Dave Jarvis' Repositories

git clone https://repo.autonoma.ca/repo/delibero.git
delibero / Commits / ad04053

Authentication kicks in when clicking 'new', which requires an account.

AuthorDave Jarvis <email>
Date2015-01-23 00:12:49 GMT-0800
Commitad04053ad0bcd5b41eef7b107cbb8b53f929c41f
Parent79c5d06
resources/auth.properties
# Authentication to use for HTTP POST requests
-post_auth = org.apache.shiro.web.filter.authc.FormAuthenticationFilter
+#post_auth = org.apache.shiro.web.filter.authc.FormAuthenticationFilter
-post_auth.loginUrl = /app/login
-post_auth.successUrl = /app/home
+get_auth.loginUrl = /app/login
-post_auth.usernameParam = account
-post_auth.passwordParam = password
+#post_auth.usernameParam = account
+#post_auth.passwordParam = password
[urls]
-/app/new = post_auth
+/app/new = get_auth
#/app/edit/** = authc
source/java/to/discuss/servlet/App.java
}
-/*
- protected synchronized void doPost(
- HttpServletRequest request,
- HttpServletResponse response ) throws IOException, ServletException
- {
- Subject user = SecurityUtils.getSubject();
-
- String u = request.getParameter( "account" );
- String p = request.getParameter( "password" );
-
- AuthenticationToken token = new UsernamePasswordToken( u, p );
-
- try {
- user.login( token );
-
- SavedRequest s = WebUtils.getAndClearSavedRequest( request );
-
- if( s != null ) {
- response.sendRedirect( s.getRequestUrl() );
- }
- }
- catch( Exception e ) {
- doGet( request, response );
- }
- }
-*/
-
protected void doGet( HttpServletRequest request,
HttpServletResponse response ) throws ServletException
{
try {
- // Ensure the finally block is called if this throws an exception.
if( preprocess( request, response ) ) {
sendHeader( response );
sendContent( response );
+ }
+ else {
+ redirect( response );
}
}
catch( Exception e ) {
throw new ServletException( e );
}
finally {
+ // Must be called even if preprocess throws an exception.
postprocess( request, response );
}
+ }
+
+ /**
+ * The default behaviour is to call doGet.
+ */
+ protected void doPost( HttpServletRequest request,
+ HttpServletResponse response ) throws ServletException
+ {
+ this.doGet( request, response );
}
/**
* Called before the header is sent, but after the request and response
* variable have been set. This will return false to indicate that
* content should not be sent (usually in the case of a redirect).
*
* @return true Send the header and content (via XSL transformation).
+ * @return false Redirect to another page.
*/
protected boolean preprocess(
HttpServletRequest request,
HttpServletResponse response ) throws ServletException {
-
return true;
+ }
+
+ /**
+ * Issues a temporary redirect (302 Found) to the browser. This is used
+ * to direct the user to the login page.
+ */
+ protected void redirect( HttpServletResponse response )
+ throws IOException {
+ response.sendRedirect( getRedirectPage() );
+ }
+
+ /**
+ * Returns a page that the browser should visit, instead of transforming
+ * the page the user requested.
+ *
+ * @return "/app/home" by default.
+ */
+ protected String getRedirectPage() {
+ return "/app/home";
}
source/java/to/discuss/servlet/AuthenticatedApp.java
/**
- *
+ * Subclasses inherit from this class to handle authentication.
*/
-public class AuthenticatedApp extends App {
- public AuthenticatedApp() {
- }
-
+public abstract class AuthenticatedApp extends App {
@Override
- protected boolean preprocess(
+ protected void doPost(
HttpServletRequest request,
HttpServletResponse response ) throws ServletException {
+
Subject user = SecurityUtils.getSubject();
- return super.preprocess( request, response );
+ if( !user.isAuthenticated() ) {
+ String u = request.getParameter( "account" );
+ String p = request.getParameter( "password" );
+
+ AuthenticationToken token = new UsernamePasswordToken( u, p );
+
+ try {
+ user.login( token );
+
+ SavedRequest s = WebUtils.getAndClearSavedRequest( request );
+
+ if( s != null ) {
+ response.sendRedirect( s.getRequestUrl() );
+ }
+ }
+ catch( Exception e ) {
+ throw new ServletException( e );
+ }
+ }
}
}
source/java/to/discuss/servlet/Login.java
* Main HTTP request handler for /app/login.
*/
-public class Login extends App {
+public class Login extends AuthenticatedApp {
public Login() {
}
Delta62 lines added, 43 lines removed, 19-line increase