FormAuthenticatorpublic class FormAuthenticator extends AuthenticatorBase | An Authenticator and Valve implementation of FORM BASED
Authentication, as described in the Servlet API Specification, Version 2.2. |
| Fields Summary |
|---|
| private static com.sun.org.apache.commons.logging.Log | log | | protected static final String | infoDescriptive information about this implementation. |
| Methods Summary |
|---|
| public boolean | authenticate(org.apache.catalina.HttpRequest request, org.apache.catalina.HttpResponse response, org.apache.catalina.deploy.LoginConfig config)Authenticate the user making this request, based on the specified
login configuration. Return true if any specified
constraint has been satisfied, or false if we have
created a response challenge already.
// References to objects we will need later
HttpServletRequest hreq =
(HttpServletRequest) request.getRequest();
HttpServletResponse hres =
(HttpServletResponse) response.getResponse();
Session session = null;
// Have we already authenticated someone?
Principal principal = hreq.getUserPrincipal();
if (principal != null) {
if (log.isDebugEnabled())
log.debug("Already authenticated '" +
principal.getName() + "'");
String ssoId = (String) request.getNote(Constants.REQ_SSOID_NOTE);
if (ssoId != null) {
getSession(request, true);
}
return (true);
}
// Have we authenticated this user before but have caching disabled?
if (!cache) {
session = getSession(request, true);
if (log.isDebugEnabled())
log.debug("Checking for reauthenticate in session " + session);
String username =
(String) session.getNote(Constants.SESS_USERNAME_NOTE);
String password =
(String) session.getNote(Constants.SESS_PASSWORD_NOTE);
if ((username != null) && (password != null)) {
if (log.isDebugEnabled())
log.debug("Reauthenticating username '" + username + "'");
principal =
context.getRealm().authenticate(username, password);
if (principal != null) {
session.setNote(Constants.FORM_PRINCIPAL_NOTE, principal);
if (!matchRequest(request)) {
register(request, response, principal,
Constants.FORM_METHOD,
username, password);
return (true);
}
}
if (log.isDebugEnabled())
log.debug("Reauthentication failed, proceed normally");
}
}
// Is this the re-submit of the original request URI after successful
// authentication? If so, forward the *original* request instead.
if (matchRequest(request)) {
session = getSession(request, true);
if (log.isDebugEnabled())
log.debug("Restore request from session '" + session.getIdInternal()
+ "'");
principal = (Principal)
session.getNote(Constants.FORM_PRINCIPAL_NOTE);
register(request, response, principal, Constants.FORM_METHOD,
(String) session.getNote(Constants.SESS_USERNAME_NOTE),
(String) session.getNote(Constants.SESS_PASSWORD_NOTE));
String ssoId = (String) request.getNote(Constants.REQ_SSOID_NOTE);
if (ssoId != null)
associate(ssoId, session);
if (restoreRequest(request, session)) {
if (log.isDebugEnabled())
log.debug("Proceed to restored request");
return (true);
} else {
if (log.isDebugEnabled())
log.debug("Restore of original request failed");
hres.sendError(HttpServletResponse.SC_BAD_REQUEST);
return (false);
}
}
// Acquire references to objects we will need to evaluate
MessageBytes uriMB = MessageBytes.newInstance();
CharChunk uriCC = uriMB.getCharChunk();
uriCC.setLimit(-1);
String contextPath = hreq.getContextPath();
String requestURI = request.getDecodedRequestURI();
response.setContext(request.getContext());
// Is this the action request from the login page?
