/*
* $Id: SimpleWebAuthorization.java,v 1.5 2002/09/16 08:05:07 jkl Exp $
*
* Copyright (c) 2002 Njet Communications Ltd. All Rights Reserved.
*
* Use is subject to license terms, as defined in
* Anvil Sofware License, Version 1.1. See LICENSE
* file, or http://njet.org/license-1.1.txt
*/
package anvil.server.simple;
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import anvil.server.Zone;
import anvil.server.AccessPreferences;
import anvil.server.Authorization;
import anvil.server.Realm;
import anvil.server.Citizen;
import anvil.server.Templates;
import anvil.server.Context;
import anvil.server.MimeTypes;
import anvil.server.ConfigurationError;
import anvil.server.RedirectException;
import anvil.session.Session;
import anvil.core.net.AnyContext;
import anvil.script.Module;
import anvil.Product;
/**
* class SimpleWebAuthorization
*
* @author: Simo Tuokko
*/
public class SimpleWebAuthorization implements Authorization
{
private Zone _zone;
private AccessPreferences _prefs;
private String loginPath = "/login.nvl";
private String forwardPath = "/";
private boolean ipAuth = false;
public SimpleWebAuthorization()
{
}
public void initialize(Zone zone)
{
_zone = zone;
_prefs = zone.getAccessPreferences();
if (_prefs.getPreference("loginpath") == null) {
_zone.log().error("WebAuthorization: 'loginpath' not found from configuration, using default: "+loginPath);
} else {
loginPath = (String)_prefs.getPreference("loginpath");
}
if (_prefs.getPreference("forwardpath") != null) {
forwardPath = (String)_prefs.getPreference("forwardpath");
}
String tmp = (String)_prefs.getPreference("ipauth");
if (tmp != null && tmp.trim().equalsIgnoreCase("true")) {
ipAuth = true;
}
}
public Realm getRealm()
{
return _zone.getRealm(_prefs.getRealm());
}
public boolean isSessionRequired()
{
return true;
}
public boolean authorize(Context context) throws IOException
{
if (!_prefs.getRequired()) {
return true;
}
Realm realm = getRealm();
Session session = context.getSession();
if (realm == null) {
context.log().error("Couldn't get realm named '"+_prefs.getRealm()+"'");
try {
String contentType = MimeTypes.guessContentType(context.getRequest());
Templates.message(context, contentType, 500);
} catch(IOException e) {
context.log().error("Error while writing '500 Internal Server Error' response", e);
}
return false;
}
if (session == null) {
//cannot authorize if there's no session
return false;
}
String citizenName = session.getCitizen();
Citizen citizen = null;
if (citizenName != null) {
citizen = realm.getCitizen(citizenName);
}
if (citizen != null && citizen.getRealm().equals(realm)) {
return true;
} else {
HttpServletRequest request = context.getRequest();
String clientIp = request.getRemoteAddr();
context.log().info("client ip: "+clientIp);
Citizen[] searchResult = realm.searchCitizenByVariable("ctz.ip", clientIp);
if (searchResult != null && searchResult.length > 0) {
context.setCitizen(searchResult[0]);
context.log().info("web: ipauthentication ok");
if (context.getOriginalPathinfo().equals(loginPath)) {
throw new RedirectException(context.getSession().getId(), forwardPath);
}
return true;
}
String username = request.getParameter("webauth.username");
String password = request.getParameter("webauth.password");
context.getSession().removeAttribute("webauth.failedUser");
if (username != null && password != null && username.length() > 0) {
citizen = realm.getCitizen(username);
context.log().info("username: '"+username+"' citizen: "+citizen);
if (citizen != null && citizen.verifyCredentials(password)) {
context.setCitizen(citizen);
context.log().info("web: authentication ok");
if (context.getOriginalPathinfo().equals(loginPath)) {
throw new RedirectException(context.getSession().getId(), forwardPath);
}
return true;
} else {
context.log().info("web: no user found or wrong pass");
context.getSession().setAttribute("webauth.failedUser", username);
}
}
if (context.getOriginalPathinfo().equals(loginPath)) {
//allow viewing of the login page
return true;
}
context.log().info("web: Forwarding to login page..");
redirectLogin(context);
return false;
//throw new RedirectException(context.getSession().getId(), loginPath);
}
}
private void redirectLogin(Context context) {
try {
AnyContext anyContext = new AnyContext(context);
context.getResponse().setHeader("Cache-Control", "no-cache");
Zone zone = context.getZone();
Module script = zone.getServer().getCache().load(zone.resolve(loginPath)).getModule();
Product product = new Product(
context.getAddress(), context.getOutputStream(), context.getCitizen(), script);
try {
product.forge("service", anyContext);
} finally {
product.destroy();
product = null;
}
} catch(Exception e) {
context.log().error("Error while redirecting: "+e);
}
}
public void stop()
{
_zone.log().info("Authorization " + this + " stopped");
}
}