Beispiel #1
0
  void onValidateForm() {

    provider.setUserDetailsService(userserve);

    provider.setPasswordEncoder(new ShaPasswordEncoder());
    authtoken = new UsernamePasswordAuthenticationToken(fLogin, fpass);
    provider.setSaltSource(salt);
    Authentication token = null;
    try {
      token = provider.authenticate(authtoken);
    } catch (org.springframework.security.BadCredentialsException e) {
      loginform.recordError("Either the Username or Password is incorrect, Please try again.");
      return;
    }
    if (token.isAuthenticated()) {
      System.out.println("user has been authenticated");
      this.user = userDAO.findByUsername(fLogin);
      SecurityContextHolder.getContext().setAuthentication(token);

      SavedRequest savedRequest =
          (SavedRequest)
              requestGlobals
                  .getHTTPServletRequest()
                  .getSession()
                  .getAttribute(AbstractProcessingFilter.SPRING_SECURITY_SAVED_REQUEST_KEY);
      Session s = request.getSession(false);
      s.invalidate();
      s = request.getSession(true);
      if (savedRequest != null) {
        url = null;

        try {
          url = new URL(savedRequest.getRequestURL());
        } catch (MalformedURLException e) {
          System.out.println("malformed url:" + savedRequest.getRequestURI());
        }
      }

    } else {
      // fpass = null;
      // fLogin = null;

      loginform.recordError("Either the Username or Password is incorrect, Please try again.");
    }
  }
 private HttpSession getHttpSession(boolean create) {
   return requestGlobals.getHTTPServletRequest().getSession(create);
 }
  /**
   * Initialize the SSO Service, prepare a login if required
   *
   * @param session The server session data
   * @throws Exception if any errors occur
   */
  @Override
  public String ssoInit(JsonSessionState session) throws Exception {
    // Keep track of the user switching portals for
    // link building in other methods
    String portalId = (String) session.get("portalId", defaultPortal);
    ssoLoginUrl = serverUrlBase + portalId + SSO_LOGIN_PAGE;

    // Find out what page we are on
    String path = request.getAttribute("RequestURI").toString();
    String currentAddress = serverUrlBase + path;

    // Store the portal URL, might be required by implementers to build
    //  an interface (images etc).
    session.set("ssoPortalUrl", serverUrlBase + portalId);

    // Makes sure all SSO plugins get initialised
    for (String ssoId : sso.keySet()) {
      sso.get(ssoId).ssoInit(session, rg.getHTTPServletRequest());
    }

    // Are we logging in right now?
    String ssoId = request.getParameter("ssoId");

    // If this isn't the login page...
    if (!currentAddress.contains(SSO_LOGIN_PAGE)) {
      // Store the current address for use later
      session.set("returnAddress", currentAddress);
      // We might still be logging in from a deep link
      if (ssoId == null) {
        // No we're not, finished now
        return null;
      } else {
        // Yes it's a deep link, store any extra query params
        // since they probably won't survive the round-trip
        // through SSO.
        for (String param : request.getParameterNames()) {
          if (!param.equals("ssoId")) {
            // Store all the other parameters
            session.set(SSO_STORAGE_PREFIX + param, request.getParameter(param));
          }
        }
      }
    }

    // Get the last address to return the user to
    String returnAddress = (String) session.get("returnAddress");
    if (returnAddress == null) {
      // Or use the home page
      returnAddress = serverUrlBase + portalId + "/home";
    }

    // Which SSO provider did the user request?
    if (ssoId == null) {
      log.error("==== SSO: SSO ID not found!");
      return null;
    }
    if (!sso.containsKey(ssoId)) {
      log.error("==== SSO: SSO ID invalid: '{}'!", ssoId);
      return null;
    }

    // The main event... finally
    sso.get(ssoId).ssoPrepareLogin(session, returnAddress, serverUrlBase);
    return ssoId;
  }