opencmshttpservlet.java

来自「java 编写的程序」· Java 代码 · 共 721 行 · 第 1/3 页

JAVA
721
字号
            loginParameter = cmsReq.getParameter("opencms");
            if(loginParameter != null) {
                // do only show the authentication box if user is not already
                // authenticated.
                if(req.getHeader("Authorization") == null) {
                    if(loginParameter.equals("login")) {
                        requestAuthorization(req, res);
                    }
                }
            }

            // check for the clearcache parameter
            loginParameter = cmsReq.getParameter("_clearcache");
            if(loginParameter != null) {
                cms.clearcache();
            }

            // get the actual session
            session = req.getSession(false);

            // there is no session
            if((session == null)) {
                // was there an old session-id?
                String oldSessionId = req.getRequestedSessionId();
                if(oldSessionId != null) {

                    // yes - try to load that session
                    Hashtable sessionData = null;
                    try {
                        sessionData = m_opencms.restoreSession(oldSessionId);
                    }
                    catch(CmsException exc) {
                        if(I_CmsLogChannels.C_PREPROCESSOR_IS_LOGGING && A_OpenCms.isLogging()) {
                            A_OpenCms.log(I_CmsLogChannels.C_OPENCMS_INFO, "[OpenCmsServlet] cannot restore session: " + com.opencms.util.Utils.getStackTrace(exc));
                        }
                    }

                    // can the session be restored?
                    if(sessionData != null) {

                        // create a new session first
                        session = req.getSession(true);
                        m_sessionStorage.putUser(session.getId(), sessionData);

                        // restore the session-data
                        session.setAttribute(C_SESSION_DATA, sessionData.get(C_SESSION_DATA));
                    }
                }
            }

            // there was a session returned, now check if this user is already authorized
            if(session != null) {
                // get the username
                user = m_sessionStorage.getUserName(session.getId());
                //check if a user was returned, i.e. the user is authenticated
                if(user != null) {
                    group = m_sessionStorage.getCurrentGroup(session.getId());
                    project = m_sessionStorage.getCurrentProject(session.getId());
                    m_opencms.initUser(cms, cmsReq, cmsRes, user, group, project.intValue(), m_sessionStorage);
                }
            }
            else {
                // there was either no session returned or this session was not
                // found in the CmsCoreSession storage
                String auth = req.getHeader("Authorization");

                // User is authenticated, check password
                if(auth != null) {

                    // only do basic authentification
                    if(auth.toUpperCase().startsWith("BASIC ")) {

                        // Get encoded user and password, following after "BASIC "
                        String userpassEncoded = auth.substring(6);

                        // Decode it, using any base 64 decoder
                        sun.misc.BASE64Decoder dec = new sun.misc.BASE64Decoder();
                        String userstr = new String(dec.decodeBuffer(userpassEncoded));
                        String username = null;
                        String password = null;
                        StringTokenizer st = new StringTokenizer(userstr, ":");
                        if(st.hasMoreTokens()) {
                            username = st.nextToken();
                        }
                        if(st.hasMoreTokens()) {
                            password = st.nextToken();
                        }
                        // autheification in the DB
                        try {
                            try {
                                // try to login as a user first ...
                                user = cms.loginUser(username, password);
                            } catch(CmsException exc) {
                                // login as user failed, try as webuser ...
                                user = cms.loginWebUser(username, password);
                            }
                            // authentification was successful create a session
                            session = req.getSession(true);
                            OpenCmsServletNotify notify = new OpenCmsServletNotify(session.getId(), m_sessionStorage);
                            session.setAttribute("NOTIFY", notify);
                        }
                        catch(CmsException e) {
                            if(e.getType() == CmsException.C_NO_ACCESS) {

                                // authentification failed, so display a login screen
                                requestAuthorization(req, res);

                            }
                            else {
                                throw e;
                            }
                        }
                    }
                }
            }
        }
        catch(CmsException e) {
            errorHandling(cms, cmsReq, cmsRes, e);
        }
        return cms;
    }

    /**
     * This method sends a request to the client to display a login form.
     * It is needed for HTTP-Authentification.
     *
     * @param req   The clints request.
     * @param res   The servlets response.
     */
    private void requestAuthorization(HttpServletRequest req, HttpServletResponse res) throws IOException {
        res.setHeader("WWW-Authenticate", "BASIC realm=\"OpenCms\"");
        res.setStatus(401);
    }

