From bd1cf7162e0b8480ff1169d20f1a9d166e9d1ccd Mon Sep 17 00:00:00 2001 From: maxcooper Date: Mon, 26 Jan 2004 09:23:00 +0000 Subject: [PATCH] moved persistent package to org.securityfilter.authenticator --- .../authenticator/FormAuthenticator.java | 10 +- .../persistent/DefaultPersistentLoginManager.java | 548 +++++++++++++++++++++ .../PersistentLoginManagerInterface.java | 132 +++++ .../org/securityfilter/config/SecurityConfig.java | 12 +- 4 files changed, 691 insertions(+), 11 deletions(-) create mode 100644 src/share/org/securityfilter/authenticator/persistent/DefaultPersistentLoginManager.java create mode 100644 src/share/org/securityfilter/authenticator/persistent/PersistentLoginManagerInterface.java diff --git a/src/share/org/securityfilter/authenticator/FormAuthenticator.java b/src/share/org/securityfilter/authenticator/FormAuthenticator.java index 5671348..d01d1a8 100644 --- a/src/share/org/securityfilter/authenticator/FormAuthenticator.java +++ b/src/share/org/securityfilter/authenticator/FormAuthenticator.java @@ -1,7 +1,7 @@ /* - * $Header: /cvsroot/securityfilter/securityfilter/src/share/org/securityfilter/authenticator/FormAuthenticator.java,v 1.7 2004/01/26 09:19:10 maxcooper Exp $ - * $Revision: 1.7 $ - * $Date: 2004/01/26 09:19:10 $ + * $Header: /cvsroot/securityfilter/securityfilter/src/share/org/securityfilter/authenticator/FormAuthenticator.java,v 1.8 2004/01/26 09:23:09 maxcooper Exp $ + * $Revision: 1.8 $ + * $Date: 2004/01/26 09:23:09 $ * * ==================================================================== * The SecurityFilter Software License, Version 1.1 @@ -58,7 +58,7 @@ package org.securityfilter.authenticator; import org.securityfilter.config.SecurityConfig; import org.securityfilter.filter.*; import org.securityfilter.realm.SecurityRealmInterface; -import org.securityfilter.persistent.PersistentLoginManagerInterface; +import org.securityfilter.authenticator.persistent.PersistentLoginManagerInterface; import javax.servlet.FilterConfig; import javax.servlet.http.*; @@ -69,7 +69,7 @@ import java.security.Principal; * FormAuthenticator - authenticator implementation for the FORM auth method. * * @author Max Cooper (max@maxcooper.com) - * @version $Revision: 1.7 $ $Date: 2004/01/26 09:19:10 $ + * @version $Revision: 1.8 $ $Date: 2004/01/26 09:23:09 $ */ public class FormAuthenticator implements Authenticator { diff --git a/src/share/org/securityfilter/authenticator/persistent/DefaultPersistentLoginManager.java b/src/share/org/securityfilter/authenticator/persistent/DefaultPersistentLoginManager.java new file mode 100644 index 0000000..45d3cf3 --- /dev/null +++ b/src/share/org/securityfilter/authenticator/persistent/DefaultPersistentLoginManager.java @@ -0,0 +1,548 @@ +/* + * $Header: /cvsroot/securityfilter/securityfilter/src/share/org/securityfilter/authenticator/persistent/DefaultPersistentLoginManager.java,v 1.1 2004/01/26 09:23:01 maxcooper Exp $ + * $Revision: 1.1 $ + * $Date: 2004/01/26 09:23:01 $ + * + * ==================================================================== + * The SecurityFilter Software License, Version 1.1 + * + * (this license is derived and fully compatible with the Apache Software + * License - see http://www.apache.org/LICENSE.txt) + * + * Copyright (c) 2002 SecurityFilter.org. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. The end-user documentation included with the redistribution, + * if any, must include the following acknowledgment: + * "This product includes software developed by + * SecurityFilter.org (http://www.securityfilter.org/)." + * Alternately, this acknowledgment may appear in the software itself, + * if and wherever such third-party acknowledgments normally appear. + * + * 4. The name "SecurityFilter" must not be used to endorse or promote + * products derived from this software without prior written permission. + * For written permission, please contact license@securityfilter.org . + * + * 5. Products derived from this software may not be called "SecurityFilter", + * nor may "SecurityFilter" appear in their name, without prior written + * permission of SecurityFilter.org. