From 80899281cb594fa204cff76da527fd7e730e8703 Mon Sep 17 00:00:00 2001
From: maxcooper <maxcooper>
Date: Mon, 9 Jun 2003 11:02:42 +0000
Subject: [PATCH] refactored formPattern to loginSubmitPattern for clarity
 established /j_security_check as default for loginSubmitPattern

---
 .../org/securityfilter/filter/SecurityFilter.java  | 54 ++++++++++++++--------
 web/share/WEB-INF/web.xml                          |  6 ++-
 2 files changed, 39 insertions(+), 21 deletions(-)

diff --git a/src/share/org/securityfilter/filter/SecurityFilter.java b/src/share/org/securityfilter/filter/SecurityFilter.java
index cf56d31..1e01596 100644
--- a/src/share/org/securityfilter/filter/SecurityFilter.java
+++ b/src/share/org/securityfilter/filter/SecurityFilter.java
@@ -1,7 +1,7 @@
 /*
- * $Header: /cvsroot/securityfilter/securityfilter/src/share/org/securityfilter/filter/SecurityFilter.java,v 1.18 2003/05/26 11:14:52 maxcooper Exp $
- * $Revision: 1.18 $
- * $Date: 2003/05/26 11:14:52 $
+ * $Header: /cvsroot/securityfilter/securityfilter/src/share/org/securityfilter/filter/SecurityFilter.java,v 1.19 2003/06/09 11:02:43 maxcooper Exp $
+ * $Revision: 1.19 $
+ * $Date: 2003/06/09 11:02:43 $
  *
  * ====================================================================
  * The SecurityFilter Software License, Version 1.1
@@ -77,20 +77,32 @@ import java.util.*;
  * @author Max Cooper (max@maxcooper.com)
  * @author Daya Sharma (iamdaya@yahoo.com, billydaya@sbcglobal.net)
  * @author Torgeir Veimo (torgeir@pobox.com)
- * @version $Revision: 1.18 $ $Date: 2003/05/26 11:14:52 $
+ * @version $Revision: 1.19 $ $Date: 2003/06/09 11:02:43 $
  */
 public class SecurityFilter implements Filter {
-   public static final String SAVED_REQUEST_URL = SecurityFilter.class.getName() + ".SAVED_REQUEST_URL";
-   public static final String SAVED_REQUEST = SecurityFilter.class.getName() + ".SAVED_REQUEST";
-   public static final String ALREADY_PROCESSED = SecurityFilter.class.getName() + ".ALREADY_PROCESSED";
-
    public static final String CONFIG_FILE_KEY = "config";
    public static final String DEFAULT_CONFIG_FILE = "/WEB-INF/securityfilter-config.xml";
+
    public static final String VALIDATE_KEY = "validate";
+
+   public static final String LOGIN_SUBMIT_PATTERN_KEY = "loginSubmitPattern";
+   public static final String DEFAULT_LOGIN_SUBMIT_PATTERN = "/j_security_check";
+   protected String loginSubmitPattern;
+
    public static final String TRUE = "true";
+
+   public static final String SAVED_REQUEST_URL = SecurityFilter.class.getName() + ".SAVED_REQUEST_URL";
+   public static final String SAVED_REQUEST = SecurityFilter.class.getName() + ".SAVED_REQUEST";
+   public static final String ALREADY_PROCESSED = SecurityFilter.class.getName() + ".ALREADY_PROCESSED";
+
    public static final String BASIC_WINDOW_SHOWN = "basic_window_shown";
    public static final String LOGIN_ATTEMPTS = "loginAttempts";
 
+   protected static final String DUMMY_TOKEN = "dummyToken";
+
+   protected static final String FORM_USERNAME = "j_username";
+   protected static final String FORM_PASSWORD = "j_password";
+
    public static final Base64 base64Helper = new Base64();
 
    protected FilterConfig config;
@@ -102,15 +114,10 @@ public class SecurityFilter implements Filter {
    protected String defaultPage;
    protected URLPatternFactory patternFactory;
    protected List patternList;
+
    protected String authMethod;
    protected boolean basic = false;
-   protected String tooManyInCorrectLogins;
-
-   protected static final String DUMMY_TOKEN = "dummyToken";
-   protected static final String FORM_USERNAME = "j_username";
-   protected static final String FORM_PASSWORD = "j_password";
-   protected static final String FORM_PATTERN = "formPattern";
-   protected String form_submit_url = "/j_security_check";
+   protected String tooManyIncorrectLogins;
 
