8:04 a.m.
Author: julien_viet
Date: 2010-03-05 09:04:49 -0500 (Fri, 05 Mar 2010)
New Revision: 2004
Modified:
portal/trunk/component/web/src/main/java/org/exoplatform/web/login/InitiateLoginServlet.java
portal/trunk/component/web/src/main/java/org/exoplatform/web/login/PortalLoginController.java
portal/trunk/web/portal/src/main/webapp/login/jsp/login.jsp
Log:
- fix bug in direct url authentication (like
http://localhost:8080/portal/private/classic)
- simplified the flow of the InitiateLoginServlet
- added debug during the auth process
Modified:
portal/trunk/component/web/src/main/java/org/exoplatform/web/login/InitiateLoginServlet.java
===================================================================
---
portal/trunk/component/web/src/main/java/org/exoplatform/web/login/InitiateLoginServlet.java 2010-03-05
13:19:56 UTC (rev 2003)
+++
portal/trunk/component/web/src/main/java/org/exoplatform/web/login/InitiateLoginServlet.java 2010-03-05
14:04:49 UTC (rev 2004)
@@ -25,6 +25,8 @@
import org.exoplatform.web.security.security.AbstractTokenService;
import org.exoplatform.web.security.security.CookieTokenService;
import org.exoplatform.web.security.security.TransientTokenService;
+import org.gatein.common.logging.Logger;
+import org.gatein.common.logging.LoggerFactory;
import java.io.IOException;
@@ -43,12 +45,11 @@
*/
public class InitiateLoginServlet extends AbstractHttpServlet
{
- /**
- * Serial version ID
- */
- private static final long serialVersionUID = -2553824531076121642L;
/** . */
+ private static final Logger log =
LoggerFactory.getLogger(InitiateLoginServlet.class);
+
+ /** . */
public static final String COOKIE_NAME = "rememberme";
/** . */
@@ -59,62 +60,64 @@
{
resp.setContentType("text/html; charset=UTF-8");
HttpSession session = req.getSession();
+
+ // Looking for credentials stored in the session
Credentials credentials =
(Credentials)session.getAttribute(InitiateLoginServlet.CREDENTIALS);
- session.setAttribute("initialURI",
req.getAttribute("javax.servlet.forward.request_uri"));
+ //
if (credentials == null)
{
- String token = getTokenCookie(req);
PortalContainer pContainer = PortalContainer.getInstance();
ServletContext context = pContainer.getPortalContext();
+
+ //
+ String token = getRememberMeTokenCookie(req);
if (token != null)
{
AbstractTokenService tokenService =
AbstractTokenService.getInstance(CookieTokenService.class);
credentials = tokenService.validateToken(token, false);
if (credentials == null)
{
+ log.debug("Login initiated with no credentials in session but found
token an invalid " + token + " " +
+ "that will be cleared in next response");
+
+ // We clear the cookie in the next response as it was not valid
Cookie cookie = new Cookie(InitiateLoginServlet.COOKIE_NAME,
"");
cookie.setPath(req.getContextPath());
cookie.setMaxAge(0);
resp.addCookie(cookie);
+
// This allows the customer to define another login page without
// changing the portal
context.getRequestDispatcher("/login/jsp/login.jsp").include(req, resp);
- return;
}
+ else
+ {
+ // Send authentication request
+ log.debug("Login initiated with no credentials in session but found
token " + token + " with existing credentials, " +
+ "performing authentication");
+ sendAuth(resp, credentials.getUsername(), token);
+ }
}
else
{
// This allows the customer to define another login page without
// changing the portal
+ log.debug("Login initiated with no credentials in session and no token
cookie, redirecting to login page");
context.getRequestDispatcher("/login/jsp/login.jsp").include(req,
resp);
- return;
}
}
else
{
+ // We create a temporary token just for the login time
+ TransientTokenService tokenService =
AbstractTokenService.getInstance(TransientTokenService.class);
+ String token = tokenService.createToken(credentials);
req.getSession().removeAttribute(InitiateLoginServlet.CREDENTIALS);
+
+ // Send authentication request
+ log.debug("Login initiated with credentials in session, performing
authentication");
+ sendAuth(resp, credentials.getUsername(), token);
}
- String token = null;
- for (Cookie cookie : req.getCookies())
- {
- if (InitiateLoginServlet.COOKIE_NAME.equals(cookie.getName()))
- {
- String rememberme = req.getParameter(COOKIE_NAME);
- if (rememberme != null)
- {
- token = cookie.getValue();
- break;
- }
- }
- }
- if (token == null)
- {
- TransientTokenService tokenService =
AbstractTokenService.getInstance(TransientTokenService.class);
- token = tokenService.createToken(credentials);
- }
-
- sendAuth(resp, credentials.getUsername(), token);
}
protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws
ServletException, IOException
@@ -126,11 +129,16 @@
{
String url = "j_security_check?j_username=" + jUsername +
"&j_password=" + jPassword;
url = resp.encodeRedirectURL(url);
-
resp.sendRedirect(url);
}
- private String getTokenCookie(HttpServletRequest req)
+ /**
+ * Extract the remember me token from the request or returns null.
