001 package railo.runtime.tag; 002 003 import java.io.IOException; 004 005 import railo.runtime.coder.Base64Coder; 006 import railo.runtime.exp.PageException; 007 import railo.runtime.ext.tag.BodyTagImpl; 008 import railo.runtime.listener.ApplicationContext; 009 import railo.runtime.op.Caster; 010 import railo.runtime.security.Credential; 011 import railo.runtime.type.Array; 012 import railo.runtime.type.Collection.Key; 013 import railo.runtime.type.KeyImpl; 014 import railo.runtime.type.Struct; 015 import railo.runtime.type.StructImpl; 016 import railo.runtime.type.util.KeyConstants; 017 import railo.runtime.type.util.ListUtil; 018 019 /** 020 * 021 */ 022 public final class Login extends BodyTagImpl { 023 024 private static final Key CFLOGIN = KeyImpl.intern("cflogin"); 025 private int idletimeout=1800; 026 private String applicationtoken; 027 private String cookiedomain; 028 029 @Override 030 public void release() { 031 super.release(); 032 idletimeout=1800; 033 applicationtoken=null; 034 cookiedomain=null; 035 } 036 037 /** 038 * @param applicationtoken The applicationtoken to set. 039 */ 040 public void setApplicationtoken(String applicationtoken) { 041 this.applicationtoken = applicationtoken; 042 } 043 /** 044 * @param cookiedomain The cookiedomain to set. 045 */ 046 public void setCookiedomain(String cookiedomain) { 047 this.cookiedomain = cookiedomain; 048 } 049 /** 050 * @param idletimeout The idletimout to set. 051 */ 052 public void setIdletimeout(double idletimeout) { 053 this.idletimeout = (int) idletimeout; 054 } 055 056 057 @Override 058 public int doStartTag() throws PageException { 059 060 ApplicationContext ac=pageContext.getApplicationContext(); 061 ac.setSecuritySettings(applicationtoken,cookiedomain,idletimeout); 062 063 Credential remoteUser = pageContext.getRemoteUser(); 064 if(remoteUser==null) { 065 066 // Form 067 Object name=pageContext.formScope().get("j_username",null); 068 Object password=pageContext.formScope().get("j_password",null); 069 if(name!=null) { 070 setCFLogin(name,password); 071 return EVAL_BODY_INCLUDE; 072 } 073 // Header 074 String strAuth = pageContext. getHttpServletRequest().getHeader("authorization"); 075 if(strAuth!=null) { 076 int pos=strAuth.indexOf(' '); 077 if(pos!=-1) { 078 String format=strAuth.substring(0,pos).toLowerCase(); 079 if(format.equals("basic")) { 080 String encoded=strAuth.substring(pos+1); 081 String dec; 082 try { 083 dec=Base64Coder.decodeToString(encoded,"UTF-8"); 084 } catch (IOException e) { 085 throw Caster.toPageException(e); 086 } 087 088 //print.ln("encoded:"+encoded); 089 //print.ln("decoded:"+Base64Util.decodeBase64(encoded)); 090 Array arr=ListUtil.listToArray(dec,":"); 091 if(arr.size()<3) { 092 if(arr.size()==1) setCFLogin(arr.get(1,null),""); 093 else setCFLogin(arr.get(1,null),arr.get(2,null)); 094 } 095 } 096 097 } 098 } 099 return EVAL_BODY_INCLUDE; 100 } 101 return SKIP_BODY; 102 } 103 104 /** 105 * @param username 106 * @param password 107 */ 108 private void setCFLogin(Object username, Object password) { 109 if(username==null) return; 110 if(password==null) password=""; 111 112 Struct sct=new StructImpl(); 113 sct.setEL(KeyConstants._name,username); 114 sct.setEL(KeyConstants._password,password); 115 pageContext.undefinedScope().setEL(CFLOGIN,sct); 116 } 117 118 @Override 119 public int doEndTag() { 120 pageContext.undefinedScope().removeEL(CFLOGIN); 121 return EVAL_PAGE; 122 } 123 124 public static String getApplicationName(ApplicationContext appContext) { 125 return "cfauthorization_"+appContext.getSecurityApplicationToken(); 126 } 127 128 public static String getCookieDomain(ApplicationContext appContext) { 129 return appContext.getSecurityCookieDomain(); 130 } 131 132 public static int getIdleTimeout(ApplicationContext appContext) { 133 return appContext.getSecurityIdleTimeout(); 134 } 135 }