Dave Jarvis' Repositories

git clone https://repo.autonoma.ca/repo/delibero.git
delibero / Commits / fc4e392

Simplified class structure for authentication.

AuthorDave Jarvis <email>
Date2015-01-23 00:39:15 GMT-0800
Commitfc4e39282b72378a3737ac260167098a2f1d458e
Parentad04053
resources/auth.properties
get_auth = org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter
-# Authentication to use for HTTP POST requests
-#post_auth = org.apache.shiro.web.filter.authc.FormAuthenticationFilter
-
get_auth.loginUrl = /app/login
-
-#post_auth.usernameParam = account
-#post_auth.passwordParam = password
[urls]
/app/new = get_auth
+/app/account = get_auth
#/app/edit/** = authc
source/java/to/discuss/servlet/App.java
sendContent( response );
}
- else {
- redirect( response );
- }
}
catch( Exception e ) {
HttpServletResponse response ) throws ServletException {
return true;
- }
-
- /**
- * Issues a temporary redirect (302 Found) to the browser. This is used
- * to direct the user to the login page.
- */
- protected void redirect( HttpServletResponse response )
- throws IOException {
- response.sendRedirect( getRedirectPage() );
- }
-
- /**
- * Returns a page that the browser should visit, instead of transforming
- * the page the user requested.
- *
- * @return "/app/home" by default.
- */
- protected String getRedirectPage() {
- return "/app/home";
}
source/java/to/discuss/servlet/AuthenticatedApp.java
-/**
- * MIT License
- *
- * Copyright 2015 White Magic Software, Ltd.
- */
-package to.discuss.servlet;
-
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.shiro.subject.Subject;
-import org.apache.shiro.SecurityUtils;
-import org.apache.shiro.authc.AuthenticationToken;
-import org.apache.shiro.authc.UsernamePasswordToken;
-import org.apache.shiro.web.util.SavedRequest;
-import org.apache.shiro.web.util.WebUtils;
-
-/**
- * Subclasses inherit from this class to handle authentication.
- */
-public abstract class AuthenticatedApp extends App {
- @Override
- protected void doPost(
- HttpServletRequest request,
- HttpServletResponse response ) throws ServletException {
-
- Subject user = SecurityUtils.getSubject();
-
- if( !user.isAuthenticated() ) {
- String u = request.getParameter( "account" );
- String p = request.getParameter( "password" );
-
- AuthenticationToken token = new UsernamePasswordToken( u, p );
-
- try {
- user.login( token );
-
- SavedRequest s = WebUtils.getAndClearSavedRequest( request );
-
- if( s != null ) {
- response.sendRedirect( s.getRequestUrl() );
- }
- }
- catch( Exception e ) {
- throw new ServletException( e );
- }
- }
- }
-}
-
source/java/to/discuss/servlet/Login.java
package to.discuss.servlet;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.shiro.subject.Subject;
+import org.apache.shiro.SecurityUtils;
+import org.apache.shiro.authc.AuthenticationToken;
+import org.apache.shiro.authc.UsernamePasswordToken;
+import org.apache.shiro.web.util.SavedRequest;
+import org.apache.shiro.web.util.WebUtils;
+
/**
- * Main HTTP request handler for /app/login.
+ * Invoked when the user attempts to load any page that requires verified
+ * account credentials.
*/
-public class Login extends AuthenticatedApp {
- public Login() {
+public class Login extends App {
+ /**
+ * Called when the user submits an account name and password.
+ */
+ @Override
+ protected void doPost(
+ HttpServletRequest request,
+ HttpServletResponse response ) throws ServletException {
+
+ Subject user = SecurityUtils.getSubject();
+
+ if( !user.isAuthenticated() ) {
+ try {
+ user.login( getToken( request ) );
+
+ SavedRequest saved = WebUtils.getAndClearSavedRequest( request );
+
+ if( saved != null ) {
+ response.sendRedirect( saved.getRequestUrl() );
+ }
+ }
+ catch( Exception e ) {
+ throw new ServletException( e );
+ }
+ }
+ }
+
+ /**
+ * Returns the authentication token used to verify that the user's
+ * credentials are valid.
+ *
+ * @param request The request containing account name and password.
+ */
+ protected AuthenticationToken getToken( HttpServletRequest request )
+ throws ServletException {
+ return new UsernamePasswordToken(
+ getAccount( request ),
+ getPassword( request ) );
+ }
+
+ /**
+ * Returns the value of the account.
+ *
+ * @return A non-null string.
+ */
+ protected String getAccount( HttpServletRequest request ) {
+ return getParameter( request, "account" );
+ }
+
+ /**
+ * Returns the value of the password (must be sent over HTTPS).
+ *
+ * @return A non-null string.
+ */
+ protected String getPassword( HttpServletRequest request ) {
+ return getParameter( request, "password" );
+ }
+
+ /**
+ * Returns the value of the given parameter, or the empty string if no
+ * such parameter exists.
+ *
+ * @return A non-null string.
+ */
+ protected String getParameter( HttpServletRequest request, String param ) {
+ String result = request.getParameter( param );
+ return result == null ? "" : result;
}
}
source/java/to/discuss/servlet/New.java
* to determine the correct "new" object to create.
*/
-public class New extends AuthenticatedApp {
+public class New extends App {
public New() {
}
Delta82 lines added, 83 lines removed, 1-line decrease