[Yanel-commits] rev 58362 - in public/yanel/trunk/src/webapp/src/java/org/wyona/yanel/servlet: . security/impl
michi at wyona.com
michi at wyona.com
Thu May 19 11:30:39 CEST 2011
Author: michi
Date: 2011-05-19 11:30:38 +0200 (Thu, 19 May 2011)
New Revision: 58362
Modified:
public/yanel/trunk/src/webapp/src/java/org/wyona/yanel/servlet/YanelServlet.java
public/yanel/trunk/src/webapp/src/java/org/wyona/yanel/servlet/security/impl/AutoLogin.java
public/yanel/trunk/src/webapp/src/java/org/wyona/yanel/servlet/security/impl/DefaultWebAuthenticatorImpl.java
Log:
AutoLogin continued including the patch of Balz
Modified: public/yanel/trunk/src/webapp/src/java/org/wyona/yanel/servlet/YanelServlet.java
===================================================================
--- public/yanel/trunk/src/webapp/src/java/org/wyona/yanel/servlet/YanelServlet.java 2011-05-19 09:29:33 UTC (rev 58361)
+++ public/yanel/trunk/src/webapp/src/java/org/wyona/yanel/servlet/YanelServlet.java 2011-05-19 09:30:38 UTC (rev 58362)
@@ -236,7 +236,7 @@
String yanelUsecase = request.getParameter(YANEL_USECASE);
if(yanelUsecase != null && yanelUsecase.equals("logout")) {
- AutoLogin.removeCookie(request);
+ AutoLogin.removeCookie(request, response);
// INFO: Logout from Yanel
if(doLogout(request, response) != null) return;
} else if(yanelUsecase != null && yanelUsecase.equals("create")) { // TODO: Why does that not go through access control?
@@ -1065,7 +1065,13 @@
if (identity == null || (identity != null && identity.isWorld())) {
Cookie autoLoginCookie = AutoLogin.getCookie(request);
if (autoLoginCookie != null) {
- // Try auto-login
+ try {
+ if (AutoLogin.matchCookie(autoLoginCookie, realm.getRepository())) {
+ // TODO: login
+ }
+ } catch(Exception e) {
+ log.error(e, e);
+ }
}
}
Modified: public/yanel/trunk/src/webapp/src/java/org/wyona/yanel/servlet/security/impl/AutoLogin.java
===================================================================
--- public/yanel/trunk/src/webapp/src/java/org/wyona/yanel/servlet/security/impl/AutoLogin.java 2011-05-19 09:29:33 UTC (rev 58361)
+++ public/yanel/trunk/src/webapp/src/java/org/wyona/yanel/servlet/security/impl/AutoLogin.java 2011-05-19 09:30:38 UTC (rev 58362)
@@ -1,31 +1,125 @@
package org.wyona.yanel.servlet.security.impl;
+import java.util.UUID;
+
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.apache.log4j.Logger;
+
/**
* Utility class in order to support auto login
*/
public class AutoLogin {
+ private static Logger log = Logger.getLogger(AutoLogin.class);
+ private static final String COOKIE_NAME = "YANELAUTOLOGIN";
+ private static final String SEP = "___";
+
/**
* Set cookie
*/
public static Cookie setCookie(String username, HttpServletRequest request, HttpServletResponse response) {
- return null;
+ Cookie result = null;
+ if (username != null) {
+ String token = UUID.randomUUID().toString();
+ Cookie cookie = new Cookie(COOKIE_NAME,token+SEP+username);
+ cookie.setMaxAge(Integer.MAX_VALUE);
+ response.addCookie(cookie);
+ result = cookie;
+ }
+ return result;
}
/**
* Get cookie
*/
public static Cookie getCookie(HttpServletRequest request) {
- return null;
+ Cookie result = null;
+ try {
+ for (Cookie c : request.getCookies()) {
+ if (c.getName().equals(COOKIE_NAME)) {
+ result = c;
+ break;
+ }
+ }
+
+ } catch (Exception e) {
+ log.error("Error in retrieving cookie from request");
+ log.error(e,e);
+ }
+
+ return result;
}
+
+ public static String getUsername(HttpServletRequest request) {
+ String result = null;
+ Cookie cookie = getCookie(request);
+ if (cookie != null) {
+ result = getUsername(cookie);
+ }