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED + * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE SECURITY FILTER PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF + * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND + * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * ==================================================================== + */ + +package org.securityfilter.authenticator.persistent; + +import javax.crypto.*; +import javax.crypto.spec.DESKeySpec; +import javax.servlet.ServletException; +import javax.servlet.http.*; +import java.io.*; +import java.security.*; + +/** + * DefaultPersistentLoginManager manages the saving and retrieving of the + * persistant logins for the "remember me" functionality. This implementation uses + * client cookies to save the login information and incroporates cookie validation + * and encryption + * + * @author David Reed (dreed10@neo.rr.com) + * @author Max Cooper (max@maxcooper.com) + * @version $Revision: 1.1 $ $Date: 2004/01/26 09:23:01 $ + */ +public class DefaultPersistentLoginManager implements Serializable, PersistentLoginManagerInterface { + + protected String cookieLife = "15"; + protected String protection = "all"; + protected String validationKey; + protected String encryptionKey; + protected String useIP = "true"; + protected String encryptionAlgorithm = "DES"; + protected String encryptionMode = "ECB"; + protected String encryptionPadding = "PKCS5Padding"; + protected String cipherParameters; + + protected String valueBeforeMD5 = ""; + protected String valueAfterMD5 = ""; + protected SecretKey secretKey; + protected static final String COOKIE_USERNAME = "username"; + protected static final String COOKIE_PASSWORD = "password"; + protected static final String COOKIE_REMEMBERME = "rememberme"; + protected static final String COOKIE_VALIDATION = "validation"; + protected static final String PROTECTION_ALL = "all"; + protected static final String PROTECTION_VALIDATION = "validation"; + protected static final String PROTECTION_ENCRYPTION = "encryption"; + protected static final String PROTECTION_NONE = "none"; + + /** + * The constructor method initializes the cipherParameters variable in case the + * implementation intends to use encryption to secure user names and passwords + */ + public DefaultPersistentLoginManager() { + initCypherParameters(); + } + + /** + * Remember a specific login + * + * @param request the servlet request + * @param response the servlet response + * @param username the username tha's being remembered + * @param password the password that's being remembered + */ + public void rememberLogin( + HttpServletRequest request, + HttpServletResponse response, + String username, + String password + ) throws IOException, ServletException { + if (protection.equals(PROTECTION_ALL) || protection.equals(PROTECTION_ENCRYPTION)) { + username = encryptText(username); + password = encryptText(password); + if (username == null || password == null) { + System.out.println("ERROR!!"); + System.out.println("There was a problem encrypting the username or password!!"); + System.out.println("Remember Me function will be disabled!!"); + return; + } + } + // create client cookie to store username and password + Cookie usernameCookie = new Cookie(COOKIE_USERNAME, username); + usernameCookie.setMaxAge(60 * 60 * 24 * Integer.parseInt(cookieLife)); + response.addCookie(usernameCookie); + Cookie passwdCookie = new Cookie(COOKIE_PASSWORD, password); + passwdCookie.setMaxAge(60 * 60 * 24 * Integer.parseInt(cookieLife)); + response.addCookie(passwdCookie); + Cookie rememberCookie = new Cookie(COOKIE_REMEMBERME, "true"); + rememberCookie.setMaxAge(60 * 60 * 24 * Integer.parseInt(cookieLife)); + response.addCookie(rememberCookie); + if (protection.equals(PROTECTION_ALL) || protection.equals(PROTECTION_VALIDATION)) { + String validationHash = getValidationHash(username, password, request.getRemoteAddr()); + if (validationHash != null) { + Cookie validationCookie = new Cookie(COOKIE_VALIDATION, validationHash); + validationCookie.setMaxAge(60 * 60 * 24 * Integer.parseInt(cookieLife)); + response.addCookie(validationCookie); + } else { + System.out.println("WARNING!!! WARNING!!!"); + System.out.println("PROTECTION=ALL or PROTECTION=VALIDATION was specified"); + System.out.println("but Validation Hash could NOT be generated"); + System.out.println("Validation has been disabled!!!!"); + } + } + return; + } + + /** + * Forget a login + * + * @param request the servlet request + * @param response the servlet response + */ + public void forgetLogin(HttpServletRequest request, HttpServletResponse response) + throws IOException, ServletException { + removeCookie(request, response, COOKIE_USERNAME); + removeCookie(request, response, COOKIE_PASSWORD); + removeCookie(request, response, COOKIE_REMEMBERME); + removeCookie(request, response, COOKIE_VALIDATION); + return; + } + + /** + * Ask "Are we remembering logins" + * + * @param request the servlet request + * @return true if login cookie was found + */ + public boolean rememberingLogin(HttpServletRequest request) { + if (getCookieValue(request.getCookies(), COOKIE_REMEMBERME, "false").equals("true")) { + return true; + } else { + return false; + } + } + + /** + * Get remembered username + * + * @param request the servlet request + * @param response the servlet response + * @return the username value or null if not found or a problem with security of cookie + */ + public String getRememberedUsername( + HttpServletRequest request, + HttpServletResponse response + ) throws IOException, ServletException { + String username = getCookieValue(request.getCookies(), COOKIE_USERNAME, "false"); + String password = getCookieValue(request.getCookies(), COOKIE_PASSWORD, "false"); + + String validationHash = getCookieValue(request.getCookies(), COOKIE_VALIDATION, "false"); + if (!username.equals("false")) { + if (!validationHash.equals("false")) { + //check hash + String calculatedHash = getValidationHash(username, password, request.getRemoteAddr()); + if (validationHash.equals(calculatedHash)) { + if (protection.equals(PROTECTION_ALL) || protection.equals(PROTECTION_ENCRYPTION)) { + username = decryptText(username); + } + return username; + } else { + System.out.println("!remember-me cookie validation hash mismatch! "); + System.out.println("!remember-me cookie has been tampered with! "); + System.out.println("!remember-me cookie is being deleted! "); + removeCookie(request, response, COOKIE_USERNAME); + removeCookie(request, response, COOKIE_PASSWORD); + removeCookie(request, response, COOKIE_REMEMBERME); + removeCookie(request, response, COOKIE_VALIDATION); + return null; + } + } else { + if (protection.equals(PROTECTION_ALL) || protection.equals(PROTECTION_ENCRYPTION)) { + username = decryptText(username); + } + return username; + } + } else { + return null; + } + } + + /** + * Get remembered password + * + * @param request the servlet request + * @param response the servlet response + * @return the password value or null if not found or a problem with security of cookie + */ + public String getRememberedPassword( + HttpServletRequest request, + HttpServletResponse response + ) throws IOException, ServletException { + String username = getCookieValue(request.getCookies(), COOKIE_USERNAME, "false"); + String password = getCookieValue(request.getCookies(), COOKIE_PASSWORD, "false"); + + String validationHash = getCookieValue(request.getCookies(), COOKIE_VALIDATION, "false"); + if (!password.equals("false")) { + if (!validationHash.equals("false")) { + String calculatedHash = getValidationHash(username, password, request.getRemoteAddr()); + if (validationHash.equals(calculatedHash)) { + if (protection.equals(PROTECTION_ALL) || protection.equals(PROTECTION_ENCRYPTION)) { + password = decryptText(password); + } + return password; + } else { + System.out.println("!remember-me cookie validation hash mismatch! "); + System.out.println("!remember-me cookie has been tampered with! "); + System.out.println("!remember-me cookie is being deleted! "); + removeCookie(request, response, COOKIE_USERNAME); + removeCookie(request, response, COOKIE_PASSWORD); + removeCookie(request, response, COOKIE_REMEMBERME); + removeCookie(request, response, COOKIE_VALIDATION); + return null; + } + } else { + if (protection.equals(PROTECTION_ALL) || protection.equals(PROTECTION_ENCRYPTION)) { + password = decryptText(password); + } + return password; + } + } else { + return null; + } + } + + /** + * Set Cookie Life + * + * @param cookieLife The cookie life in days as defined in config file + */ + public void setCookieLife(String cookieLife) { + this.cookieLife = cookieLife; + } + + /** + * Set protection level for the "Remember Me" functionality + * + * @param protection The protection level as defined in config file.
