From bdfe0d018d86cd1ae795303e6ecf7aacc99810fe Mon Sep 17 00:00:00 2001 From: jeb228 Date: Sun, 28 Nov 2010 22:35:07 +0000 Subject: [PATCH] NIHVIVO-1399 create a servlet and template to use in faking external authentication. Add the info to web.xml, but commented out. --- webapp/config/web.xml | 12 ++ .../FakeExternalAuthController.java | 130 ++++++++++++++++++ .../freemarker/body/fakeExternalAuth.ftl | 19 +++ 3 files changed, 161 insertions(+) create mode 100644 webapp/src/edu/cornell/mannlib/vitro/webapp/controller/authenticate/FakeExternalAuthController.java create mode 100644 webapp/web/templates/freemarker/body/fakeExternalAuth.ftl diff --git a/webapp/config/web.xml b/webapp/config/web.xml index 1cc4d26d2..767224705 100644 --- a/webapp/config/web.xml +++ b/webapp/config/web.xml @@ -1111,6 +1111,18 @@ /unrecognizedUser + + browsecontroller edu.cornell.mannlib.vitro.webapp.controller.freemarker.BrowseController diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/authenticate/FakeExternalAuthController.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/authenticate/FakeExternalAuthController.java new file mode 100644 index 000000000..af05b3d05 --- /dev/null +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/authenticate/FakeExternalAuthController.java @@ -0,0 +1,130 @@ +/* $This file is distributed under the terms of the license in /doc/license.txt$ */ + +package edu.cornell.mannlib.vitro.webapp.controller.authenticate; + +import java.io.IOException; +import java.util.HashMap; +import java.util.Map; + +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +import edu.cornell.mannlib.vedit.beans.LoginStatusBean; +import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest; +import edu.cornell.mannlib.vitro.webapp.controller.freemarker.FreemarkerHttpServlet; +import edu.cornell.mannlib.vitro.webapp.controller.freemarker.UrlBuilder; + +/** + * This allows a DBA to pretend that he's logged in with an external username. + */ +public class FakeExternalAuthController extends FreemarkerHttpServlet { + private static final Log log = LogFactory + .getLog(FakeExternalAuthController.class); + + private static final String URL_FAKE_CONTROLLER = "/admin/fakeExternalAuth"; + private static final String URL_EXTERNAL_AUTH_RETURN = "/loginExternalAuthReturn"; + + private static final String TEMPLATE_DEFAULT = "fakeExternalAuth.ftl"; + + private static final String PARAMETER_USERNAME = "username"; + private static final String PARAMETER_CANCEL = "cancel"; + + @Override + public void init() throws ServletException { + log.debug("storing the bean."); + ExternalAuthHelper.setBean(getServletContext(), + new FakeExternalAuthHelper(null)); + } + + @Override + protected String getTitle(String siteName) { + return "Fake external login " + siteName; + } + + @Override + protected ResponseValues processRequest(VitroRequest vreq) { + if (isCancelRequested(vreq)) { + log.debug("cancelling."); + setFakeExternalAuthHelper(vreq, null); + return makeRedirectResponse(); + } else if (isUsernameSupplied(vreq)) { + log.debug("faking as '" + getUsername(vreq) + "'"); + setFakeExternalAuthHelper(vreq, getUsername(vreq)); + return makeRedirectResponse(); + } else { + log.debug("show the form."); + return makeShowFormResponse(); + } + } + + private boolean isCancelRequested(VitroRequest vreq) { + String cancelString = vreq.getParameter(PARAMETER_CANCEL); + return (cancelString != null) && (!cancelString.isEmpty()); + } + + private void setFakeExternalAuthHelper(HttpServletRequest req, + String username) { + ExternalAuthHelper.setBean(req.getSession().getServletContext(), + new FakeExternalAuthHelper(username)); + } + + private boolean isUsernameSupplied(VitroRequest vreq) { + String username = getUsername(vreq); + return ((username != null) && (!username.isEmpty())); + } + + private String getUsername(VitroRequest vreq) { + return vreq.getParameter(PARAMETER_USERNAME); + } + + private TemplateResponseValues makeShowFormResponse() { + Map body = new HashMap(); + body.put("controllerUrl", UrlBuilder.getUrl(URL_FAKE_CONTROLLER)); + return new TemplateResponseValues(TEMPLATE_DEFAULT, body); + } + + private RedirectResponseValues makeRedirectResponse() { + return new RedirectResponseValues( + UrlBuilder.getUrl(URL_EXTERNAL_AUTH_RETURN)); + } + + /** + * This implementation of ExternalAuthHelper ignores any configuration + * properties. This controller is used as the exernal authorization server, + * and the username that is set by this controller is used as the external + * username. + */ + public static class FakeExternalAuthHelper extends ExternalAuthHelper { + private final String username; + + private FakeExternalAuthHelper(String username) { + super(null, null); + this.username = username; + } + + @Override + public String buildExternalAuthRedirectUrl(String returnUrl) { + int lastSlash = returnUrl.lastIndexOf("/"); + String homeUrl = returnUrl.substring(0, lastSlash); + String url = homeUrl + URL_FAKE_CONTROLLER; + log.debug("externalAuth URL is '" + url + "'"); + return url; + } + + @Override + public String getExternalUsername(HttpServletRequest request) { + log.debug("external username is '" + username + "'"); + return username; + } + + @Override + public String toString() { + return "FakeExternalAuthHelper[username='" + username + "']"; + } + + } +} diff --git a/webapp/web/templates/freemarker/body/fakeExternalAuth.ftl b/webapp/web/templates/freemarker/body/fakeExternalAuth.ftl new file mode 100644 index 000000000..c5c30d24c --- /dev/null +++ b/webapp/web/templates/freemarker/body/fakeExternalAuth.ftl @@ -0,0 +1,19 @@ +<#-- $This file is distributed under the terms of the license in /doc/license.txt$ --> + +<#-- Template for the Fake External Authentication page. --> + +
+

Fake External Authentication

+ +

+ Enter the userID that you want to sign in as, or click Cancel. +

+ +
+ Username: + + + +
+
+