View Javadoc
1   package com.atlassian.refapp.auth.internal;
2   
3   import com.atlassian.sal.api.user.UserRole;
4   import com.atlassian.seraph.auth.AuthenticationContext;
5   import com.atlassian.seraph.auth.Authenticator;
6   import com.atlassian.seraph.auth.AuthenticatorException;
7   import com.atlassian.user.GroupManager;
8   import com.atlassian.user.UserManager;
9   import org.apache.velocity.VelocityContext;
10  
11  import javax.servlet.ServletException;
12  import javax.servlet.http.HttpServletRequest;
13  import javax.servlet.http.HttpServletResponse;
14  import java.io.IOException;
15  import java.security.Principal;
16  
17  public class LoginServlet extends BaseVelocityServlet {
18      private final Authenticator auth;
19      private final UserContextHelper userHelper;
20  
21      public LoginServlet(Authenticator auth, AuthenticationContext authenticationContext, UserManager userManager, GroupManager groupManager) {
22          super();
23          this.auth = auth;
24          this.userHelper = new UserContextHelper(authenticationContext, userManager, groupManager);
25      }
26  
27      @Override
28      protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
29          response.setContentType("text/html;charset=UTF-8");
30  
31          VelocityContext context = createDefaultVelocityContext();
32          context.put("redir", getContextRelativeRequestURL(request));
33  
34          final String requestedUserRole = request.getParameter("user_role");
35          UserRole userRole = requestedUserRole != null ? UserRole.valueOf(requestedUserRole) : UserRole.USER;
36          context.put("user_role", userRole.toString());
37  
38          context.put(userRole.toString().toLowerCase() + "Required", Boolean.TRUE);
39  
40          Principal user = auth.getUser(request);
41          if (user == null) {
42              context.put("loginURI", request.getContextPath() + "/plugins/servlet/login");
43              getTemplate("/login.vm").merge(context, response.getWriter());
44          } else {
45  
46              if (userRole.equals(UserRole.SYSADMIN) && !userHelper.isRemoteUserSystemAdministrator() ||
47                      userRole.equals(UserRole.ADMIN) && !userHelper.isRemoteUserAdministrator()) {
48                  context.put("loginURI", request.getContextPath() + "/plugins/servlet/login");
49                  getTemplate("/login.vm").merge(context, response.getWriter());
50  
51                  try {
52                      auth.logout(request, response);
53                  } catch (AuthenticatorException e) {
54                      throw new ServletException(e);
55                  }
56              } else {
57                  if(request.getParameter("os_destination") == null){
58                      response.sendRedirect(request.getContextPath() + "/plugins/servlet/users");
59                  }
60              }
61          }
62      }
63  
64      @Override
65      protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
66          RedirectHelper.redirect(req, resp);
67      }
68  
69      private String getContextRelativeRequestURL(HttpServletRequest request) {
70          if (request.getParameter("redir") != null) {
71              return request.getParameter("redir");
72          }
73  
74          StringBuilder redir = new StringBuilder(request.getServletPath());
75          String path = request.getPathInfo();
76          if (path != null && path.length() > 0) {
77              redir.append(path);
78          }
79          String query = request.getQueryString();
80          if (query != null && query.length() > 0) {
81              redir.append('?').append(query);
82          }
83          return redir.toString();
84      }
85  }