示例#1
0
  protected void doDSPost(Context context, HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException, SQLException, AuthorizeException {
    // Process the POSTed email and password
    String netid = request.getParameter("login_netid");
    String password = request.getParameter("login_password");
    String jsp = null;

    // Locate the eperson
    int status = AuthenticationManager.authenticate(context, netid, password, null, request);

    if (status == AuthenticationMethod.SUCCESS) {
      // Logged in OK.
      Authenticate.loggedIn(context, request, context.getCurrentUser());

      // Set the Locale according to user preferences
      Locale epersonLocale = I18nUtil.getEPersonLocale(context.getCurrentUser());
      context.setCurrentLocale(epersonLocale);
      Config.set(request.getSession(), Config.FMT_LOCALE, epersonLocale);

      log.info(LogManager.getHeader(context, "login", "type=explicit"));

      // resume previous request
      Authenticate.resumeInterruptedRequest(request, response);

      return;
    } else if (status == AuthenticationMethod.CERT_REQUIRED) {
      jsp = "/error/require-certificate.jsp";
    } else {
      jsp = "/login/incorrect.jsp";
    }

    // If we reach here, supplied email/password was duff.
    log.info(
        LogManager.getHeader(
            context, "failed_login", "netid=" + netid + ", result=" + String.valueOf(status)));
    JSPManager.showJSP(request, response, jsp);
  }
示例#2
0
  /**
   * Obtain a new context object. If a context object has already been created for this HTTP
   * request, it is re-used, otherwise it is created. If a user has authenticated with the system,
   * the current user of the context is set appropriately.
   *
   * @param request the HTTP request
   * @return a context object
   */
  public static Context obtainContext(HttpServletRequest request) throws SQLException {

    // Set encoding to UTF-8, if not set yet
    // This avoids problems of using the HttpServletRequest
    // in the getSpecialGroups() for an AuthenticationMethod,
    // which causes the HttpServletRequest to default to
    // non-UTF-8 encoding.
    try {
      if (request.getCharacterEncoding() == null) {
        request.setCharacterEncoding(Constants.DEFAULT_ENCODING);
      }
    } catch (Exception e) {
      log.error("Unable to set encoding to UTF-8.", e);
    }

    Context c = (Context) request.getAttribute("dspace.context");

    if (c == null) {
      // No context for this request yet
      c = new Context();
      HttpSession session = request.getSession();

      // See if a user has authentication
      Integer userID = (Integer) session.getAttribute("dspace.current.user.id");

      if (userID != null) {
        String remAddr = (String) session.getAttribute("dspace.current.remote.addr");
        if (remAddr != null && remAddr.equals(request.getRemoteAddr())) {
          EPerson e = EPerson.find(c, userID.intValue());

          Authenticate.loggedIn(c, request, e);
        } else {
          log.warn(
              "POSSIBLE HIJACKED SESSION: request from "
                  + request.getRemoteAddr()
                  + " does not match original "
                  + "session address: "
                  + remAddr
                  + ". Authentication rejected.");
        }
      }

      // Set any special groups - invoke the authentication mgr.
      int[] groupIDs = AuthenticationManager.getSpecialGroups(c, request);

      for (int i = 0; i < groupIDs.length; i++) {
        c.setSpecialGroup(groupIDs[i]);
        log.debug("Adding Special Group id=" + String.valueOf(groupIDs[i]));
      }

      // Set the session ID and IP address
      String ip = request.getRemoteAddr();
      if (useProxies == null) {
        useProxies = ConfigurationManager.getBooleanProperty("useProxies", false);
      }
      if (useProxies && request.getHeader("X-Forwarded-For") != null) {
        /* This header is a comma delimited list */
        for (String xfip : request.getHeader("X-Forwarded-For").split(",")) {
          if (!request.getHeader("X-Forwarded-For").contains(ip)) {
            ip = xfip.trim();
          }
        }
      }
      c.setExtraLogInfo("session_id=" + request.getSession().getId() + ":ip_addr=" + ip);

      // Store the context in the request
      request.setAttribute("dspace.context", c);
    }

    // Set the locale to be used
    Locale sessionLocale = getSessionLocale(request);
    Config.set(request.getSession(), Config.FMT_LOCALE, sessionLocale);
    c.setCurrentLocale(sessionLocale);

    return c;
  }