+ *
+ * @param req the incoming request
+ * @return the token
+ */
+ private String getRememberMeTokenCookie(HttpServletRequest req)
{
Cookie[] cookies = req.getCookies();
if (cookies != null)
Modified:
portal/trunk/component/web/src/main/java/org/exoplatform/web/login/PortalLoginController.java
===================================================================
---
portal/trunk/component/web/src/main/java/org/exoplatform/web/login/PortalLoginController.java 2010-03-05
13:19:56 UTC (rev 2003)
+++
portal/trunk/component/web/src/main/java/org/exoplatform/web/login/PortalLoginController.java 2010-03-05
14:04:49 UTC (rev 2004)
@@ -23,6 +23,8 @@
import org.exoplatform.web.security.Credentials;
import org.exoplatform.web.security.security.AbstractTokenService;
import org.exoplatform.web.security.security.CookieTokenService;
+import org.gatein.common.logging.Logger;
+import org.gatein.common.logging.LoggerFactory;
import java.io.IOException;
@@ -38,28 +40,28 @@
public class PortalLoginController extends AbstractHttpServlet
{
- /**
- * Serial version ID.
- */
- private static final long serialVersionUID = -9167273087235951389L;
+ /** . */
+ private static final Logger log =
LoggerFactory.getLogger(PortalLoginController.class);
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws
ServletException, IOException
{
- //
String username = req.getParameter("username");
String password = req.getParameter("password");
//
if (username == null)
{
+ log.error("Tried to access the portal login controller without username
provided");
resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "No username
provided");
}
if (password == null)
{
+ log.error("Tried to access the portal login controller without password
provided");
resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "No password
provided");
}
//
+ log.debug("Found username and password and set credentials in http
session");
Credentials credentials = new Credentials(username, password);
req.getSession().setAttribute(InitiateLoginServlet.CREDENTIALS, credentials);
@@ -70,7 +72,12 @@
if (uri == null || uri.length() == 0)
{
uri = req.getContextPath() + "/private/classic";
+ log.debug("No initial URI found, will use default " + uri + "
instead ");
}
+ else
+ {
+ log.debug("Found initial URI " + uri);
+ }
// if we do have a remember me
String rememberme = req.getParameter("rememberme");
@@ -82,6 +89,9 @@
//Create token
AbstractTokenService tokenService =
AbstractTokenService.getInstance(CookieTokenService.class);
String cookieToken = tokenService.createToken(credentials);
+
+ log.debug("Found a remember me request parameter, created a persistent
token " + cookieToken + " for it and set it up " +
+ "in the next response");
Cookie cookie = new Cookie(InitiateLoginServlet.COOKIE_NAME, cookieToken);
cookie.setPath(req.getContextPath());
cookie.setMaxAge((int)tokenService.getValidityTime() / 1000);
Modified: portal/trunk/web/portal/src/main/webapp/login/jsp/login.jsp
===================================================================
--- portal/trunk/web/portal/src/main/webapp/login/jsp/login.jsp 2010-03-05 13:19:56 UTC
(rev 2003)
+++ portal/trunk/web/portal/src/main/webapp/login/jsp/login.jsp 2010-03-05 14:04:49 UTC
(rev 2004)
@@ -43,7 +43,7 @@
cookie.setMaxAge(0);
response.addCookie(cookie);
- response.setCharacterEncoding("UTF-8");
+ response.setCharacterEncoding("UTF-8");
response.setContentType("text/html; charset=UTF-8");
%>
<!DOCTYPE html
@@ -70,7 +70,7 @@
%>
<font
color="red"><%=res.getString("UILoginForm.label.SigninFail")%></font><%}%>
<form name="loginForm" action="<%= contextPath +
"/login"%>" method="post" style="margin: 0px;">
- <input type="hidden" name="uri"
value="<%=session.getAttribute("initialURI") %>"/>
+ <input type="hidden" name="initialURI"
value="<%=request.getAttribute("javax.servlet.forward.request_uri")%>"/>
<table>
<tr class="FieldContainer">
<td
class="FieldLabel"><%=res.getString("UILoginForm.label.UserName")%></td>
5429
days inactive
5429
days old
gatein-commits@lists.jboss.org
0 comments
1 participants
participants (1)
-
do-not-reply@jboss.org