1 package com.atlassian.seraph.filter;
2
3 import com.atlassian.seraph.auth.AuthenticatorException;
4 import com.atlassian.seraph.interceptor.LoginInterceptor;
5 import org.apache.log4j.Category;
6
7 import java.util.Iterator;
8 import java.util.List;
9 import javax.servlet.http.HttpServletRequest;
10 import javax.servlet.http.HttpServletResponse;
11
12
13
14
15
16
17
18 public abstract class PasswordBasedLoginFilter extends BaseLoginFilter
19 {
20 static final Category log = Category.getInstance(PasswordBasedLoginFilter.class);
21
22 public String login(HttpServletRequest request, HttpServletResponse response)
23 {
24 final boolean dbg = log.isDebugEnabled();
25
26 String status = LOGIN_NOATTEMPT;
27
28
29 UserPasswordPair userPair = extractUserPasswordPair(request);
30 if (userPair == null)
31 {
32 if (dbg)
33 {
34 log.debug("UserPasswordPair object was null ???");
35 }
36 return status;
37 }
38
39
40 if (userPair.userName == null || userPair.password == null)
41 {
42 return status;
43 }
44
45 List interceptors = getSecurityConfig().getInterceptors(LoginInterceptor.class);
46
47 if (dbg)
48 {
49 log.debug("____ Username : '" + userPair.userName + "' and password provided - remember me : " + Boolean.toString(userPair.persistentLogin) + " - attempting login request");
50 }
51 try
52 {
53 for (Iterator iterator = interceptors.iterator(); iterator.hasNext();)
54 {
55 LoginInterceptor loginInterceptor = (LoginInterceptor) iterator.next();
56 loginInterceptor.beforeLogin(request, response, userPair.userName, userPair.password, userPair.persistentLogin);
57 }
58
59 boolean loggedIn = getAuthenticator().login(request, response, userPair.userName, userPair.password, userPair.persistentLogin);
60 status = loggedIn ? LOGIN_SUCCESS : LOGIN_FAILED;
61 }
62 catch (AuthenticatorException e)
63 {
64 if (dbg)
65 {
66 log.debug("An exception occurred authenticating : '" + userPair.userName + "'", e);
67 }
68 status = LOGIN_FAILED;
69 }
70 finally
71 {
72 for (Iterator iterator = interceptors.iterator(); iterator.hasNext();)
73 {
74 LoginInterceptor loginInterceptor = (LoginInterceptor) iterator.next();
75 loginInterceptor.afterLogin(request, response, userPair.userName, userPair.password, userPair.persistentLogin, status);
76 }
77 }
78 return status;
79 }
80
81
82
83
84
85
86
87 abstract UserPasswordPair extractUserPasswordPair(HttpServletRequest request);
88
89
90
91
92 public static final class UserPasswordPair
93 {
94 final String userName;
95 final String password;
96 final boolean persistentLogin;
97
98 UserPasswordPair(String user, String password, boolean persistentLogin)
99 {
100 this.userName = user;
101 this.password = password;
102 this.persistentLogin = persistentLogin;
103 }
104 }
105 }