLoginManager StickyLoginManager to use for this implementation */ - public synchronized void addStickyLoginManager( - Object loginManager - ) throws NoSuchMethodException, IllegalAccessException, InvocationTargetException { - this.persistentLoginManager = (PersistentLoginManagerInterface) loginManager; + public void setPersistentLoginManager(PersistentLoginManagerInterface persistentLoginManager) { + this.persistentLoginManager = persistentLoginManager; } /** @@ -313,13 +311,13 @@ public class SecurityConfig { 0 ); - // remember me plugin + // persistent login manager digester.addObjectCreate("securityfilter-config/login-config/remember-me", null, "className"); digester.addSetProperty("securityfilter-config/login-config/remember-me/remember-me-param", "name", "value"); digester.addSetNext( "securityfilter-config/login-config/remember-me", - "addPersistentLoginManager", - "java.lang.Object" + "setPersistentLoginManager", + "org.securityfilter.persistent.PersistentLoginManagerInterface" ); // security-constraint diff --git a/src/share/org/securityfilter/filter/SecurityFilter.java b/src/share/org/securityfilter/filter/SecurityFilter.java index 8845c25..5eb9872 100644 --- a/src/share/org/securityfilter/filter/SecurityFilter.java +++ b/src/share/org/securityfilter/filter/SecurityFilter.java @@ -1,7 +1,7 @@ /* - * $Header: /cvsroot/securityfilter/securityfilter/src/share/org/securityfilter/filter/SecurityFilter.java,v 1.22 2003/10/27 11:16:05 maxcooper Exp $ - * $Revision: 1.22 $ - * $Date: 2003/10/27 11:16:05 $ + * $Header: /cvsroot/securityfilter/securityfilter/src/share/org/securityfilter/filter/SecurityFilter.java,v 1.23 2004/01/26 09:19:10 maxcooper Exp $ + * $Revision: 1.23 $ + * $Date: 2004/01/26 09:19:10 $ * * ==================================================================== * The SecurityFilter Software License, Version 1.1 @@ -72,7 +72,7 @@ import java.util.*; * @author Max Cooper (max@maxcooper.com) * @author Daya Sharma (iamdaya@yahoo.com, billydaya@sbcglobal.net) * @author Torgeir Veimo (torgeir@pobox.com) - * @version $Revision: 1.22 $ $Date: 2003/10/27 11:16:05 $ + * @version $Revision: 1.23 $ $Date: 2004/01/26 09:19:10 $ */ public class SecurityFilter implements Filter { public static final String CONFIG_FILE_KEY = "config"; @@ -127,6 +127,13 @@ public class SecurityFilter implements Filter { URLPattern match = null; try { + // check if this is a logout request + if (authenticator.processLogout(wrappedRequest, hRes, patternMatcher)) { + // If logging out destroy and recreate session + hReq.getSession().invalidate(); + hReq.getSession(true); + } + // check if this request includes login info if (authenticator.processLogin(wrappedRequest, hRes)) { return; @@ -237,7 +244,8 @@ public class SecurityFilter implements Filter { } catch (org.xml.sax.SAXException se) { System.err.println("unable to parse input: " + se); } catch (Exception e) { - System.err.println("invalid regular expression pattern: " + e); + System.err.println("error: " + e); + e.printStackTrace(); } } diff --git a/src/share/org/securityfilter/persistent/DefaultPersistentLoginManager.java b/src/share/org/securityfilter/persistent/DefaultPersistentLoginManager.java index 8b4d375..d8751d3 100644 --- a/src/share/org/securityfilter/persistent/DefaultPersistentLoginManager.java +++ b/src/share/org/securityfilter/persistent/DefaultPersistentLoginManager.java @@ -1,7 +1,7 @@ /* - * $Header: /cvsroot/securityfilter/securityfilter/src/share/org/securityfilter/persistent/Attic/DefaultPersistentLoginManager.java,v 1.1 2003/11/25 10:15:14 maxcooper Exp $ - * $Revision: 1.1 $ - * $Date: 2003/11/25 10:15:14 $ + * $Header: /cvsroot/securityfilter/securityfilter/src/share/org/securityfilter/persistent/Attic/DefaultPersistentLoginManager.java,v 1.2 2004/01/26 09:19:10 maxcooper Exp $ + * $Revision: 1.2 $ + * $Date: 2004/01/26 09:19:10 $ * * ==================================================================== * The SecurityFilter Software License, Version 1.1 @@ -70,7 +70,7 @@ import java.security.*; * * @author David Reed (dreed10@neo.rr.com) * @author Max Cooper (max@maxcooper.com) - * @version $Revision: 1.1 $ $Date: 2003/11/25 10:15:14 $ + * @version $Revision: 1.2 $ $Date: 2004/01/26 09:19:10 $ */ public class DefaultPersistentLoginManager implements Serializable, PersistentLoginManagerInterface { @@ -544,3 +544,5 @@ public class DefaultPersistentLoginManager implements Serializable, PersistentLo } } +// ---------------------------------------------------------------------------- +// EOF \ No newline at end of file diff --git a/src/share/org/securityfilter/persistent/PersistentLoginManagerInterface.java b/src/share/org/securityfilter/persistent/PersistentLoginManagerInterface.java index 8b6bf6f..a231b27 100644 --- a/src/share/org/securityfilter/persistent/PersistentLoginManagerInterface.java +++ b/src/share/org/securityfilter/persistent/PersistentLoginManagerInterface.java @@ -1,7 +1,7 @@ /* - * $Header: /cvsroot/securityfilter/securityfilter/src/share/org/securityfilter/persistent/Attic/PersistentLoginManagerInterface.java,v 1.1 2003/11/25 10:15:16 maxcooper Exp $ - * $Revision: 1.1 $ - * $Date: 2003/11/25 10:15:16 $ + * $Header: /cvsroot/securityfilter/securityfilter/src/share/org/securityfilter/persistent/Attic/PersistentLoginManagerInterface.java,v 1.2 2004/01/26 09:19:10 maxcooper Exp $ + * $Revision: 1.2 $ + * $Date: 2004/01/26 09:19:10 $ * * ==================================================================== * The SecurityFilter Software License, Version 1.1 @@ -65,7 +65,7 @@ import java.io.IOException; * * @author David Reed (dreed10@neo.rr.com.com) * @author Max Cooper (max@maxcooper.com) - * @version $Revision: 1.1 $ $Date: 2003/11/25 10:15:16 $ + * @version $Revision: 1.2 $ $Date: 2004/01/26 09:19:10 $ */ public interface PersistentLoginManagerInterface { @@ -127,3 +127,6 @@ public interface PersistentLoginManagerInterface { HttpServletResponse response ) throws IOException, ServletException; } + +// ---------------------------------------------------------------------------- +// EOF \ No newline at end of file