Author: alain_defrance Date: 2010-10-07 10:49:15 -0400 (Thu, 07 Oct 2010) New Revision: 4590 Added: portal/branches/wci/component/web/security/src/main/java/org/exoplatform/web/security/PortalLoginController.java Modified: portal/branches/wci/component/web/security/src/main/java/org/exoplatform/web/login/InitiateLoginServlet.java portal/branches/wci/component/web/security/src/main/java/org/exoplatform/web/login/RememberMeFilter.java portal/branches/wci/component/web/security/src/main/java/org/exoplatform/web/security/PortalLoginModule.java portal/branches/wci/examples/portal/war/src/main/webapp/WEB-INF/web.xml portal/branches/wci/web/portal/src/main/webapp/WEB-INF/web.xml Log: Fix remember me cookie creation Modified: portal/branches/wci/component/web/security/src/main/java/org/exoplatform/web/login/InitiateLoginServlet.java =================================================================== --- portal/branches/wci/component/web/security/src/main/java/org/exoplatform/web/login/InitiateLoginServlet.java 2010-10-07 14:42:11 UTC (rev 4589) +++ portal/branches/wci/component/web/security/src/main/java/org/exoplatform/web/login/InitiateLoginServlet.java 2010-10-07 14:49:15 UTC (rev 4590) @@ -66,9 +66,6 @@ // if (credentials == null) { - PortalContainer pContainer = PortalContainer.getInstance(); - ServletContext context = pContainer.getPortalContext(); - // String token = getRememberMeTokenCookie(req); if (token != null) @@ -117,30 +114,10 @@ log.debug("Login initiated with credentials in session, performing authentication"); if (result instanceof GenericAuthenticationResult) { - // if we do have a remember me - String rememberme = req.getParameter("rememberme"); - if ("true".equals(rememberme)) - { - boolean isRemember = "true".equals(req.getParameter(InitiateLoginServlet.COOKIE_NAME)); - if (isRemember) - { - //Create token - AbstractTokenService tokenService = AbstractTokenService.getInstance(CookieTokenService.class); - String cookieToken = tokenService.createToken(credentials); - - log.debug("Found a remember me request parameter, created a persistent token " + cookieToken + " for it and set it up " + - "in the next response"); - Cookie cookie = new Cookie(InitiateLoginServlet.COOKIE_NAME, cookieToken); - cookie.setPath(req.getContextPath()); - cookie.setMaxAge((int)tokenService.getValidityTime() / 1000); - resp.addCookie(cookie); - } - } ((GenericAuthenticationResult) result).perform(req, resp); } else - { - + { resp.sendRedirect(resp.encodeRedirectURL("")); } } Modified: portal/branches/wci/component/web/security/src/main/java/org/exoplatform/web/login/RememberMeFilter.java =================================================================== --- portal/branches/wci/component/web/security/src/main/java/org/exoplatform/web/login/RememberMeFilter.java 2010-10-07 14:42:11 UTC (rev 4589) +++ portal/branches/wci/component/web/security/src/main/java/org/exoplatform/web/login/RememberMeFilter.java 2010-10-07 14:49:15 UTC (rev 4590) @@ -19,9 +19,17 @@ package org.exoplatform.web.login; +import org.exoplatform.container.ExoContainer; +import org.exoplatform.container.web.AbstractFilter; +import org.exoplatform.web.security.security.CookieTokenService; import org.gatein.common.logging.Logger; import org.gatein.common.logging.LoggerFactory; import org.gatein.common.text.FastURLEncoder; +import org.gatein.wci.authentication.AuthenticationResult; +import org.gatein.wci.authentication.GenericAuthenticationResult; +import org.gatein.wci.authentication.ProgrammaticAuthenticationResult; +import org.gatein.wci.impl.DefaultServletContainerFactory; +import org.gatein.wci.security.Credentials; import javax.servlet.*; import javax.servlet.http.HttpServletRequest; @@ -36,18 +44,14 @@ * @author <a href="mailto:julien.viet@exoplatform.com">Julien Viet</a> * @version $Revision$ */ -public class RememberMeFilter implements Filter +public class RememberMeFilter extends AbstractFilter { /** . */ private static final FastURLEncoder CONVERTER = FastURLEncoder.getUTF8Instance(); /** . */ private static final Logger log = LoggerFactory.getLogger(RememberMeFilter.class); - - public void init(FilterConfig filterConfig) throws ServletException - { - } - + public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws IOException, ServletException { doFilter((HttpServletRequest)req, (HttpServletResponse)resp, chain); @@ -60,31 +64,27 @@ String token = InitiateLoginServlet.getRememberMeTokenCookie(req); if (token != null) { - StringBuilder builder = new StringBuilder(); - builder.append(req.getContextPath()); - builder.append("/private"); - String pathInfo = req.getPathInfo(); - if (pathInfo != null) + String s = privateUri(req); + + ExoContainer container = getContainer(); + Object o = + ((CookieTokenService)container.getComponentInstanceOfType(CookieTokenService.class)).validateToken( + token, false); + if (o instanceof Credentials) { - builder.append(pathInfo); - } - char sep = '?'; - for (Enumeration<String> e = req.getParameterNames();e.hasMoreElements();) - { - String parameterName = e.nextElement(); - for (String parameteValue : req.getParameterValues(parameterName)) + Credentials credentials = (Credentials) o; + AuthenticationResult result = DefaultServletContainerFactory.getInstance().getServletContainer() + .login(req, resp, credentials.getUsername(), credentials.getPassword()); + if (result instanceof GenericAuthenticationResult) { - builder.append(sep); - sep = '&'; - builder.append(CONVERTER.encode(parameterName)); - builder.append('='); - builder.append(CONVERTER.encode(parameteValue)); + ((GenericAuthenticationResult) result).perform(req, resp); } + else if (result instanceof ProgrammaticAuthenticationResult) + { + resp.sendRedirect(s); + } + return; } - String s = builder.toString(); - log.debug("Redirecting unauthenticated request with token " + token + " to URL " + s); - resp.sendRedirect(s); - return; } } @@ -95,4 +95,30 @@ public void destroy() { } + + private String privateUri(HttpServletRequest req) + { + StringBuilder builder = new StringBuilder(); + builder.append(req.getContextPath()); + builder.append("/private"); + String pathInfo = req.getPathInfo(); + if (pathInfo != null) + { + builder.append(pathInfo); + } + char sep = '?'; + for (Enumeration<String> e = req.getParameterNames();e.hasMoreElements();) + { + String parameterName = e.nextElement(); + for (String parameteValue : req.getParameterValues(parameterName)) + { + builder.append(sep); + sep = '&'; + builder.append(CONVERTER.encode(parameterName)); + builder.append('='); + builder.append(CONVERTER.encode(parameteValue)); + } + } + return builder.toString(); + } } Added: portal/branches/wci/component/web/security/src/main/java/org/exoplatform/web/security/PortalLoginController.java =================================================================== --- portal/branches/wci/component/web/security/src/main/java/org/exoplatform/web/security/PortalLoginController.java (rev 0) +++ portal/branches/wci/component/web/security/src/main/java/org/exoplatform/web/security/PortalLoginController.java 2010-10-07 14:49:15 UTC (rev 4590) @@ -0,0 +1,85 @@ +/* +* Copyright (C) 2003-2009 eXo Platform SAS. +* +* This is free software; you can redistribute it and/or modify it +* under the terms of the GNU Lesser General Public License as +* published by the Free Software Foundation; either version 2.1 of +* the License, or (at your option) any later version. +* +* This software is distributed in the hope that it will be useful, +* but WITHOUT ANY WARRANTY; without even the implied warranty of +* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +* Lesser General Public License for more details. +* +* You should have received a copy of the GNU Lesser General Public +* License along with this software; if not, write to the Free +* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA +* 02110-1301 USA, or see the FSF site: http://www.fsf.org. +*/ + +package org.exoplatform.web.security; + +import org.exoplatform.web.login.InitiateLoginServlet; +import org.exoplatform.web.security.security.AbstractTokenService; +import org.exoplatform.web.security.security.CookieTokenService; +import org.gatein.common.logging.Logger; +import org.gatein.common.logging.LoggerFactory; +import org.gatein.wci.security.WCILoginController; + +import javax.servlet.ServletException; +import javax.servlet.http.Cookie; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.io.IOException; + +/** + * @author <a href="mailto:alain.defrance@exoplatform.com">Alain Defrance</a> + * @version $Revision$ + */ +public class PortalLoginController extends WCILoginController { + + /** . */ + private static final Logger log = LoggerFactory.getLogger(PortalLoginController.class); + + @Override + protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { + super.doGet(req, resp); + + // Obtain initial URI + String uri = req.getParameter("initialURI"); + + // otherwise compute one + if (uri == null || uri.length() == 0) + { + uri = req.getContextPath() + "/private/classic"; + log.debug("No initial URI found, will use default " + uri + " instead "); + } + else + { + log.debug("Found initial URI " + uri); + } + + // if we do have a remember me + String rememberme = req.getParameter("rememberme"); + if ("true".equals(rememberme)) + { + boolean isRemember = "true".equals(req.getParameter(InitiateLoginServlet.COOKIE_NAME)); + if (isRemember) + { + //Create token + AbstractTokenService tokenService = AbstractTokenService.getInstance(CookieTokenService.class); + String cookieToken = tokenService.createToken(credentials); + + log.debug("Found a remember me request parameter, created a persistent token " + cookieToken + " for it and set it up " + + "in the next response"); + Cookie cookie = new Cookie(InitiateLoginServlet.COOKIE_NAME, cookieToken); + cookie.setPath(req.getContextPath()); + cookie.setMaxAge((int)tokenService.getValidityTime() / 1000); + resp.addCookie(cookie); + } + } + + // + resp.sendRedirect(uri); + } +} Modified: portal/branches/wci/component/web/security/src/main/java/org/exoplatform/web/security/PortalLoginModule.java =================================================================== --- portal/branches/wci/component/web/security/src/main/java/org/exoplatform/web/security/PortalLoginModule.java 2010-10-07 14:42:11 UTC (rev 4589) +++ portal/branches/wci/component/web/security/src/main/java/org/exoplatform/web/security/PortalLoginModule.java 2010-10-07 14:49:15 UTC (rev 4590) @@ -100,21 +100,22 @@ String password = new String(((PasswordCallback)callbacks[1]).getPassword()); Credentials c = null; - ExoContainer container = getContainer(); - Object o = - ((CookieTokenService)container.getComponentInstanceOfType(CookieTokenService.class)).validateToken( - password, false); - + // // For clustered config check credentials stored and propagated in session. This won't work in tomcat because // of lack of JACC PolicyContext so the code must be a bit defensive - if (o == null && getContextMethod != null && password.startsWith(InitiateLoginServlet.COOKIE_NAME)) + if (getContextMethod != null && password.startsWith(InitiateLoginServlet.COOKIE_NAME)) { HttpServletRequest request; try { request = (HttpServletRequest)getContextMethod.invoke(null, "javax.servlet.http.HttpServletRequest"); - o = request.getSession().getAttribute(AUTHENTICATED_CREDENTIALS); + Object o = request.getSession().getAttribute(AUTHENTICATED_CREDENTIALS); + + if (o instanceof Credentials) + { + c = (Credentials) o; + } } catch(Throwable e) { @@ -122,10 +123,6 @@ log.error("LoginModule error. Turn off session credentials checking with proper configuration option of " + "LoginModule set to false"); } - - if (o instanceof Credentials) { - c = (Credentials) o; - } } if (c != null) Modified: portal/branches/wci/examples/portal/war/src/main/webapp/WEB-INF/web.xml =================================================================== --- portal/branches/wci/examples/portal/war/src/main/webapp/WEB-INF/web.xml 2010-10-07 14:42:11 UTC (rev 4589) +++ portal/branches/wci/examples/portal/war/src/main/webapp/WEB-INF/web.xml 2010-10-07 14:49:15 UTC (rev 4590) @@ -169,7 +169,7 @@ <servlet> <servlet-name>PortalLoginController</servlet-name> - <servlet-class>org.gatein.wci.security.WCILoginController</servlet-class> + <servlet-class>org.exoplatform.web.security.PortalLoginController</servlet-class> </servlet> <servlet> <servlet-name>InitiateLoginServlet</servlet-name> Modified: portal/branches/wci/web/portal/src/main/webapp/WEB-INF/web.xml =================================================================== --- portal/branches/wci/web/portal/src/main/webapp/WEB-INF/web.xml 2010-10-07 14:42:11 UTC (rev 4589) +++ portal/branches/wci/web/portal/src/main/webapp/WEB-INF/web.xml 2010-10-07 14:49:15 UTC (rev 4590) @@ -209,7 +209,7 @@ <servlet> <servlet-name>PortalLoginController</servlet-name> - <servlet-class>org.gatein.wci.security.WCILoginController</servlet-class> + <servlet-class>org.exoplatform.web.security.PortalLoginController</servlet-class> </servlet> <servlet> <servlet-name>InitiateLoginServlet</servlet-name>