[Yanel-commits] rev 58362 - in public/yanel/trunk/src/webapp/src/java/org/wyona/yanel/servlet: . security/impl

michi at wyona.com michi at wyona.com
Thu May 19 11:30:38 CEST 2011


Author: michi
Date: 2011-05-19 11:30:38 +0200 (Thu, 19 May 2011)
New Revision: 58362

Modified:
   public/yanel/trunk/src/webapp/src/java/org/wyona/yanel/servlet/YanelServlet.java
   public/yanel/trunk/src/webapp/src/java/org/wyona/yanel/servlet/security/impl/AutoLogin.java
   public/yanel/trunk/src/webapp/src/java/org/wyona/yanel/servlet/security/impl/DefaultWebAuthenticatorImpl.java
Log:
AutoLogin continued including the patch of Balz

Modified: public/yanel/trunk/src/webapp/src/java/org/wyona/yanel/servlet/YanelServlet.java
===================================================================
--- public/yanel/trunk/src/webapp/src/java/org/wyona/yanel/servlet/YanelServlet.java	2011-05-19 09:29:33 UTC (rev 58361)
+++ public/yanel/trunk/src/webapp/src/java/org/wyona/yanel/servlet/YanelServlet.java	2011-05-19 09:30:38 UTC (rev 58362)
@@ -236,7 +236,7 @@
 
             String yanelUsecase = request.getParameter(YANEL_USECASE);
             if(yanelUsecase != null && yanelUsecase.equals("logout")) {
-                AutoLogin.removeCookie(request);
+                AutoLogin.removeCookie(request, response);
                 // INFO: Logout from Yanel
                 if(doLogout(request, response) != null) return;
             } else if(yanelUsecase != null && yanelUsecase.equals("create")) { // TODO: Why does that not go through access control?
@@ -1065,7 +1065,13 @@
         if (identity == null || (identity != null && identity.isWorld())) {
             Cookie autoLoginCookie = AutoLogin.getCookie(request);
             if (autoLoginCookie != null) {
-                // Try auto-login
+                try {
+                    if (AutoLogin.matchCookie(autoLoginCookie, realm.getRepository())) {
+                        // TODO: login
+                    }
+                } catch(Exception e) {
+                    log.error(e, e);
+                }
             }
         }
 

Modified: public/yanel/trunk/src/webapp/src/java/org/wyona/yanel/servlet/security/impl/AutoLogin.java
===================================================================
--- public/yanel/trunk/src/webapp/src/java/org/wyona/yanel/servlet/security/impl/AutoLogin.java	2011-05-19 09:29:33 UTC (rev 58361)
+++ public/yanel/trunk/src/webapp/src/java/org/wyona/yanel/servlet/security/impl/AutoLogin.java	2011-05-19 09:30:38 UTC (rev 58362)
@@ -1,31 +1,125 @@
 package org.wyona.yanel.servlet.security.impl;
 
+import java.util.UUID;
+
 import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.apache.log4j.Logger;
+
 /**
  * Utility class in order to support auto login
  */
 public class AutoLogin {
 
+    private static Logger log = Logger.getLogger(AutoLogin.class);
+    private static final String COOKIE_NAME = "YANELAUTOLOGIN";
+    private static final String SEP = "___";
+
     /**
      * Set cookie
      */
     public static Cookie setCookie(String username, HttpServletRequest request, HttpServletResponse response) {
-        return null;
+        Cookie result = null;
+        if (username != null) {
+            String token = UUID.randomUUID().toString();
+            Cookie cookie = new Cookie(COOKIE_NAME,token+SEP+username);
+            cookie.setMaxAge(Integer.MAX_VALUE);
+            response.addCookie(cookie);
+            result = cookie;
+        }
+        return result;
     }
 
     /**
      * Get cookie
      */
     public static Cookie getCookie(HttpServletRequest request) {
-        return null;
+        Cookie result = null;
+        try {
+            for (Cookie c : request.getCookies()) {
+                if (c.getName().equals(COOKIE_NAME)) {
+                    result = c;
+                    break;
+                }
+            }
+            
+        } catch (Exception e) {
+            log.error("Error in retrieving cookie from request");
+            log.error(e,e);
+        }
+        
+        return result;
     }
+    
+    public static String getUsername(HttpServletRequest request) {
+        String result = null;
+        Cookie cookie = getCookie(request);
+        if (cookie != null) {
+            result = getUsername(cookie);
+        }
+        return result;
+    }
 