    /**
     * Updated the the user data stored in the CmsCoreSession after the requested document
     * is processed.<br>
     *
     * This is nescessary if the user data (current group or project) was changed in
     * the requested document. <br>
     *
     * The user data is only updated if the user was authenticated to the system.
     *
     * @param cms The actual CmsObject.
     * @param cmsReq The clints request.
     * @param cmsRes The servlets response.
     * @return The CmsObject
     */
    private void updateUser(CmsObject cms, I_CmsRequest cmsReq, I_CmsResponse cmsRes) throws IOException {
        HttpSession session = null;

        // get the original ServletRequest and response
        HttpServletRequest req = (HttpServletRequest)cmsReq.getOriginalRequest();

        //get the session if it is there
        session = req.getSession(false);

        // if the user was authenticated via sessions, update the information in the
        // sesssion stroage
        if((session != null)) {
            if(!cms.getRequestContext().currentUser().getName().equals(C_USER_GUEST)) {
                Hashtable sessionData = new Hashtable(4);
                sessionData.put(C_SESSION_USERNAME, cms.getRequestContext().currentUser().getName());
                sessionData.put(C_SESSION_CURRENTGROUP, cms.getRequestContext().currentGroup().getName());
                sessionData.put(C_SESSION_PROJECT, new Integer(cms.getRequestContext().currentProject().getId()));
                Hashtable oldData = (Hashtable)session.getAttribute(C_SESSION_DATA);
                if(oldData == null) {
                    oldData = new Hashtable();
                }
                sessionData.put(C_SESSION_DATA, oldData);

                // was there any change on current-user, current-group or current-project?
                boolean dirty = false;
                dirty = dirty || (!sessionData.get(C_SESSION_USERNAME).equals(m_sessionStorage.getUserName(session.getId())));
                dirty = dirty || (!sessionData.get(C_SESSION_CURRENTGROUP).equals(m_sessionStorage.getCurrentGroup(session.getId())));
                dirty = dirty || (!sessionData.get(C_SESSION_PROJECT).equals(m_sessionStorage.getCurrentProject(session.getId())));

                // update the user-data
                m_sessionStorage.putUser(session.getId(), sessionData);

                // was the session changed?
                if((session.getAttribute(C_SESSION_IS_DIRTY) != null) || dirty) {

                    // yes- store it to the database
                    session.removeAttribute(C_SESSION_IS_DIRTY);
                    try {
                        m_opencms.storeSession(session.getId(), sessionData);
                    }
                    catch(CmsException exc) {
                        if(I_CmsLogChannels.C_PREPROCESSOR_IS_LOGGING && A_OpenCms.isLogging()) {
                            A_OpenCms.log(I_CmsLogChannels.C_OPENCMS_INFO, "[OpenCmsServlet] cannot store session: " + com.opencms.util.Utils.getStackTrace(exc));
                        }
                    }
                }

                // check if the session notify is set, it is nescessary to remove the

                // session from the internal storage on its destruction.
                OpenCmsServletNotify notify = null;
                Object sessionValue = session.getAttribute("NOTIFY");
                if(sessionValue instanceof OpenCmsServletNotify) {
                    notify = (OpenCmsServletNotify)sessionValue;
                    if(notify == null) {
                        notify = new OpenCmsServletNotify(session.getId(), m_sessionStorage);
                        session.setAttribute("NOTIFY", notify);
                    }
                }
                else {
                    notify = new OpenCmsServletNotify(session.getId(), m_sessionStorage);
                    session.setAttribute("NOTIFY", notify);
                }
            }
        }
    }

    /**
     * Get the value for the property entry
     *
     * @param part the name of the property
     * @return The value of the property
     */
    public String getErrormsg(String part){
        Properties props = new Properties();
        try {
            props.load(getClass().getClassLoader().getResourceAsStream("com/opencms/core/errormsg.properties"));
        } catch(NullPointerException exc) {
            if(A_OpenCms.isLogging() && I_CmsLogChannels.C_PREPROCESSOR_IS_LOGGING) {
                A_OpenCms.log(I_CmsLogChannels.C_OPENCMS_CRITICAL, "[OpenCmsHttpServlet] cannot get com/opencms/core/errormsg.properties");
            }
        } catch(java.io.IOException exc) {
            if(A_OpenCms.isLogging() && I_CmsLogChannels.C_PREPROCESSOR_IS_LOGGING) {
                A_OpenCms.log(I_CmsLogChannels.C_OPENCMS_CRITICAL, "[OpenCmsHttpServlet] cannot get com/opencms/core/errormsg.properties");
            }
        }
        String value = props.getProperty(part);
        return value;
    }
}

⌨️ 快捷键说明

复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?