1 package org
.argeo
.cms
.integration
;
3 import java
.io
.IOException
;
5 import javax
.security
.auth
.callback
.Callback
;
6 import javax
.security
.auth
.callback
.NameCallback
;
7 import javax
.security
.auth
.callback
.PasswordCallback
;
8 import javax
.security
.auth
.callback
.UnsupportedCallbackException
;
9 import javax
.security
.auth
.login
.LoginContext
;
10 import javax
.security
.auth
.login
.LoginException
;
11 import javax
.servlet
.ServletException
;
12 import javax
.servlet
.http
.HttpServlet
;
13 import javax
.servlet
.http
.HttpServletRequest
;
14 import javax
.servlet
.http
.HttpServletResponse
;
16 import org
.argeo
.cms
.auth
.CmsSessionId
;
17 import org
.argeo
.cms
.auth
.HttpRequestCallback
;
18 import org
.argeo
.cms
.auth
.HttpRequestCallbackHandler
;
19 import org
.argeo
.node
.NodeConstants
;
20 import org
.osgi
.service
.useradmin
.Authorization
;
22 import com
.google
.gson
.Gson
;
23 import com
.google
.gson
.GsonBuilder
;
24 import com
.google
.gson
.stream
.JsonWriter
;
26 /** Externally authenticate an http session. */
27 public class CmsLoginServlet
extends HttpServlet
{
28 private static final long serialVersionUID
= 2478080654328751539L;
29 private Gson gson
= new GsonBuilder().setPrettyPrinting().create();
32 protected void doGet(HttpServletRequest request
, HttpServletResponse response
)
33 throws ServletException
, IOException
{
34 doPost(request
, response
);
38 protected void doPost(HttpServletRequest request
, HttpServletResponse response
)
39 throws ServletException
, IOException
{
40 LoginContext lc
= null;
41 String username
= request
.getParameter("username");
42 String password
= request
.getParameter("password");
43 if (username
!= null && password
!= null) {
45 lc
= new LoginContext(NodeConstants
.LOGIN_CONTEXT_USER
,
46 new HttpRequestCallbackHandler(request
, response
) {
47 public void handle(Callback
[] callbacks
) throws IOException
, UnsupportedCallbackException
{
48 for (Callback callback
: callbacks
) {
49 if (callback
instanceof NameCallback
&& username
!= null)
50 ((NameCallback
) callback
).setName(username
);
51 else if (callback
instanceof PasswordCallback
&& password
!= null)
52 ((PasswordCallback
) callback
).setPassword(password
.toCharArray());
53 else if (callback
instanceof HttpRequestCallback
) {
54 ((HttpRequestCallback
) callback
).setRequest(request
);
55 ((HttpRequestCallback
) callback
).setResponse(response
);
62 CmsSessionId cmsSessionId
= (CmsSessionId
) lc
.getSubject().getPrivateCredentials(CmsSessionId
.class)
64 Authorization authorization
= (Authorization
) lc
.getSubject().getPrivateCredentials(Authorization
.class)
67 JsonWriter jsonWriter
= gson
.newJsonWriter(response
.getWriter());
68 jsonWriter
.beginObject();
70 jsonWriter
.name("username").value(authorization
.getName());
71 jsonWriter
.name("displayName").value(authorization
.toString());
73 jsonWriter
.name("roles").beginArray();
74 for (String role
: authorization
.getRoles())
75 if (!role
.equals(authorization
.getName()))
76 jsonWriter
.value(role
);
77 jsonWriter
.endArray();
79 jsonWriter
.name("cmsSession").beginObject();
80 jsonWriter
.name("uuid").value(cmsSessionId
.getUuid().toString());
81 jsonWriter
.endObject();
83 jsonWriter
.endObject();
85 String redirectTo
= redirectTo(request
);
86 if (redirectTo
!= null)
87 response
.sendRedirect(redirectTo
);
88 } catch (LoginException e
) {
89 response
.setStatus(403);
93 response
.setStatus(403);
98 /** Does nothing by default. */
99 protected void loginSucceeded(LoginContext lc
, HttpServletRequest request
, HttpServletResponse response
) {
103 /** Send HTTP code 403 by default. */
104 protected void loginFailed(LoginContext lc
, HttpServletRequest request
, HttpServletResponse response
) {
108 protected String
redirectTo(HttpServletRequest request
) {