Create SesameController
This commit is contained in:
j2blake
parent
7f67559db4
commit
dc14aa5aa4
2 changed files with 155 additions and 0 deletions
|
|
@ -1088,6 +1088,15 @@
|
|||
<url-pattern>/admin/login</url-pattern>
|
||||
</servlet-mapping>
|
||||
|
||||
<servlet>
|
||||
<servlet-name>sesame</servlet-name>
|
||||
<servlet-class>edu.cornell.mannlib.vitro.webapp.controller.authenticate.SesameController</servlet-class>
|
||||
</servlet>
|
||||
<servlet-mapping>
|
||||
<servlet-name>sesame</servlet-name>
|
||||
<url-pattern>/admin/sesame</url-pattern>
|
||||
</servlet-mapping>
|
||||
|
||||
<servlet>
|
||||
<servlet-name>logout</servlet-name>
|
||||
<servlet-class>edu.cornell.mannlib.vitro.webapp.controller.edit.Logout</servlet-class>
|
||||
|
|
|
|||
|
|
@ -0,0 +1,146 @@
|
|||
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
|
||||
|
||||
package edu.cornell.mannlib.vitro.webapp.controller.authenticate;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
import java.util.Date;
|
||||
import java.util.regex.Matcher;
|
||||
import java.util.regex.Pattern;
|
||||
|
||||
import javax.servlet.ServletException;
|
||||
import javax.servlet.http.HttpServlet;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
import org.apache.commons.httpclient.HttpStatus;
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
|
||||
import com.ibm.icu.text.SimpleDateFormat;
|
||||
|
||||
import edu.cornell.mannlib.vedit.beans.LoginStatusBean.AuthenticationSource;
|
||||
import edu.cornell.mannlib.vitro.webapp.beans.UserAccount;
|
||||
import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
|
||||
import edu.cornell.mannlib.vitro.webapp.controller.freemarker.UrlBuilder;
|
||||
import edu.cornell.mannlib.vitro.webapp.dao.UserAccountsDao;
|
||||
|
||||
/**
|
||||
* Back door to log in as the root user.
|
||||
*
|
||||
* If the classpath contains a file called sesame.xml, which contains a magic
|
||||
* line (see below) with today's date, or some date less than a week ago, then
|
||||
* you are logged in as root.
|
||||
*
|
||||
* If anything else, return a 404.
|
||||
*/
|
||||
public class SesameController extends HttpServlet {
|
||||
private static final Log log = LogFactory.getLog(SesameController.class);
|
||||
|
||||
private static final long MILLIS_IN_A_WEEK = 7L * 24L * 60L * 60L * 1000L;
|
||||
|
||||
// To be valid XML, it could look like this: <date value="2011-07-01" />
|
||||
// but we don't care as long as it contains this: 9999-99-99
|
||||
private static final String DATE_PATTERN = "\\d\\d\\d\\d-\\d\\d-\\d\\d";
|
||||
|
||||
@Override
|
||||
protected void doGet(HttpServletRequest req, HttpServletResponse resp)
|
||||
throws ServletException, IOException {
|
||||
try {
|
||||
if (fileContentsAreAcceptable()) {
|
||||
writeWarningToTheLog(req);
|
||||
loginAsRootUser(req);
|
||||
redirectToHomePage(resp);
|
||||
}
|
||||
} catch (Exception e) {
|
||||
log.debug("problem: " + e.getMessage());
|
||||
resp.sendError(HttpStatus.SC_NOT_FOUND);
|
||||
}
|
||||
}
|
||||
|
||||
private boolean fileContentsAreAcceptable() throws Exception {
|
||||
InputStream stream = null;
|
||||
try {
|
||||
stream = openTheFile();
|
||||
String string = readFromStream(stream);
|
||||
return checkDateString(string);
|
||||
} finally {
|
||||
if (stream != null) {
|
||||
stream.close();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
private InputStream openTheFile() throws Exception {
|
||||
InputStream stream = this.getClass().getClassLoader()
|
||||
.getResourceAsStream("/sesame.xml");
|
||||
if (stream == null) {
|
||||
throw new Exception("can't find the file.");
|
||||
}
|
||||
return stream;
|
||||
}
|
||||
|
||||
private String readFromStream(InputStream stream) throws IOException {
|
||||
byte[] buffer = new byte[1024];
|
||||
int howMany = stream.read(buffer);
|
||||
|
||||
if (howMany == -1) {
|
||||
return "";
|
||||
} else {
|
||||
return new String(buffer, 0, howMany);
|
||||
}
|
||||
}
|
||||
|
||||
private boolean checkDateString(String string) throws Exception {
|
||||
long date = parseDateFromFile(string);
|
||||
return compareAgainstDateRange(date);
|
||||
}
|
||||
|
||||
private long parseDateFromFile(String string) throws Exception {
|
||||
Pattern p = Pattern.compile(DATE_PATTERN);
|
||||
Matcher m = p.matcher(string);
|
||||
|
||||
if (!m.find()) {
|
||||
throw new Exception("no date string in the file.");
|
||||
}
|
||||
|
||||
return new SimpleDateFormat("yyyy-MM-dd").parse(m.group()).getTime();
|
||||
}
|
||||
|
||||
private boolean compareAgainstDateRange(long date) {
|
||||
long now = new Date().getTime();
|
||||
long then = now - MILLIS_IN_A_WEEK;
|
||||
return (date < now) && (date > then);
|
||||
}
|
||||
|
||||
private void writeWarningToTheLog(HttpServletRequest req) {
|
||||
log.warn("LOGGING IN VIA SESAME FROM ADDR=" + req.getRemoteAddr()
|
||||
+ ", PORT=" + req.getRemotePort() + ", HOST="
|
||||
+ req.getRemoteHost() + ", USER=" + req.getRemoteUser());
|
||||
}
|
||||
|
||||
private void loginAsRootUser(HttpServletRequest req) throws Exception {
|
||||
UserAccount rootUser = getRootUser(req);
|
||||
Authenticator.getInstance(req).recordLoginAgainstUserAccount(rootUser,
|
||||
AuthenticationSource.INTERNAL);
|
||||
}
|
||||
|
||||
private UserAccount getRootUser(HttpServletRequest req) throws Exception {
|
||||
UserAccountsDao uaDao = new VitroRequest(req).getWebappDaoFactory()
|
||||
.getUserAccountsDao();
|
||||
|
||||
for (UserAccount ua : uaDao.getAllUserAccounts()) {
|
||||
if (ua.isRootUser()) {
|
||||
return ua;
|
||||
}
|
||||
}
|
||||
|
||||
throw new Exception("couldn't find root user.");
|
||||
}
|
||||
|
||||
private void redirectToHomePage(HttpServletResponse resp)
|
||||
throws IOException {
|
||||
resp.sendRedirect(UrlBuilder.getUrl("/"));
|
||||
}
|
||||
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue