View Javadoc

1   package com.atlassian.seraph.filter;
2   
3   import com.atlassian.seraph.auth.AuthenticatorException;
4   import com.atlassian.seraph.interceptor.LoginInterceptor;
5   import org.apache.log4j.Category;
6   
7   import java.util.Iterator;
8   import java.util.List;
9   import javax.servlet.http.HttpServletRequest;
10  import javax.servlet.http.HttpServletResponse;
11  
12  /**
13   * This is a base filter that logs the user in based on the given username and password.
14   * It is designed to be extended to support schemes that pass username and password one way or another.
15   * <p/>
16   * For further info see superclass.
17   */
18  public abstract class PasswordBasedLoginFilter extends BaseLoginFilter
19  {
20      static final Category log = Category.getInstance(PasswordBasedLoginFilter.class);
21  
22      public String login(HttpServletRequest request, HttpServletResponse response)
23      {
24          final boolean dbg = log.isDebugEnabled();
25  
26          String status = LOGIN_NOATTEMPT;
27  
28          // check for parameters
29          UserPasswordPair userPair = extractUserPasswordPair(request);
30          if (userPair == null)
31          {
32              if (dbg)
33              {
34                  log.debug("UserPasswordPair object was null ???");
35              }
36              return status;
37          }
38  
39          // try to login the user if possible
40          if (userPair.userName == null || userPair.password == null)
41          {
42              return status;
43          }
44  
45          List interceptors = getSecurityConfig().getInterceptors(LoginInterceptor.class);
46  
47          if (dbg)
48          {
49              log.debug("____ Username : '" + userPair.userName + "' and password provided - remember me : " + Boolean.toString(userPair.persistentLogin) + " - attempting login request");
50          }
51          try
52          {
53              for (Iterator iterator = interceptors.iterator(); iterator.hasNext();)
54              {
55                  LoginInterceptor loginInterceptor = (LoginInterceptor) iterator.next();
56                  loginInterceptor.beforeLogin(request, response, userPair.userName, userPair.password, userPair.persistentLogin);
57              }
58  
59              boolean loggedIn = getAuthenticator().login(request, response, userPair.userName, userPair.password, userPair.persistentLogin);
60              status = loggedIn ? LOGIN_SUCCESS : LOGIN_FAILED;
61          }
62          catch (AuthenticatorException e)
63          {
64              if (dbg)
65              {
66                  log.debug("An exception occurred authenticating : '" + userPair.userName + "'", e);
67              }
68              status = LOGIN_FAILED;
69          }
70          finally
71          {
72              for (Iterator iterator = interceptors.iterator(); iterator.hasNext();)
73              {
74                  LoginInterceptor loginInterceptor = (LoginInterceptor) iterator.next();
75                  loginInterceptor.afterLogin(request, response, userPair.userName, userPair.password, userPair.persistentLogin, status);
76              }
77          }
78          return status;
79      }
80  
81      /**
82       * Returns a username password pair for this request. If this request does not contain user credentials - returns null;
83       *
84       * @param request
85       * @return user credentials or null
86       */
87      abstract UserPasswordPair extractUserPasswordPair(HttpServletRequest request);
88  
89      /**
90       * represents a username password pair of user credentials.
91       */
92      public static final class UserPasswordPair
93      {
94          final String userName;
95          final String password;
96          final boolean persistentLogin;
97  
98          UserPasswordPair(String user, String password, boolean persistentLogin)
99          {
100             this.userName = user;
101             this.password = password;
102             this.persistentLogin = persistentLogin;
103         }
104     }
105 }