+ * valid values are:
+ * ALL (this is the default)
+ * VALIDATION
+ * ENCRYPTION
+ * NONE
+ */ + public void setProtection(String protection) { + if ( + protection.toLowerCase().trim().equals(PROTECTION_ALL) + || protection.toLowerCase().trim().equals(PROTECTION_VALIDATION) + || protection.toLowerCase().trim().equals(PROTECTION_ENCRYPTION) + || protection.toLowerCase().trim().equals(PROTECTION_NONE) + ) { + this.protection = protection.toLowerCase().trim(); + } else { + System.out.println("*ERROR - Invalid protection setting!!!" + protection); + System.out.println("*ERROR - setting protection to default -->=" + PROTECTION_ALL); + this.protection = PROTECTION_ALL; + } + } + + /** + * Set the Validation Key used to generate hash value, the hash value is stored + * with the cookie and used to verify that the cookie has not been tampered with + * + * @param validationkey The validation key as defined in config file. + * This is a required config entry if protection is set + * to ALL or VALIDATION + */ + public void setValidationKey(String validationkey) { + this.validationKey = validationkey; + } + + /** + * Set the Encryptin Key used to create a secret key, the secret key is passed + * to the Cipher object to be used during encryption and decryption of cookie + * values. + *

+ * NOTE: This entry in the config file must NOT appear before any of the other + * encryption config entries + * + * @param encryptionkey A String containing the encryption key as + * defined in config file. This is a required + * config entry if protection is set to ALL or ENCRYPTION. + */ + public void setEncryptionKey(String encryptionkey) { + this.encryptionKey = encryptionkey; + try { + SecretKeyFactory keyFactory = SecretKeyFactory.getInstance(encryptionAlgorithm); + byte[] desKeyData = encryptionkey.getBytes(); + DESKeySpec desKeySpec = new DESKeySpec(desKeyData); + secretKey = keyFactory.generateSecret(desKeySpec); + } catch (Exception e) { + System.out.println("Error: " + e); + e.printStackTrace(); + } + } + + /** + * Set the UseIP variable used to determine if the client's IP address + * should be included in the hash calculation when using validation + * + * @param useIP The UseIP as defined in config file. + */ + public void setUseIP(String useIP) { + this.useIP = useIP.toLowerCase().trim(); + } + + /** + * Set the Encryption Algorithm used to encrypt and decrypt cookies + * + * @param encryptionAlgorithm The encryptionAlgorithm as defined in config file. + */ + public void setEncryptionAlgorithm(String encryptionAlgorithm) { + this.encryptionAlgorithm = encryptionAlgorithm.trim(); + initCypherParameters(); + } + + /** + * Set the Encryption Mode used to encrypt and decrypt cookies + * + * @param encryptionMode The encryptionMode as defined in config file. + */ + public void setEncryptionMode(String encryptionMode) { + this.encryptionMode = encryptionMode.trim(); + initCypherParameters(); + } + + /** + * Set the Encryption Padding used to encrypt and decrypt cookies + * + * @param encryptionPadding The encryptionPadding as defined in config file. + */ + public void setEncryptionPadding(String encryptionPadding) { + this.encryptionPadding = encryptionPadding.trim(); + initCypherParameters(); + } + + /** + * Initialize the cypherParameters variable. + */ + private void initCypherParameters() { + cipherParameters = encryptionAlgorithm + "/" + encryptionMode + "/" + encryptionPadding; + } + + /** + * Given an array of Cookies, a name, and a default value, + * this method tries to find the value of the cookie with + * the given name. If there is no cookie matching the name + * in the array, then the default value is returned instead. + */ + private static String getCookieValue(Cookie[] cookies, String cookieName, String defaultValue) { + if (cookies != null) { + for (int i = 0; i < cookies.length; i++) { + Cookie cookie = cookies[i]; + if (cookieName.equals(cookie.getName())) { + return (cookie.getValue()); + } + } + } + return (defaultValue); + } + + /** + * Given an array of cookies and a name, this method tries + * to find and return the cookie from the array that has + * the given name. If there is no cookie matching the name + * in the array, null is returned. + */ + private static Cookie getCookie(Cookie[] cookies, String cookieName) { + if (cookies != null) { + for (int i = 0; i < cookies.length; i++) { + Cookie cookie = cookies[i]; + if (cookieName.equals(cookie.getName())) { + return (cookie); + } + } + } + return null; + } + + /** + * Remove a cookie. + * + * @param request + * @param response + * @param cookieName + */ + private void removeCookie(HttpServletRequest request, HttpServletResponse response, String cookieName) { + Cookie cookie = getCookie(request.getCookies(), cookieName); + if (cookie != null) { + cookie.setMaxAge(0); + response.addCookie(cookie); + } + } + + /** + * Get validation hash for the specified parameters. + * + * @param username + * @param password + * @param clientIP + * @return validation hash + */ + private String getValidationHash(String username, String password, String clientIP) { + if (validationKey == null) { + System.out.println("ERROR! >> validationKey not spcified...."); + System.out.println("ERROR! >> you are REQUIRED to specify the validatonkey in the config xml"); + return null; + } + MessageDigest md5 = null; + StringBuffer sbValueBeforeMD5 = new StringBuffer(); + + try { + md5 = MessageDigest.getInstance("MD5"); + } catch (NoSuchAlgorithmException e) { + System.out.println("Error: " + e); + } + + try { + sbValueBeforeMD5.append(username.toString()); + sbValueBeforeMD5.append(":"); + sbValueBeforeMD5.append(password.toString()); + sbValueBeforeMD5.append(":"); + if (useIP.equals("true")) { + sbValueBeforeMD5.append(clientIP.toString()); + sbValueBeforeMD5.append(":"); + } + sbValueBeforeMD5.append(validationKey.toString()); + + valueBeforeMD5 = sbValueBeforeMD5.toString(); + md5.update(valueBeforeMD5.getBytes()); + + byte[] array = md5.digest(); + StringBuffer sb = new StringBuffer(); + for (int j = 0; j < array.length; ++j) { + int b = array[j] & 0xFF; + if (b < 0x10) sb.append('0'); + sb.append(Integer.toHexString(b)); + } + valueAfterMD5 = sb.toString(); + } catch (Exception e) { + System.out.println("Error:" + e); + } + return valueAfterMD5; + } + + /** + * Encrypt a string. + * + * @param clearText + * @return clearText, encrypted + */ + private String encryptText(String clearText) { + sun.misc.BASE64Encoder encoder = new sun.misc.BASE64Encoder(); + try { + Cipher c1 = Cipher.getInstance(cipherParameters); + if (secretKey != null) { + c1.init(c1.ENCRYPT_MODE, secretKey); + byte clearTextBytes[]; + clearTextBytes = clearText.getBytes(); + byte encryptedText[] = c1.doFinal(clearTextBytes); + String encryptedEncodedText = encoder.encode(encryptedText); + return encryptedEncodedText; + } else { + System.out.println("ERROR! >> SecretKey not generated ...."); + System.out.println("ERROR! >> you are REQUIRED to specify the encryptionKey in the config xml"); + return null; + } + } catch (Exception e) { + System.out.println("Error: " + e); + e.printStackTrace(); + return null; + } + } + + /** + * Decrypt a string. + * + * @param encryptedText + * @return encryptedText, decrypted + */ + private String decryptText(String encryptedText) { + sun.misc.BASE64Decoder decoder = new sun.misc.BASE64Decoder(); + try { + byte decodedEncryptedText[] = decoder.decodeBuffer(encryptedText); + Cipher c1 = Cipher.getInstance(cipherParameters); + c1.init(c1.DECRYPT_MODE, secretKey); + byte[] decryptedText = c1.doFinal(decodedEncryptedText); + String decryptedTextString = new String(decryptedText); + return decryptedTextString; + } catch (Exception e) { + System.out.println("Error: " + e); + e.printStackTrace(); + return null; + } + } +} + +// ---------------------------------------------------------------------------- +// EOF \ No newline at end of file diff --git a/src/share/org/securityfilter/authenticator/persistent/PersistentLoginManagerInterface.java b/src/share/org/securityfilter/authenticator/persistent/PersistentLoginManagerInterface.java new file mode 100644 index 0000000..df44132 --- /dev/null +++ b/src/share/org/securityfilter/authenticator/persistent/PersistentLoginManagerInterface.java @@ -0,0 +1,132 @@ +/* + * $Header: /cvsroot/securityfilter/securityfilter/src/share/org/securityfilter/authenticator/persistent/PersistentLoginManagerInterface.java,v 1.1 2004/01/26 09:23:00 maxcooper Exp $ + * $Revision: 1.1 $ + * $Date: 2004/01/26 09:23:00 $ + * + * ==================================================================== + * The SecurityFilter Software License, Version 1.1 + * + * (this license is derived and fully compatible with the Apache Software + * License - see http://www.apache.org/LICENSE.txt) + * + * Copyright (c) 2002 SecurityFilter.org. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. The end-user documentation included with the redistribution, + * if any, must include the following acknowledgment: + * "This product includes software developed by + * SecurityFilter.org (http://www.securityfilter.org/)." + * Alternately, this acknowledgment may appear in the software itself, + * if and wherever such third-party acknowledgments normally appear. + * + * 4. The name "SecurityFilter" must not be used to endorse or promote + * products derived from this software without prior written permission. + * For written permission, please contact license@securityfilter.org . + * + * 5. Products derived from this software may not be called "SecurityFilter", + * nor may "SecurityFilter" appear in their name, without prior written + * permission of SecurityFilter.org. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED + * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE SECURITY FILTER PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF + * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND + * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * ==================================================================== + */ + +package org.securityfilter.authenticator.persistent; + +import javax.servlet.ServletException; +import javax.servlet.http.*; +import java.io.IOException; + +/** + * PersistentLoginManagerInterface - Interface for the "remember me" implementation class. Implement this interface to + * provide a specific mechanism to persist login information to support the "remember me" SecurityFilter function. + * + * @author David Reed (dreed10@neo.rr.com.com) + * @author Max Cooper (max@maxcooper.com) + * @version $Revision: 1.1 $ $Date: 2004/01/26 09:23:00 $ + */ +public interface PersistentLoginManagerInterface { + + /** + * Remember a specific login + * + * @param request the servlet request + * @param response the servlet response + * @param username the username tha's being remembered + * @param password the password that's being remembered + */ + public void rememberLogin( + HttpServletRequest request, + HttpServletResponse response, + String username, + String password + ) throws IOException, ServletException; + + /** + * Forget a login + * + * @param request the servlet request + * @param response the servlet response + */ + public void forgetLogin( + HttpServletRequest request, + HttpServletResponse response + ) throws IOException, ServletException; + + /** + * Ask "Are we remembering logins" + * + * @param request the servlet request + * @return true if login cookie was found + */ + public boolean rememberingLogin(HttpServletRequest request); + + /** + * Get remembered username + * + * @param request the servlet request + * @param response the servlet response + * @return the username value or null if not found or a problem with security of cookie + */ + public String getRememberedUsername( + HttpServletRequest request, + HttpServletResponse response + ) throws IOException, ServletException; + + /** + * Get remembered password + * + * @param request the servlet request + * @param response the servlet response + * @return the password value or null if not found or a problem with security of cookie + */ + public String getRememberedPassword( + HttpServletRequest request, + HttpServletResponse response + ) throws IOException, ServletException; +} + +// ---------------------------------------------------------------------------- +// EOF \ No newline at end of file diff --git a/src/share/org/securityfilter/config/SecurityConfig.java b/src/share/org/securityfilter/config/SecurityConfig.java index 5720050..7c91aaa 100644 --- a/src/share/org/securityfilter/config/SecurityConfig.java +++ b/src/share/org/securityfilter/config/SecurityConfig.java @@ -1,7 +1,7 @@ /* - * $Header: /cvsroot/securityfilter/securityfilter/src/share/org/securityfilter/config/SecurityConfig.java,v 1.15 2004/01/26 09:19:10 maxcooper Exp $ - * $Revision: 1.15 $ - * $Date: 2004/01/26 09:19:10 $ + * $Header: /cvsroot/securityfilter/securityfilter/src/share/org/securityfilter/config/SecurityConfig.java,v 1.16 2004/01/26 09:23:19 maxcooper Exp $ + * $Revision: 1.16 $ + * $Date: 2004/01/26 09:23:19 $ * * ==================================================================== * The SecurityFilter Software License, Version 1.1 @@ -56,7 +56,7 @@ package org.securityfilter.config; import org.apache.commons.digester.Digester; -import org.securityfilter.persistent.PersistentLoginManagerInterface; +import org.securityfilter.authenticator.persistent.PersistentLoginManagerInterface; import org.securityfilter.realm.SecurityRealmInterface; import org.xml.sax.*; @@ -72,7 +72,7 @@ import java.util.*; * @author Max Cooper (max@maxcooper.com) * @author Daya Sharma (iamdaya@yahoo.com, billydaya@sbcglobal.net) * @author David Reed (dreed10@neo.rr.com) - * @version $Revision: 1.15 $ $Date: 2004/01/26 09:19:10 $ + * @version $Revision: 1.16 $ $Date: 2004/01/26 09:23:19 $ */ public class SecurityConfig { @@ -317,7 +317,7 @@ public class SecurityConfig { digester.addSetNext( "securityfilter-config/login-config/remember-me", "setPersistentLoginManager", - "org.securityfilter.persistent.PersistentLoginManagerInterface" + "org.securityfilter.authenticator.persistent.PersistentLoginManagerInterface" ); // security-constraint -- 2.11.0