    /**
     * Perform filtering operation, and optionally pass the request down the chain.
@@ -156,7 +163,7 @@ public class SecurityFilter implements Filter {
                processLogin(wrappedRequest, hRes);
                return;
             } else {
-               if (requestURL.endsWith(form_submit_url)) {
+               if (requestURL.endsWith(loginSubmitPattern)) {
                   processLogin(wrappedRequest, hRes);
                   return;
                }
@@ -233,13 +240,19 @@ public class SecurityFilter implements Filter {
          patternFactory = new URLPatternFactory();
 
          // parse config file
+         // config file name
          String configFile = config.getInitParameter(CONFIG_FILE_KEY);
          if (configFile == null) {
             configFile = DEFAULT_CONFIG_FILE;
          }
-         form_submit_url = config.getInitParameter(FORM_PATTERN);
          URL configURL = config.getServletContext().getResource(configFile);
+         // validate config file?
          String validate = config.getInitParameter(VALIDATE_KEY);
+         // login submit pattern
+         loginSubmitPattern = config.getInitParameter(LOGIN_SUBMIT_PATTERN_KEY);
+         if (loginSubmitPattern == null) {
+            loginSubmitPattern = DEFAULT_LOGIN_SUBMIT_PATTERN;
+         }
          SecurityConfig securityConfig = new SecurityConfig(TRUE.equalsIgnoreCase(validate));
          securityConfig.loadConfig(configURL);
 
@@ -254,8 +267,9 @@ public class SecurityFilter implements Filter {
          errorPagePattern = patternFactory.createURLPattern(errorPage, null, null, 0);
          authMethod = securityConfig.getAuthMethod();
          // todo: support DIGEST and CERT authentication schemes.
-         if (authMethod.equalsIgnoreCase(HttpServletRequest.BASIC_AUTH))
+         if (authMethod.equalsIgnoreCase(HttpServletRequest.BASIC_AUTH)) {
             basic = true;
+         }
 
          // create pattern list
          patternList = new ArrayList();
@@ -351,7 +365,7 @@ public class SecurityFilter implements Filter {
          loginAttempts += 1;
       }
       // todo: we can put some useful message here, perhaps a internationlizable format of message.
-      tooManyInCorrectLogins = "Sorry you are having problems logging in, please try again";
+      tooManyIncorrectLogins = "Sorry you are having problems logging in, please try again";
       String loginAttemptMessage = "Login attempt number " + loginAttempts;
       String logo;
       if (basic) {
@@ -370,7 +384,7 @@ public class SecurityFilter implements Filter {
             request.getSession().setAttribute(LOGIN_ATTEMPTS, new Integer(loginAttempts));
          } else {
             request.getSession().removeAttribute(LOGIN_ATTEMPTS);
-            response.sendError(HttpServletResponse.SC_UNAUTHORIZED, tooManyInCorrectLogins);
+            response.sendError(HttpServletResponse.SC_UNAUTHORIZED, tooManyIncorrectLogins);
          }
       } else {
          response.sendRedirect(request.getContextPath() + loginPage);
diff --git a/web/share/WEB-INF/web.xml b/web/share/WEB-INF/web.xml
index ac0ada8..6c10550 100644
--- a/web/share/WEB-INF/web.xml
+++ b/web/share/WEB-INF/web.xml
@@ -21,14 +21,16 @@
          <param-value>true</param-value>
          <description>Validate config file if set to true</description>
       </init-param>
+<!--
       <init-param>
-         <param-name>formPattern</param-name>
+         <param-name>loginSubmitPattern</param-name>
          <param-value>/logMeIn</param-value>
          <description>
             As an example a login form can define "logMeIn" as it action in place of the standard
             "j_security_check" which is a special flag user by app servers for container managed security.
          </description>
       </init-param>
+-->
    </filter>
 
    <!-- map all requests to the SecurityFilter, control what it does with configuration settings -->
@@ -37,6 +39,7 @@
       <url-pattern>/*</url-pattern>
    </filter-mapping>
 
+<!--
    <servlet>
       <servlet-name>NoResponseServlet</servlet-name>
       <description>For Orion only</description>
@@ -47,6 +50,7 @@
       <servlet-name>NoResponseServlet</servlet-name>
       <url-pattern>/logMeIn</url-pattern>
    </servlet-mapping>
+-->
 
    <!-- make the session time-out after one minute -->
    <session-config>
-- 
2.11.0