boolean loginAction =
requestURI.startsWith(contextPath) &&
requestURI.endsWith(Constants.FORM_ACTION);
// No -- Save this request and redirect to the form login page
if (!loginAction) {
session = getSession(request, true);
if (log.isDebugEnabled())
log.debug("Save request in session '" + session.getIdInternal() + "'");
saveRequest(request, session);
//START Apache bug 36136: Refactor the login and error page forward
/*
RequestDispatcher disp =
context.getServletContext().getRequestDispatcher
(config.getLoginPage());
try {
disp.forward(hreq, hres);
response.finishResponse();
} catch (Throwable t) {
log.warn("Unexpected error forwarding to login page", t);
}
*/
forwardToLoginPage(request, response, config);
//END Apache bug 36136: Refactor the login and error page forward
return (false);
}
// Yes -- Validate the specified credentials and redirect
// to the error page if they are not correct
Realm realm = context.getRealm();
String username = hreq.getParameter(Constants.FORM_USERNAME);
String password = hreq.getParameter(Constants.FORM_PASSWORD);
if (log.isDebugEnabled())
log.debug("Authenticating username '" + username + "'");
principal = realm.authenticate(username, password);
if (principal == null) {
//START Apache bug 36136: Refactor the login and error page forward
/*
RequestDispatcher disp =
context.getServletContext().getRequestDispatcher
(config.getErrorPage());
try {
disp.forward(hreq, hres);
} catch (Throwable t) {
log.warn("Unexpected error forwarding to error page", t);
}
*/
forwardToErrorPage(request, response, config);
//END Apache bug 36136: Refactor the login and error page forward
return (false);
}
// Save the authenticated Principal in our session
if (log.isDebugEnabled())
log.debug("Authentication of '" + username + "' was successful");
if (session == null)
session = getSession(request, true);
session.setNote(Constants.FORM_PRINCIPAL_NOTE, principal);
// If we are not caching, save the username and password as well
if (!cache) {
session.setNote(Constants.SESS_USERNAME_NOTE, username);
session.setNote(Constants.SESS_PASSWORD_NOTE, password);
}
// Redirect the user to the original request URI (which will cause
// the original request to be restored)
requestURI = savedRequestURL(session);
if (requestURI == null) {
// requestURI will be null if the login form is submitted
// directly, i.e., if there has not been any original request
// that was stored away before the redirect to the login form was
// issued. In this case, assume that the original request has been
// for the context root, and have the welcome page mechanism take
// care of it
requestURI = hreq.getContextPath() + "/";
saveRequest(requestURI, hreq.getMethod(), session);
}
if (log.isDebugEnabled()) {
log.debug("Redirecting to original '" + requestURI + "'");
}
hres.sendRedirect(hres.encodeRedirectURL(requestURI));
return (false);
| | protected void | forwardToErrorPage(org.apache.catalina.HttpRequest request, org.apache.catalina.HttpResponse response, org.apache.catalina.deploy.LoginConfig config)Called to forward or redirect to the error page
ServletContext sc = context.getServletContext();
try {
if (request.getRequest().isSecure()) {
RequestDispatcher disp = sc.getRequestDispatcher
(config.getErrorPage());
disp.forward(request.getRequest(), response.getResponse());
} else {
((HttpServletResponse) response.getResponse()).sendRedirect(
sc.getContextPath() + config.getErrorPage());
}
} catch (Throwable t) {
log.warn("Unexpected error forwarding or redirecting to "
+ "error page", t);
}
| | protected void | forwardToLoginPage(org.apache.catalina.HttpRequest request, org.apache.catalina.HttpResponse response, org.apache.catalina.deploy.LoginConfig config)Called to forward or redirect to the login page.
ServletContext sc = context.getServletContext();
try {
if (request.getRequest().isSecure()) {
RequestDispatcher disp = sc.getRequestDispatcher
(config.getLoginPage());
disp.forward(request.getRequest(), response.getResponse());
response.finishResponse();
} else {
((HttpServletResponse) response.getResponse()).sendRedirect(
sc.getContextPath() + config.getLoginPage());
}
} catch (Throwable t) {
log.warn("Unexpected error forwarding or redirecting to "
+ "login page", t);
}
| | public java.lang.String | getInfo()Return descriptive information about this Valve implementation.
// ------------------------------------------------------------- Properties
return (this.info);
| | protected boolean | matchRequest(org.apache.catalina.HttpRequest request)Does this request match the saved one (so that it must be the redirect
we signalled after successful authentication?
// Has a session been created?
Session session = getSession(request, false);
if (session == null)
return (false);
// Is there a saved request?
SavedRequest sreq = (SavedRequest)
session.getNote(Constants.FORM_REQUEST_NOTE);
if (sreq == null)
return (false);
// Is there a saved principal?
if (session.getNote(Constants.FORM_PRINCIPAL_NOTE) == null)
return (false);
// Does the request URI match?
