View Javadoc
1   package com.atlassian.refapp.auth.internal;
2   
3   import com.atlassian.refapp.auth.external.WebSudoSessionManager;
4   import com.atlassian.seraph.auth.Authenticator;
5   import com.atlassian.seraph.auth.AuthenticatorException;
6   import org.apache.velocity.VelocityContext;
7   
8   import javax.servlet.ServletException;
9   import javax.servlet.http.HttpServletRequest;
10  import javax.servlet.http.HttpServletResponse;
11  import javax.servlet.http.HttpSession;
12  import java.io.IOException;
13  import java.security.Principal;
14  
15  import static com.google.common.base.Preconditions.checkNotNull;
16  
17  public final class WebSudoServlet extends BaseVelocityServlet {
18      private static final String LOGIN_PATH = "/plugins/servlet/login";
19      private final Authenticator auth;
20      private final WebSudoSessionManager webSudoSessionManager;
21  
22      public WebSudoServlet(final Authenticator auth, final WebSudoSessionManager webSudoSessionManager) {
23          super();
24          this.auth = checkNotNull(auth, "auth cannot be null");
25          this.webSudoSessionManager = checkNotNull(webSudoSessionManager, "webSudoSessionManager cannot be null");
26      }
27  
28      @Override
29      protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
30          response.setContentType("text/html;charset=UTF-8");
31  
32          final VelocityContext context = createDefaultVelocityContext();
33          context.put("redir", request.getParameter("redir"));
34  
35          final Principal user = auth.getUser(request);
36          if (user != null) {
37              context.put("username", user.getName());
38              context.put("websudoURI", request.getContextPath() + "/plugins/servlet/websudo");
39              getTemplate("/websudo.vm").merge(context, response.getWriter());
40          } else {
41              redirectToLogin(request, response);
42          }
43      }
44  
45      @Override
46      protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
47          final HttpSession session = request.getSession(false);
48          if (null == session) {
49              redirectToLogin(request, response);
50              return;
51          }
52  
53          try {
54              final Principal user = auth.getUser(request);
55              if (auth.login(request, response, user.getName(), request.getParameter("os_password"))) {
56                  webSudoSessionManager.createWebSudoSession(request);
57                  RedirectHelper.redirect(request, response);
58              } else {
59                  response.sendRedirect(request.getRequestURL().append("?redir=").append(request.getParameter("redir")).toString());
60              }
61          } catch (AuthenticatorException ae) {
62              webSudoSessionManager.removeWebSudoSession(request);
63              redirectToLogin(request, response);
64          }
65      }
66  
67      private void redirectToLogin(final HttpServletRequest request, final HttpServletResponse response) throws IOException {
68          response.sendRedirect(request.getContextPath() + LOGIN_PATH);
69      }
70  
71  }