+    public static String getUsername(Cookie cookie) {
+        String result = null;
+        if (cookie != null) {
+            try {
+                result = cookie.getValue();
+                result = result.substring(result.lastIndexOf(SEP)+SEP.length());
+            } catch (Exception e) {
+                log.error("Can not extract username from cookie with name '"+cookie.getName()+"' and value '"+cookie.getValue()+"'");
+                log.error(e,e);
+            }
+        }
+        return result;
+    }
+
+    public static String getToken(HttpServletRequest request) {
+        String result = null;
+        Cookie cookie = getCookie(request);
+        if (cookie != null) {
+            result = getToken(cookie);
+        }
+        return result;
+    }
+
+    public static String getToken(Cookie cookie) {
+        String result = null;
+        if (cookie != null) {
+            try {
+                result = cookie.getValue();
+                result = result.substring(0, result.lastIndexOf(SEP));
+            } catch (Exception e) {
+                log.error("Can not extract token from cookie with name '"+cookie.getName()+"' and value '"+cookie.getValue()+"'");
+                log.error(e,e);
+            }
+        }
+        return result;
+    }
+
     /**
      * Remove cookie
      */
-    public static void removeCookie(HttpServletRequest request) {
+    public static void removeCookie(HttpServletRequest request, HttpServletResponse response) {
+        Cookie cookie = new Cookie(COOKIE_NAME,"");
+        cookie.setMaxAge(0);
+        response.addCookie(cookie);
     }
+
+    /**
+     * Save auto login token persistently
+     */
+    public static void saveToken(Cookie cookie, org.wyona.yarep.core.Repository repo) {
+        // TODO
+    }
+
+    /**
+     * Check whether cookie and token match
+     */
+    public static boolean matchCookie(Cookie cookie, org.wyona.yarep.core.Repository repo) {
+        // TODO
+        return false;
+    }
 }

Modified: public/yanel/trunk/src/webapp/src/java/org/wyona/yanel/servlet/security/impl/DefaultWebAuthenticatorImpl.java
===================================================================
--- public/yanel/trunk/src/webapp/src/java/org/wyona/yanel/servlet/security/impl/DefaultWebAuthenticatorImpl.java	2011-05-19 09:29:33 UTC (rev 58361)
+++ public/yanel/trunk/src/webapp/src/java/org/wyona/yanel/servlet/security/impl/DefaultWebAuthenticatorImpl.java	2011-05-19 09:30:38 UTC (rev 58362)
@@ -103,7 +103,7 @@
                     String loginPassword = request.getParameter("yanel.login.password");
                     if (loginPassword != null && authenticate(loginUsername, loginPassword, realm, session)) {
                         log.debug("Login was successful");
-                        doAutoLogin(request, response, loginUsername, openID);
+                        doAutoLogin(request, response, loginUsername, openID, realm);
                         return null;
                     }
                     if (loginPassword == null) {
@@ -605,12 +605,14 @@
     /**
      * Handle "auto login"
      */
-    private static boolean doAutoLogin(HttpServletRequest request, HttpServletResponse response, String loginUsername, String openID) {
+    private static boolean doAutoLogin(HttpServletRequest request, HttpServletResponse response, String loginUsername, String openID, Realm realm) throws Exception {
         if (request.getParameter("auto-login") != null) {
             log.warn("TODO: Implement auto-login");
             // Set auto login cookie containing username and secure token, whereas create new secure token per session
             // Implement this as utility method such that it can be re-used independent of the default authenticator!
-            AutoLogin.setCookie(loginUsername, request, response); // TODO: What about openID?!
+            Cookie autoLoginCookie = AutoLogin.setCookie(loginUsername, request, response); // TODO: What about openID?!
+            //AutoLogin.saveToken(autoLoginCookie, realm.getIdentityManager().getUserManager());
+            AutoLogin.saveToken(autoLoginCookie, realm.getRepository());
             return true;
         } else {
             log.debug("Ignore auto login...");



More information about the Yanel-commits mailing list