HttpServletRequest hreq = (HttpServletRequest) request.getRequest();
String requestURI = hreq.getRequestURI();
if (requestURI == null)
return (false);
return (requestURI.equals(sreq.getRequestURI()));
| | protected boolean | restoreRequest(org.apache.catalina.HttpRequest request, org.apache.catalina.Session session)Restore the original request from information stored in our session.
If the original request is no longer present (because the session
timed out), return false; otherwise, return
true.
// Retrieve and remove the SavedRequest object from our session
SavedRequest saved = (SavedRequest)
session.getNote(Constants.FORM_REQUEST_NOTE);
session.removeNote(Constants.FORM_REQUEST_NOTE);
session.removeNote(Constants.FORM_PRINCIPAL_NOTE);
if (saved == null)
return (false);
// Modify our current request to reflect the original one
request.clearCookies();
Iterator cookies = saved.getCookies();
while (cookies.hasNext()) {
request.addCookie((Cookie) cookies.next());
}
request.clearHeaders();
Iterator names = saved.getHeaderNames();
while (names.hasNext()) {
String name = (String) names.next();
Iterator values = saved.getHeaderValues(name);
while (values.hasNext()) {
request.addHeader(name, (String) values.next());
}
}
request.clearLocales();
Iterator locales = saved.getLocales();
while (locales.hasNext()) {
request.addLocale((Locale) locales.next());
}
request.clearParameters();
if ("POST".equalsIgnoreCase(saved.getMethod())) {
Iterator paramNames = saved.getParameterNames();
while (paramNames.hasNext()) {
String paramName = (String) paramNames.next();
String paramValues[] =
(String[]) saved.getParameterValues(paramName);
request.addParameter(paramName, paramValues);
}
}
request.setMethod(saved.getMethod());
request.setQueryString(saved.getQueryString());
request.setRequestURI(saved.getRequestURI());
return (true);
| | protected void | saveRequest(org.apache.catalina.HttpRequest request, org.apache.catalina.Session session)Save the original request information into our session.
//END Apache bug 36136: Refactor the login and error page forward
// Create and populate a SavedRequest object for this request
HttpServletRequest hreq = (HttpServletRequest) request.getRequest();
SavedRequest saved = new SavedRequest();
Cookie cookies[] = hreq.getCookies();
if (cookies != null) {
for (int i = 0; i < cookies.length; i++)
saved.addCookie(cookies[i]);
}
Enumeration names = hreq.getHeaderNames();
while (names.hasMoreElements()) {
String name = (String) names.nextElement();
Enumeration values = hreq.getHeaders(name);
while (values.hasMoreElements()) {
String value = (String) values.nextElement();
saved.addHeader(name, value);
}
}
Enumeration locales = hreq.getLocales();
while (locales.hasMoreElements()) {
Locale locale = (Locale) locales.nextElement();
saved.addLocale(locale);
}
Map parameters = hreq.getParameterMap();
Iterator paramNames = parameters.keySet().iterator();
while (paramNames.hasNext()) {
String paramName = (String) paramNames.next();
String paramValues[] = (String[]) parameters.get(paramName);
saved.addParameter(paramName, paramValues);
}
saved.setMethod(hreq.getMethod());
saved.setQueryString(hreq.getQueryString());
saved.setRequestURI(hreq.getRequestURI());
// Stash the SavedRequest in our session for later use
session.setNote(Constants.FORM_REQUEST_NOTE, saved);
| | private void | saveRequest(java.lang.String requestURI, java.lang.String method, org.apache.catalina.Session session)Saves the given request URI in the given session
SavedRequest saved = new SavedRequest();
saved.setMethod(method);
saved.setRequestURI(requestURI);
session.setNote(Constants.FORM_REQUEST_NOTE, saved);
| | protected java.lang.String | savedRequestURL(org.apache.catalina.Session session)Return the request URI (with the corresponding query string, if any)
from the saved request so that we can redirect to it.
//END Apache bug 36136: Refactor the login and error page forward
SavedRequest saved =
(SavedRequest) session.getNote(Constants.FORM_REQUEST_NOTE);
if (saved == null)
return (null);
StringBuffer sb = new StringBuffer(saved.getRequestURI());
if (saved.getQueryString() != null) {
sb.append('?");
sb.append(saved.getQueryString());
}
return (sb.toString());
|
|
