protected void doDSPost(Context context, HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException, SQLException, AuthorizeException {
// Process the POSTed email and password
String netid = request.getParameter("login_netid");
String password = request.getParameter("login_password");
String jsp = null;
// Locate the eperson
int status = AuthenticationManager.authenticate(context, netid, password, null, request);
if (status == AuthenticationMethod.SUCCESS) {
// Logged in OK.
Authenticate.loggedIn(context, request, context.getCurrentUser());
// Set the Locale according to user preferences
Locale epersonLocale = I18nUtil.getEPersonLocale(context.getCurrentUser());
context.setCurrentLocale(epersonLocale);
Config.set(request.getSession(), Config.FMT_LOCALE, epersonLocale);
log.info(LogManager.getHeader(context, "login", "type=explicit"));
// resume previous request
Authenticate.resumeInterruptedRequest(request, response);
return;
} else if (status == AuthenticationMethod.CERT_REQUIRED) {
jsp = "/error/require-certificate.jsp";
} else {
jsp = "/login/incorrect.jsp";
}
// If we reach here, supplied email/password was duff.
log.info(
LogManager.getHeader(
context, "failed_login", "netid=" + netid + ", result=" + String.valueOf(status)));
JSPManager.showJSP(request, response, jsp);
}
/**
* Obtain a new context object. If a context object has already been created for this HTTP
* request, it is re-used, otherwise it is created. If a user has authenticated with the system,
* the current user of the context is set appropriately.
*
* @param request the HTTP request
* @return a context object
*/
public static Context obtainContext(HttpServletRequest request) throws SQLException {
// Set encoding to UTF-8, if not set yet
// This avoids problems of using the HttpServletRequest
// in the getSpecialGroups() for an AuthenticationMethod,
// which causes the HttpServletRequest to default to
// non-UTF-8 encoding.
try {
if (request.getCharacterEncoding() == null) {
request.setCharacterEncoding(Constants.DEFAULT_ENCODING);
}
} catch (Exception e) {
log.error("Unable to set encoding to UTF-8.", e);
}
Context c = (Context) request.getAttribute("dspace.context");
if (c == null) {
// No context for this request yet
c = new Context();
HttpSession session = request.getSession();
// See if a user has authentication
Integer userID = (Integer) session.getAttribute("dspace.current.user.id");
if (userID != null) {
String remAddr = (String) session.getAttribute("dspace.current.remote.addr");
if (remAddr != null && remAddr.equals(request.getRemoteAddr())) {
EPerson e = EPerson.find(c, userID.intValue());
Authenticate.loggedIn(c, request, e);
} else {
log.warn(
"POSSIBLE HIJACKED SESSION: request from "
+ request.getRemoteAddr()
+ " does not match original "
+ "session address: "
+ remAddr
+ ". Authentication rejected.");
}
}
// Set any special groups - invoke the authentication mgr.
int[] groupIDs = AuthenticationManager.getSpecialGroups(c, request);
for (int i = 0; i < groupIDs.length; i++) {
c.setSpecialGroup(groupIDs[i]);
log.debug("Adding Special Group id=" + String.valueOf(groupIDs[i]));
}
// Set the session ID and IP address
String ip = request.getRemoteAddr();
if (useProxies == null) {
useProxies = ConfigurationManager.getBooleanProperty("useProxies", false);
}
if (useProxies && request.getHeader("X-Forwarded-For") != null) {
/* This header is a comma delimited list */
for (String xfip : request.getHeader("X-Forwarded-For").split(",")) {
if (!request.getHeader("X-Forwarded-For").contains(ip)) {
ip = xfip.trim();
}
}
}
c.setExtraLogInfo("session_id=" + request.getSession().getId() + ":ip_addr=" + ip);
// Store the context in the request
request.setAttribute("dspace.context", c);
}
// Set the locale to be used
Locale sessionLocale = getSessionLocale(request);
Config.set(request.getSession(), Config.FMT_LOCALE, sessionLocale);
c.setCurrentLocale(sessionLocale);
return c;
}
