1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46 package org.melati.login;
47
48
49 import javax.servlet.http.Cookie;
50 import javax.servlet.http.HttpServletRequest;
51 import javax.servlet.http.HttpServletResponse;
52 import javax.servlet.http.HttpSession;
53
54 import org.melati.Melati;
55 import org.melati.poem.AccessPoemException;
56 import org.melati.poem.PoemThread;
57 import org.melati.poem.User;
58 import org.melati.util.HttpServletRequestParameters;
59 import org.melati.util.HttpUtil;
60 import org.melati.util.MD5Util;
61 import org.melati.util.ReconstructedHttpServletRequest;
62 import org.melati.util.ReconstructedHttpServletRequestMismatchException;
63 import org.melati.util.UTF8URLEncoder;
64
65
66
67
68
69 public class HttpSessionAccessHandler implements AccessHandler {
70
71
72 public static final String
73 OVERLAY_PARAMETERS =
74 "org.melati.login.HttpSessionAccessHandler.overlayParameters";
75
76 public static final String
77 USER =
78 "org.melati.login.HttpSessionAccessHandler.user";
79
80
81
82
83
84
85
86
87 protected String loginPageServletClassName() {
88 return "org.melati.login.Login";
89 }
90
91
92
93
94
95
96
97
98
99
100
101
102 public String loginPageURL(Melati melati, HttpServletRequest request) {
103 StringBuffer url = new StringBuffer();
104 HttpUtil.appendRelativeZoneURL(url, request);
105 url.append('/');
106 url.append(loginPageServletClassName());
107 url.append('/');
108 url.append(melati.getPoemContext().getLogicalDatabase());
109 url.append('/');
110
111 return url.toString();
112 }
113
114
115
116
117
118
119
120
121 public void handleAccessException(Melati melati,
122 AccessPoemException accessException)
123 throws Exception {
124 HttpServletRequest request = melati.getRequest();
125 HttpServletResponse response = melati.getResponse();
126 HttpSession session = request.getSession(true);
127 session.setAttribute(Login.TRIGGERING_REQUEST_PARAMETERS,
128 new HttpServletRequestParameters(request));
129 session.setAttribute(Login.TRIGGERING_EXCEPTION, accessException);
130 melati.getWriter().reset();
131 response.sendRedirect(loginPageURL(melati, request));
132 }
133
134
135
136
137
138
139
140
141
142
143
144
145
146 public Melati establishUser(Melati melati) {
147
148 String ldb = melati.getPoemContext().getLogicalDatabase();
149 HttpSession session = melati.getSession();
150 synchronized (session) {
151 User user = (User)session.getAttribute(USER);
152 if (user == null) {
153 user = getUserFromCookie(melati,ldb);
154 if (user != null) {
155 String cookie = getCookieValue(melati,ldb+user.getLogin());
156 if (cookie == null ||
157 !cookie.equals(MD5Util.encode(user.getPassword())))
158 user = null;
159 }
160 }
161 logUsIn(melati,user);
162 }
163 return melati;
164 }
165
166
167
168
169
170
171
172
173 protected void logUsIn(Melati melati, User user) {
174 PoemThread.setAccessToken(
175 user == null ? melati.getDatabase().guestAccessToken() : user);
176 }
177
178
179
180
181
182
183
184
185 User getUserFromCookie(Melati melati,String key) {
186 String login = getCookieValue(melati,key);
187 if (login == null) return null;
188 return (User)melati.getDatabase().getUserTable().getLoginColumn().
189 firstWhereEq(login);
190 }
191
192
193
194
195
196
197
198
199 String getCookieValue(Melati melati,String key) {
200
201
202 key = UTF8URLEncoder.encode(key);
203 Cookie[] cookies = melati.getRequest().getCookies();
204 if(cookies == null) return null;
205 for (int i=0; i<cookies.length; i++) {
206 Cookie c = cookies[i];
207 if (c.getName().equals(key))
208 return UTF8URLEncoder.decode(c.getValue());
209 }
210 return null;
211 }
212
213
214
215
216
217
218
219
220 public void buildRequest(Melati melati)
221 throws ReconstructedHttpServletRequestMismatchException {
222 HttpSession session = melati.getSession();
223
224
225
226
227 synchronized (session) {
228 HttpServletRequestParameters oldParams =
229 (HttpServletRequestParameters)session.getAttribute(OVERLAY_PARAMETERS);
230
231 if (oldParams != null) {
232 session.removeAttribute(OVERLAY_PARAMETERS);
233
234
235
236
237 melati.setRequest(
238 new ReconstructedHttpServletRequest(oldParams,
239 melati.getRequest()));
240 }
241 }
242 }
243 }