📄 opencmshttpservlet.java
字号:
}
// get the actual session
session = req.getSession(false);
// there is no session
if((session == null)) {
// was there an old session-id?
String oldSessionId = req.getRequestedSessionId();
if(oldSessionId != null) {
// yes - try to load that session
Hashtable sessionData = null;
try {
sessionData = m_opencms.restoreSession(oldSessionId);
}
catch(CmsException exc) {
if(C_LOGGING && A_OpenCms.isLogging(C_OPENCMS_INFO)) {
A_OpenCms.log(C_OPENCMS_INFO, "[OpenCmsServlet] cannot restore session: " + com.opencms.util.Utils.getStackTrace(exc));
}
}
// can the session be restored?
if(sessionData != null) {
// create a new session first
session = req.getSession(true);
m_sessionStorage.putUser(session.getId(), sessionData);
// restore the session-data
session.setAttribute(C_SESSION_DATA, sessionData.get(C_SESSION_DATA));
}
}
}
// there was a session returned, now check if this user is already authorized
if(session != null) {
// get the username
user = m_sessionStorage.getUserName(session.getId());
//check if a user was returned, i.e. the user is authenticated
if(user != null) {
group = m_sessionStorage.getCurrentGroup(session.getId());
project = m_sessionStorage.getCurrentProject(session.getId());
m_opencms.initUser(cms, cmsReq, cmsRes, user, group, project.intValue(), m_sessionStorage);
}
}
else {
// there was either no session returned or this session was not
// found in the CmsCoreSession storage
String auth = req.getHeader("Authorization");
// User is authenticated, check password
if(auth != null) {
// only do basic authentification
if(auth.toUpperCase().startsWith("BASIC ")) {
// Get encoded user and password, following after "BASIC "
String userpassEncoded = auth.substring(6);
// Decode it, using any base 64 decoder
sun.misc.BASE64Decoder dec = new sun.misc.BASE64Decoder();
String userstr = new String(dec.decodeBuffer(userpassEncoded));
String username = null;
String password = null;
StringTokenizer st = new StringTokenizer(userstr, ":");
if(st.hasMoreTokens()) {
username = st.nextToken();
}
if(st.hasMoreTokens()) {
password = st.nextToken();
}
// autheification in the DB
try {
try {
// try to login as a user first ...
user = cms.loginUser(username, password);
} catch(CmsException exc) {
// login as user failed, try as webuser ...
user = cms.loginWebUser(username, password);
}
// authentification was successful create a session
session = req.getSession(true);
OpenCmsServletNotify notify = new OpenCmsServletNotify(session.getId(), m_sessionStorage);
session.setAttribute("NOTIFY", notify);
}
catch(CmsException e) {
if(e.getType() == CmsException.C_NO_ACCESS) {
// authentification failed, so display a login screen
requestAuthorization(req, res);
}
else {
throw e;
}
}
}
}
}
}
catch(CmsException e) {
errorHandling(cms, cmsReq, cmsRes, e);
}
return cms;
}
/**
* This method sends a request to the client to display a login form.
* It is needed for HTTP-Authentification.
*
* @param req The clints request.
* @param res The servlets response.
*/
private void requestAuthorization(HttpServletRequest req, HttpServletResponse res) throws IOException {
String servletPath = null;
String redirectURL = null;
if (this.m_UseBasicAuthentication) {
// HTTP basic authentication is used
res.setHeader("WWW-Authenticate", "BASIC realm=\"OpenCms\"");
res.setStatus(401);
}
else {
// form based authentication is used, redirect the user to
// a page with a form to enter his username and password
servletPath = req.getContextPath() + req.getServletPath();
redirectURL = servletPath + this.m_AuthenticationFormURI + "?requestedResource=" + req.getPathInfo();
res.sendRedirect( redirectURL );
}
}
/**
* Updates the the user data stored in the CmsCoreSession after the requested document
* is processed.<p>
*
* This is required if the user data (current group or project) was changed in
* the requested document.<p>
*
* The user data is only updated if the user was authenticated to the system.
