NIHVIVO-3909 FakeExternalAuthController adds a warning to the startup status so you know when it's enabled.

2012-07-16 21:20:15 +00:00 · 2012-07-16 21:20:15 +00:00 · eb598c6988
commit eb598c6988
parent af4e953fc5
1 changed files with 35 additions and 2 deletions
--- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/authenticate/FakeExternalAuthController.java
+++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/authenticate/FakeExternalAuthController.java
@ -5,6 +5,9 @@ package edu.cornell.mannlib.vitro.webapp.controller.authenticate;
 import java.util.HashMap;
 import java.util.Map;

+import javax.servlet.ServletContext;
+import javax.servlet.ServletContextEvent;
+import javax.servlet.ServletContextListener;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;

@ -17,9 +20,11 @@ import edu.cornell.mannlib.vitro.webapp.controller.freemarker.UrlBuilder;
 import edu.cornell.mannlib.vitro.webapp.controller.freemarker.responsevalues.RedirectResponseValues;
 import edu.cornell.mannlib.vitro.webapp.controller.freemarker.responsevalues.ResponseValues;
 import edu.cornell.mannlib.vitro.webapp.controller.freemarker.responsevalues.TemplateResponseValues;
+import edu.cornell.mannlib.vitro.webapp.startup.StartupStatus;

 /**
- * This allows J. Random User to pretend that he's passed external authentication.
+ * This allows J. Random User to pretend that he's passed external
+ * authentication.
 * 
 * This should not be included in web.xml in a production deployment!!!
 */
@ -38,8 +43,14 @@ public class FakeExternalAuthController extends FreemarkerHttpServlet {
 	@Override
 	public void init() throws ServletException {
 		log.debug("storing the bean.");
+		
 		ExternalAuthHelper.setBean(getServletContext(),
 				new FakeExternalAuthHelper(null));
+		
+		new SecurityWarning().warn(getServletContext(),
+				"The FakeExternalAuthController is enabled. "
+						+ "If that's not what you wanted, "
+						+ "go into web.xml and comment it out.");
 	}

 	@Override
@ -128,4 +139,26 @@ public class FakeExternalAuthController extends FreemarkerHttpServlet {
 		}

 	}
+
+	/**
+	 * StartupStatus requires a ServletContextListener as the root for a warning
+	 * message. This isn't used as one, but it will satisfy that requirement.
+	 */
+	private static class SecurityWarning implements ServletContextListener {
+
+		void warn(ServletContext ctx, String message) {
+			StartupStatus.getBean(ctx).warning(this, message);
+		}
+
+		@Override
+		public void contextInitialized(ServletContextEvent arg0) {
+			// Nothing to do
+		}
+
+		@Override
+		public void contextDestroyed(ServletContextEvent arg0) {
+			// Nothing to do
+		}
+
+	}
 }