001 package railo.runtime.tag; 002 003 import java.io.IOException; 004 005 import railo.runtime.coder.Base64Coder; 006 import railo.runtime.exp.PageException; 007 import railo.runtime.ext.tag.BodyTagImpl; 008 import railo.runtime.listener.ApplicationContextPro; 009 import railo.runtime.op.Caster; 010 import railo.runtime.security.Credential; 011 import railo.runtime.type.Array; 012 import railo.runtime.type.Collection.Key; 013 import railo.runtime.type.KeyImpl; 014 import railo.runtime.type.List; 015 import railo.runtime.type.Struct; 016 import railo.runtime.type.StructImpl; 017 import railo.runtime.util.ApplicationContext; 018 019 /** 020 * 021 */ 022 public final class Login extends BodyTagImpl { 023 024 private static final Key CFLOGIN = KeyImpl.intern("cflogin"); 025 private static final Key PASSWORD = KeyImpl.intern("password"); 026 private int idletimeout=1800; 027 private String applicationtoken; 028 private String cookiedomain; 029 030 /** 031 * @see javax.servlet.jsp.tagext.Tag#release() 032 */ 033 public void release() { 034 super.release(); 035 idletimeout=1800; 036 applicationtoken=null; 037 cookiedomain=null; 038 } 039 040 /** 041 * @param applicationtoken The applicationtoken to set. 042 */ 043 public void setApplicationtoken(String applicationtoken) { 044 this.applicationtoken = applicationtoken; 045 } 046 /** 047 * @param cookiedomain The cookiedomain to set. 048 */ 049 public void setCookiedomain(String cookiedomain) { 050 this.cookiedomain = cookiedomain; 051 } 052 /** 053 * @param idletimeout The idletimout to set. 054 */ 055 public void setIdletimeout(double idletimeout) { 056 this.idletimeout = (int) idletimeout; 057 } 058 059 060 /** 061 * @throws PageException 062 * @see javax.servlet.jsp.tagext.Tag#doStartTag() 063 */ 064 public int doStartTag() throws PageException { 065 066 if(pageContext.getApplicationContext() instanceof ApplicationContextPro){ 067 ApplicationContextPro ac=(ApplicationContextPro) pageContext.getApplicationContext(); 068 ac.setSecuritySettings(applicationtoken,cookiedomain,idletimeout); 069 } 070 071 Credential remoteUser = pageContext.getRemoteUser(); 072 if(remoteUser==null) { 073 074 // Form 075 Object name=pageContext.formScope().get("j_username",null); 076 Object password=pageContext.formScope().get("j_password",null); 077 if(name!=null) { 078 setCFLogin(name,password); 079 return EVAL_BODY_INCLUDE; 080 } 081 // Header 082 String strAuth = pageContext. getHttpServletRequest().getHeader("authorization"); 083 if(strAuth!=null) { 084 int pos=strAuth.indexOf(' '); 085 if(pos!=-1) { 086 String format=strAuth.substring(0,pos).toLowerCase(); 087 if(format.equals("basic")) { 088 String encoded=strAuth.substring(pos+1); 089 String dec; 090 try { 091 dec=Base64Coder.decodeToString(encoded,"UTF-8"); 092 } catch (IOException e) { 093 throw Caster.toPageException(e); 094 } 095 096 //print.ln("encoded:"+encoded); 097 //print.ln("decoded:"+Base64Util.decodeBase64(encoded)); 098 Array arr=List.listToArray(dec,":"); 099 if(arr.size()<3) { 100 if(arr.size()==1) setCFLogin(arr.get(1,null),""); 101 else setCFLogin(arr.get(1,null),arr.get(2,null)); 102 } 103 } 104 105 } 106 } 107 return EVAL_BODY_INCLUDE; 108 } 109 return SKIP_BODY; 110 } 111 112 /** 113 * @param username 114 * @param password 115 */ 116 private void setCFLogin(Object username, Object password) { 117 if(username==null) return; 118 if(password==null) password=""; 119 120 Struct sct=new StructImpl(); 121 sct.setEL(KeyImpl.NAME,username); 122 sct.setEL(PASSWORD,password); 123 pageContext.undefinedScope().setEL(CFLOGIN,sct); 124 } 125 126 /** 127 * @see javax.servlet.jsp.tagext.Tag#doEndTag() 128 */ 129 public int doEndTag() { 130 pageContext.undefinedScope().removeEL(CFLOGIN); 131 return EVAL_PAGE; 132 } 133 134 public static String getApplicationName(ApplicationContext appContext) { 135 if(appContext instanceof ApplicationContextPro) { 136 return "cfauthorization_"+((ApplicationContextPro) appContext).getSecurityApplicationToken(); 137 } 138 return "cfauthorization_"+appContext.getName(); 139 } 140 141 public static String getCookieDomain(ApplicationContext appContext) { 142 if(appContext instanceof ApplicationContextPro) { 143 ((ApplicationContextPro) appContext).getSecurityCookieDomain(); 144 } 145 return null; 146 } 147 148 public static int getIdleTimeout(ApplicationContext appContext) { 149 if(appContext instanceof ApplicationContextPro) { 150 return ((ApplicationContextPro) appContext).getSecurityIdleTimeout(); 151 } 152 return 1800; 153 } 154 }