*
* @param cms the current CmsObject initialized with the user data
* @param cmsReq the current request
*/
private void updateUser(CmsObject cms, I_CmsRequest cmsReq) throws IOException {
if (! cms.getRequestContext().isUpdateSessionEnabled()) {
return;
}
HttpSession session = null;
// get the original ServletRequest and response
HttpServletRequest req = (HttpServletRequest)cmsReq.getOriginalRequest();
//get the session if it is there
session = req.getSession(false);
// if the user was authenticated via sessions, update the information in the
// sesssion stroage
if((session != null)) {
if(!cms.getRequestContext().currentUser().getName().equals(C_USER_GUEST)) {
Hashtable sessionData = new Hashtable(4);
sessionData.put(C_SESSION_USERNAME, cms.getRequestContext().currentUser().getName());
sessionData.put(C_SESSION_CURRENTGROUP, cms.getRequestContext().currentGroup().getName());
sessionData.put(C_SESSION_PROJECT, new Integer(cms.getRequestContext().currentProject().getId()));
Hashtable oldData = (Hashtable)session.getAttribute(C_SESSION_DATA);
if(oldData == null) {
oldData = new Hashtable();
}
sessionData.put(C_SESSION_DATA, oldData);
// was there any change on current-user, current-group or current-project?
boolean dirty = false;
dirty = dirty || (!sessionData.get(C_SESSION_USERNAME).equals(m_sessionStorage.getUserName(session.getId())));
dirty = dirty || (!sessionData.get(C_SESSION_CURRENTGROUP).equals(m_sessionStorage.getCurrentGroup(session.getId())));
dirty = dirty || (!sessionData.get(C_SESSION_PROJECT).equals(m_sessionStorage.getCurrentProject(session.getId())));
// update the user-data
m_sessionStorage.putUser(session.getId(), sessionData);
// was the session changed?
if((session.getAttribute(C_SESSION_IS_DIRTY) != null) || dirty) {
// yes- store it to the database
session.removeAttribute(C_SESSION_IS_DIRTY);
try {
m_opencms.storeSession(session.getId(), sessionData);
}
catch(CmsException exc) {
if(C_LOGGING && A_OpenCms.isLogging(C_OPENCMS_INFO)) {
A_OpenCms.log(C_OPENCMS_INFO, "[OpenCmsServlet] cannot store session: " + com.opencms.util.Utils.getStackTrace(exc));
}
}
}
// check if the session notify is set, it is nescessary to remove the
// session from the internal storage on its destruction.
OpenCmsServletNotify notify = null;
Object sessionValue = session.getAttribute("NOTIFY");
if(sessionValue instanceof OpenCmsServletNotify) {
notify = (OpenCmsServletNotify)sessionValue;
if(notify == null) {
notify = new OpenCmsServletNotify(session.getId(), m_sessionStorage);
session.setAttribute("NOTIFY", notify);
}
}
else {
notify = new OpenCmsServletNotify(session.getId(), m_sessionStorage);
session.setAttribute("NOTIFY", notify);
}
}
}
}
/**
* Get the value for the property entry
*
* @param part the name of the property
* @return The value of the property
*/
public String getErrormsg(String part){
Properties props = new Properties();
try {
props.load(getClass().getClassLoader().getResourceAsStream("com/opencms/core/errormsg.properties"));
} catch(NullPointerException exc) {
if(A_OpenCms.isLogging(C_OPENCMS_CRITICAL) && C_LOGGING) {
A_OpenCms.log(C_OPENCMS_CRITICAL, "[OpenCmsHttpServlet] cannot get com/opencms/core/errormsg.properties");
}
} catch(java.io.IOException exc) {
if(A_OpenCms.isLogging(C_OPENCMS_CRITICAL) && C_LOGGING) {
A_OpenCms.log(C_OPENCMS_CRITICAL, "[OpenCmsHttpServlet] cannot get com/opencms/core/errormsg.properties");
}
}
String value = props.getProperty(part);
return value;
}
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -