/** * Does this request match the saved one (so that it must be the redirect * we signalled after successful authentication? * * @param request The request to be verified */ protected boolean matchRequest(Request request) { // Has a session been created? Session session = request.getSessionInternal(false); if (session == null) return (false); // Is there a saved request? SavedRequest sreq = (SavedRequest) session.getNote(Constants.FORM_REQUEST_NOTE); if (sreq == null) return (false); // Is there a saved principal? if (session.getNote(Constants.FORM_PRINCIPAL_NOTE) == null) return (false); // Does the request URI match? String requestURI = request.getRequestURI(); if (requestURI == null) return (false); return (requestURI.equals(sreq.getRequestURI())); }
/** * Return the request URI (with the corresponding query string, if any) * from the saved request so that we can redirect to it. * * @param session Our current session */ protected String savedRequestURL(Session session) { SavedRequest saved = (SavedRequest) session.getNote(Constants.FORM_REQUEST_NOTE); if (saved == null) return (null); StringBuffer sb = new StringBuffer(saved.getRequestURI()); if (saved.getQueryString() != null) { sb.append('?'); sb.append(saved.getQueryString()); } return (sb.toString()); }
/** * Save the original request information into our session. * * @param request The request to be saved * @param session The session to contain the saved information * @throws IOException */ protected void saveRequest(Request request, Session session) throws IOException { // Create and populate a SavedRequest object for this request SavedRequest saved = new SavedRequest(); Cookie cookies[] = request.getCookies(); if (cookies != null) { for (int i = 0; i < cookies.length; i++) saved.addCookie(cookies[i]); } Enumeration names = request.getHeaderNames(); while (names.hasMoreElements()) { String name = (String) names.nextElement(); Enumeration values = request.getHeaders(name); while (values.hasMoreElements()) { String value = (String) values.nextElement(); saved.addHeader(name, value); } } Enumeration locales = request.getLocales(); while (locales.hasMoreElements()) { Locale locale = (Locale) locales.nextElement(); saved.addLocale(locale); } if ("POST".equalsIgnoreCase(request.getMethod())) { ByteChunk body = new ByteChunk(); body.setLimit(request.getConnector().getMaxSavePostSize()); byte[] buffer = new byte[4096]; int bytesRead; InputStream is = request.getInputStream(); while ( (bytesRead = is.read(buffer) ) >= 0) { body.append(buffer, 0, bytesRead); } saved.setBody(body); //saved.setContentType(request.getContentType()); } saved.setMethod(request.getMethod()); saved.setQueryString(request.getQueryString()); saved.setRequestURI(request.getRequestURI()); // Stash the SavedRequest in our session for later use session.setNote(Constants.FORM_REQUEST_NOTE, saved); }
/** * Process authenticated user and redirect to the original request. * * @param request The request. * @param response The HTTP response. * @param config Web-application login configuration. * @param principal Authenticated principal, or {@code null} if * authentication was unsuccessful, in which case the method forwards to the * configured error page. * @param loginName User login name. * @param password User password. * @param openID {@code true} if OpenID authentication. * * @throws IOException If an I/O error happens sending data in the response. */ protected void processAuthenticatedUser(final Request request, final HttpServletResponse response, final LoginConfig config, final Principal principal, final String loginName, final String password, final boolean openID) throws IOException { final boolean debug = this.log.isDebugEnabled(); // check if user authenticated if (principal == null) { if (debug) this.log.debug("failed to authenticate the user in the" + " realm, forwarding to the error page"); this.forwardToErrorPage(request, response, config); return; } if (debug) this.log.debug("successfully authenticated user " + principal.getName()); // save the principal data for the original request restoration final Session session = request.getSessionInternal(true); session.setNote(Constants.FORM_PRINCIPAL_NOTE, principal); session.setNote(Constants.SESS_USERNAME_NOTE, loginName); session.setNote(Constants.SESS_PASSWORD_NOTE, password); if (openID) session.setNote(OPENID_AUTH_NOTE, Boolean.TRUE); // get saved request URL from the session String savedRequestURL = this.savedRequestURL(session); if (savedRequestURL == null) { savedRequestURL = request.getContextPath() + (this.landingPage != null ? this.landingPage : ""); if (debug) this.log.debug("no saved requested in the session, making" + " it GET " + savedRequestURL); final SavedRequest saved = new SavedRequest(); saved.setMethod("GET"); saved.setRequestURI(savedRequestURL); saved.setDecodedRequestURI(savedRequestURL); session.setNote(Constants.FORM_REQUEST_NOTE, saved); } // redirect to the original request URL if (debug) this.log.debug("redirecting to the original request URL at " + savedRequestURL); response.sendRedirect(response.encodeRedirectURL(savedRequestURL)); }
/** * Process authenticated user and redirect to the original request. * * @param request The request. * @param response The HTTP response. * @param config Web-application login configuration. * @param principal Authenticated principal, or {@code null} if * authentication was unsuccessful, in which case the method forwards to the * configured error page. * @param loginName User login name. * @param password User password. * @param openID {@code true} if OpenID authentication. * * @throws IOException If an I/O error happens sending data in the response. */ protected void processAuthenticatedUser(Request request, HttpServletResponse response, LoginConfig config, Principal principal, String loginName, String password, boolean openID) throws IOException { final boolean debug = this.log.isDebugEnabled(); // check if user authenticated if (principal == null) { if (debug) this.log.debug("failed to authenticate the user in the" + " realm, forwarding to the error page"); this.forwardToErrorPage(request, response, config); return; } if (debug) this.log.debug("successfully authenticated user " + principal.getName()); // save the principal data for the original request restoration Session session = request.getSessionInternal(true); session.setNote(Constants.FORM_PRINCIPAL_NOTE, principal); session.setNote(Constants.SESS_USERNAME_NOTE, loginName); session.setNote(Constants.SESS_PASSWORD_NOTE, password); if (openID) session.setNote(OPENID_AUTH_NOTE, Boolean.TRUE); // get saved request URL from the session String savedRequestURL = this.savedRequestURL(session); if (savedRequestURL == null) { savedRequestURL = request.getContextPath() + (this.landingPage != null ? this.landingPage : ""); if (debug) this.log.debug("no saved requested in the session, making" + " it GET " + savedRequestURL); SavedRequest saved = new SavedRequest(); saved.setMethod("GET"); saved.setRequestURI(savedRequestURL); saved.setDecodedRequestURI(savedRequestURL); session.setNote(Constants.FORM_REQUEST_NOTE, saved); } // redirect to the original request URL if (debug) this.log.debug("redirecting to the original request URL at " + savedRequestURL); response.sendRedirect(response.encodeRedirectURL(savedRequestURL)); }
