[jboss-user] [Security & JAAS/JBoss] - Re: Autologin Form Based Authentication with Cookie

[kevin70]

I use this to autologin the first time a user registers...don't know if this helps


  | import java.io.IOException;
  | import java.util.Iterator;
  | 
  | import javax.servlet.Filter;
  | import javax.servlet.FilterChain;
  | import javax.servlet.FilterConfig;
  | import javax.servlet.ServletException;
  | import javax.servlet.ServletRequest;
  | import javax.servlet.ServletResponse;
  | import javax.servlet.http.HttpServletRequest;
  | import javax.servlet.http.HttpServletResponse;
  | 
  | import org.apache.commons.httpclient.Cookie;
  | import org.apache.commons.httpclient.HttpClient;
  | import org.apache.commons.httpclient.HttpException;
  | import org.apache.commons.httpclient.HttpMethod;
  | import org.apache.commons.httpclient.HttpState;
  | import org.apache.commons.httpclient.HttpStatus;
  | import org.apache.commons.httpclient.methods.GetMethod;
  | import org.apache.log4j.Logger;
  | 
  | 
  | /**
  |  * @web.filter name="autoLoginFilter" display-name="Auto Login Filter"
  |  * @web.filter-mapping url-pattern="/autologin/*"
  |  */
  | 
  | public class AutoLoginFilter implements Filter {
  | 
  | 	private String protectUrl = "http://~";
  | 	private String jsecurityUrl = "http://~"; 
  | 	
  | 	private static Logger log = Logger.getLogger(AutoLoginFilter.class);
  | 
  | 	private FilterConfig filterConfig;
  | 
  | 	public void doFilter(ServletRequest request, ServletResponse response,
  | 			FilterChain chain) {
  | 		
  | 		log.debug("Called doFilter");
  | 
  | 		try {
  | 
  | 			HttpServletRequest realrequest = (HttpServletRequest)request;			
  | 			
  | 			
  | 			String username = (String)realrequest.getSession().getAttribute("username");
  | 			String password = (String)realrequest.getSession().getAttribute("password");
  | 			
  | 			log.debug("Autologin: " + username);
  | 			
  | 			HttpClient client = new HttpClient();
  | 			
  | 			HttpMethod get = new GetMethod(protectUrl);
  | 						
  | 			HttpState state = new HttpState();
  | 			Cookie cookie = new Cookie(~domain, "JSESSIONID", realrequest.getSession().getId() );
  | 			
  | 			cookie.setPath("/");
  | 			
  | 			log.debug("Cookie: " + cookie.toExternalForm());
  | 			log.debug("Cookie Domain: " + cookie.getDomain());
  | 			log.debug("Cookie Path: " + cookie.getPath());			
  | 			log.debug("Cookie Seucre: " + cookie.getSecure());
  | 			
  | 			state.addCookie(cookie);
  | 			client.setState(state);
  | 			
  | 		    try {
  | 
  | 		        int statusCode = client.executeMethod(get);
  | 
  | 		        if (statusCode != HttpStatus.SC_OK) {
  | 		          log.error("Method failed: " + get.getStatusLine());
  | 		        }		    
  | 		        
  | 		      } catch (HttpException e) {
  | 		        log.error("Fatal protocol violation: " + e.getMessage());
  | 		      } catch (IOException e) {
  | 		    	log.error("Fatal transport error: " + e.getMessage());
  | 		      } finally {		       
  | 		        get.releaseConnection();
  | 		        
  | 		        String form = jsecurityUrl + "?j_username=" + username + "&j_password=" + password;
  | 		        
  | 				HttpMethod get2 = new GetMethod(form);
  | 								
  | 				int statusCode2 = client.executeMethod(get2);				
  | 		        
  | 				log.debug("Autologin Status Code: " + statusCode2);
  | 				
  | 				/*
  | 				uncomment to debug
  | 			    byte[] responseBody = get2.getResponseBody();
  | 			    log.debug("Response:" + new String(responseBody));
  | 				*/
  | 				
  | 				get2.releaseConnection();
  | 				
  | 		      } 			
  | 		      
  | 		      HttpServletResponse realresponse = (HttpServletResponse)response;
  | 		      realresponse.sendRedirect(realrequest.getContextPath() + "/secure");
  | 		      
  | 		} catch (IOException io) {
  | 			log.error("IOException:" + io.toString());
  | 		} 
  | 		
  | 		
  | 	}
  | 
  | 	public FilterConfig getFilterConfig() {
  | 		return this.filterConfig;
  | 	}
  | 
  | 	public void setFilterConfig(FilterConfig filterConfig) {
  | 		this.filterConfig = filterConfig;
  | 	}
  | 
  | 	public void destroy() {
  | 	}
  | 
  | 	public void init(FilterConfig arg0) throws ServletException {
  | 	}
  | 
  | }
  | 

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4177734#4177734

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4177734