+ return result;
+ }
+ public static String getUsername(Cookie cookie) {
+ String result = null;
+ if (cookie != null) {
+ try {
+ result = cookie.getValue();
+ result = result.substring(result.lastIndexOf(SEP)+SEP.length());
+ } catch (Exception e) {
+ log.error("Can not extract username from cookie with name '"+cookie.getName()+"' and value '"+cookie.getValue()+"'");
+ log.error(e,e);
+ }
+ }
+ return result;
+ }
+
+ public static String getToken(HttpServletRequest request) {
+ String result = null;
+ Cookie cookie = getCookie(request);
+ if (cookie != null) {
+ result = getToken(cookie);
+ }
+ return result;
+ }
+
+ public static String getToken(Cookie cookie) {
+ String result = null;
+ if (cookie != null) {
+ try {
+ result = cookie.getValue();
+ result = result.substring(0, result.lastIndexOf(SEP));
+ } catch (Exception e) {
+ log.error("Can not extract token from cookie with name '"+cookie.getName()+"' and value '"+cookie.getValue()+"'");
+ log.error(e,e);
+ }
+ }
+ return result;
+ }
+
/**
* Remove cookie
*/
- public static void removeCookie(HttpServletRequest request) {
+ public static void removeCookie(HttpServletRequest request, HttpServletResponse response) {
+ Cookie cookie = new Cookie(COOKIE_NAME,"");
+ cookie.setMaxAge(0);
+ response.addCookie(cookie);
}
+
+ /**
+ * Save auto login token persistently
+ */
+ public static void saveToken(Cookie cookie, org.wyona.yarep.core.Repository repo) {
+ // TODO
+ }
+
+ /**
+ * Check whether cookie and token match
+ */
+ public static boolean matchCookie(Cookie cookie, org.wyona.yarep.core.Repository repo) {
+ // TODO
+ return false;
+ }
}
Modified: public/yanel/trunk/src/webapp/src/java/org/wyona/yanel/servlet/security/impl/DefaultWebAuthenticatorImpl.java
===================================================================
--- public/yanel/trunk/src/webapp/src/java/org/wyona/yanel/servlet/security/impl/DefaultWebAuthenticatorImpl.java 2011-05-19 09:29:33 UTC (rev 58361)
+++ public/yanel/trunk/src/webapp/src/java/org/wyona/yanel/servlet/security/impl/DefaultWebAuthenticatorImpl.java 2011-05-19 09:30:38 UTC (rev 58362)
@@ -103,7 +103,7 @@
String loginPassword = request.getParameter("yanel.login.password");
if (loginPassword != null && authenticate(loginUsername, loginPassword, realm, session)) {
log.debug("Login was successful");
- doAutoLogin(request, response, loginUsername, openID);
+ doAutoLogin(request, response, loginUsername, openID, realm);
return null;
}
if (loginPassword == null) {
@@ -605,12 +605,14 @@
/**
* Handle "auto login"
*/
- private static boolean doAutoLogin(HttpServletRequest request, HttpServletResponse response, String loginUsername, String openID) {
+ private static boolean doAutoLogin(HttpServletRequest request, HttpServletResponse response, String loginUsername, String openID, Realm realm) throws Exception {
if (request.getParameter("auto-login") != null) {
log.warn("TODO: Implement auto-login");
// Set auto login cookie containing username and secure token, whereas create new secure token per session
// Implement this as utility method such that it can be re-used independent of the default authenticator!
- AutoLogin.setCookie(loginUsername, request, response); // TODO: What about openID?!
+ Cookie autoLoginCookie = AutoLogin.setCookie(loginUsername, request, response); // TODO: What about openID?!
+ //AutoLogin.saveToken(autoLoginCookie, realm.getIdentityManager().getUserManager());
+ AutoLogin.saveToken(autoLoginCookie, realm.getRepository());
return true;
} else {
log.debug("Ignore auto login...");
More information about the Yanel-commits
mailing list