001    package railo.runtime.tag;
002    
003    import java.io.IOException;
004    
005    import railo.runtime.coder.Base64Coder;
006    import railo.runtime.exp.PageException;
007    import railo.runtime.ext.tag.BodyTagImpl;
008    import railo.runtime.listener.ApplicationContextPro;
009    import railo.runtime.op.Caster;
010    import railo.runtime.security.Credential;
011    import railo.runtime.type.Array;
012    import railo.runtime.type.Collection.Key;
013    import railo.runtime.type.KeyImpl;
014    import railo.runtime.type.List;
015    import railo.runtime.type.Struct;
016    import railo.runtime.type.StructImpl;
017    import railo.runtime.util.ApplicationContext;
018    
019    /**
020     * 
021     */
022    public final class Login extends BodyTagImpl {
023        
024        private static final Key CFLOGIN = KeyImpl.intern("cflogin");
025            private static final Key PASSWORD = KeyImpl.intern("password");
026            private int idletimeout=1800;
027        private String applicationtoken;
028        private String cookiedomain;
029        
030        /**
031         * @see javax.servlet.jsp.tagext.Tag#release()
032         */
033        public void release() {
034            super.release();
035            idletimeout=1800;
036            applicationtoken=null;
037            cookiedomain=null;
038        }
039        
040        /**
041         * @param applicationtoken The applicationtoken to set.
042         */
043        public void setApplicationtoken(String applicationtoken) {
044            this.applicationtoken = applicationtoken;
045        }
046        /**
047         * @param cookiedomain The cookiedomain to set.
048         */
049        public void setCookiedomain(String cookiedomain) {
050            this.cookiedomain = cookiedomain;
051        }
052        /**
053         * @param idletimeout The idletimout to set.
054         */
055        public void setIdletimeout(double idletimeout) {
056            this.idletimeout = (int) idletimeout;
057        }
058        
059    
060        /**
061         * @throws PageException
062         * @see javax.servlet.jsp.tagext.Tag#doStartTag()
063         */
064        public int doStartTag() throws PageException  {
065            
066            if(pageContext.getApplicationContext() instanceof ApplicationContextPro){
067                    ApplicationContextPro ac=(ApplicationContextPro) pageContext.getApplicationContext();
068                    ac.setSecuritySettings(applicationtoken,cookiedomain,idletimeout);
069            }
070            
071            Credential remoteUser = pageContext.getRemoteUser();
072            if(remoteUser==null) {
073                
074                // Form
075                Object name=pageContext.formScope().get("j_username",null);
076                Object password=pageContext.formScope().get("j_password",null);
077                if(name!=null) {
078                    setCFLogin(name,password);
079                    return EVAL_BODY_INCLUDE;
080                }
081                // Header
082                String strAuth = pageContext. getHttpServletRequest().getHeader("authorization");
083                if(strAuth!=null) {
084                    int pos=strAuth.indexOf(' ');
085                    if(pos!=-1) {
086                        String format=strAuth.substring(0,pos).toLowerCase();
087                        if(format.equals("basic")) {
088                            String encoded=strAuth.substring(pos+1);
089                            String dec;
090                            try {
091                                                            dec=Base64Coder.decodeToString(encoded,"UTF-8");
092                                                    } catch (IOException e) {
093                                                            throw Caster.toPageException(e);
094                                                    }
095                            
096                            //print.ln("encoded:"+encoded);
097                            //print.ln("decoded:"+Base64Util.decodeBase64(encoded));
098                            Array arr=List.listToArray(dec,":");
099                            if(arr.size()<3) {
100                                if(arr.size()==1) setCFLogin(arr.get(1,null),"");
101                                else setCFLogin(arr.get(1,null),arr.get(2,null));
102                            }
103                        }
104                        
105                    }
106                }
107                return EVAL_BODY_INCLUDE;
108            }
109            return SKIP_BODY;
110        }
111        
112        /**
113         * @param username
114         * @param password
115         */
116        private void setCFLogin(Object username, Object password) {
117            if(username==null) return;
118            if(password==null) password="";
119            
120            Struct sct=new StructImpl();
121            sct.setEL(KeyImpl.NAME,username);
122            sct.setEL(PASSWORD,password);
123            pageContext.undefinedScope().setEL(CFLOGIN,sct);
124        }
125    
126        /**
127         * @see javax.servlet.jsp.tagext.Tag#doEndTag()
128         */
129        public int doEndTag() {
130            pageContext.undefinedScope().removeEL(CFLOGIN);
131            return EVAL_PAGE;
132        }
133    
134            public static String getApplicationName(ApplicationContext appContext) {
135                    if(appContext instanceof ApplicationContextPro) {
136                    return "cfauthorization_"+((ApplicationContextPro) appContext).getSecurityApplicationToken();
137                }
138                return "cfauthorization_"+appContext.getName();
139            }
140    
141            public static String getCookieDomain(ApplicationContext appContext) {
142                    if(appContext instanceof ApplicationContextPro) {
143                            ((ApplicationContextPro) appContext).getSecurityCookieDomain();
144                }
145                return null;
146            }
147    
148            public static int getIdleTimeout(ApplicationContext appContext) {
149                    if(appContext instanceof ApplicationContextPro) {
150                    return ((ApplicationContextPro) appContext).getSecurityIdleTimeout();
151                }
152                return 1800;
153            }
154    }