authenticateddispatchaction.java

这是linux下ssl vpn的实现程序

/*
 *  SSL-Explorer
 *
 *  Copyright (C) 2003-2006 3SP LTD. All Rights Reserved
 *
 *  This program is free software; you can redistribute it and/or
 *  modify it under the terms of the GNU General Public License
 *  as published by the Free Software Foundation; either version 2 of
 *  the License, or (at your option) any later version.
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public
 *  License along with this program; if not, write to the Free Software
 *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 */
			
package com.sslexplorer.core.actions;

import java.io.IOException;
import java.util.Enumeration;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.struts.Globals;
import org.apache.struts.action.ActionForm;
import org.apache.struts.action.ActionForward;
import org.apache.struts.action.ActionMapping;
import org.apache.struts.action.ActionMessage;
import org.apache.struts.action.ActionMessages;

import com.sslexplorer.boot.ContextHolder;
import com.sslexplorer.boot.Util;
import com.sslexplorer.core.CoreMenuTree;
import com.sslexplorer.core.CoreServlet;
import com.sslexplorer.core.CoreUtil;
import com.sslexplorer.core.ServletRequestAdapter;
import com.sslexplorer.core.ServletResponseAdapter;
import com.sslexplorer.core.forms.CoreForm;
import com.sslexplorer.navigation.MenuTree;
import com.sslexplorer.navigation.NavigationManager;
import com.sslexplorer.policyframework.ActionDeniedException;
import com.sslexplorer.policyframework.Permission;
import com.sslexplorer.policyframework.ResourceType;
import com.sslexplorer.properties.PropertyProfile;
import com.sslexplorer.security.Constants;
import com.sslexplorer.security.InvalidTicketException;
import com.sslexplorer.security.LogonController;
import com.sslexplorer.security.SessionInfo;
import com.sslexplorer.security.User;
import com.sslexplorer.security.VPNSession;

public abstract class AuthenticatedDispatchAction extends DefaultDispatchAction implements CoreAction {
    static Log log = LogFactory.getLog(AuthenticatedAction.class);
    protected ResourceType resourceType, requiresResourcesOfType;
    protected Permission[] permissions;
    protected SessionInfo sessionInfo;

    /**
     * Use this constructor for actions that do not require any resource
     * permissions
     */
    public AuthenticatedDispatchAction() {
    }

    /**
     * Use this constructor for actions that require a resource permission to
     * operator
     * 
     * @param resourceType resource type
     * @param permissions permission required
     */
    public AuthenticatedDispatchAction(ResourceType resourceType, Permission permissions[]) {
        this(resourceType, permissions, null);
    }

    /**
     * Use this constructor for actions that require a resource permission to
     * operator
     * 
     * @param resourceType resource type 
     * @param permissions permission required
     * @param requiresResources requires access to resources of type
     */
    public AuthenticatedDispatchAction(ResourceType resourceType, Permission permissions[],
                                       ResourceType requiresResources) {
        this.resourceType = resourceType;
        this.requiresResourcesOfType = requiresResources;
        this.permissions = permissions;
    }

    /**
     * This abstract class will populate all the common variables required by an
     * action within the webstudio framework, such as current user, permission
     * database, user database etc
     * 
     * @param mapping
     * @param form
     * @param request
     * @param response
     * 
     * @exception Exception if business logic throws an exception
     */
    public ActionForward execute(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response)
                    throws Exception {
        // Setup mode
        boolean setupMode = ContextHolder.getContext().isSetupMode();
        if (setupMode) {
            if ((getNavigationContext(mapping, form, request, response) & SessionInfo.SETUP_CONSOLE_CONTEXT) == 0) {
                return mapping.findForward("setup");
            } else {
                CoreUtil.checkNavigationContext(this, mapping, form, request, response);
                return super.execute(mapping, form, request, response);
            }
        }
        try {
            try {
                if (!CoreServlet.getServlet().getSystemDatabase().verifyIPAddress(request.getRemoteAddr())) {
                    String link = null;
                    log.error(request.getRemoteHost() + " is not authorized");
                    ActionMessages mesgs = new ActionMessages();
                    mesgs.add(Globals.ERROR_KEY, new ActionMessage("login.unauthorizedAddress"));
                    saveErrors(request, mesgs);
                    VPNSession vpnSession = CoreServlet.getServlet().getLogonController().getPrimaryVPNSession(CoreServlet.getServlet().getLogonController().getVPNSessionsByLogon(request));
                    // The client may have already de-registered if it was
                    // stopped nicely
                    if (vpnSession != null) {
                        link = "http://localhost:" + vpnSession.getClientPort() + "/shutdown";
                    }
                    if (log.isInfoEnabled())
                    	log.info("Logging off, IP address verification failed.");
                    CoreServlet.getServlet().getLogonController().logoffSession(request, response);
                    request.getSession().invalidate();
                    if (link != null) {
                        ActionForward fwd = new ActionForward(link, true);
                        return fwd;
                    } else {
                        return (mapping.findForward("logon"));
                    }
                } else {
                    int logonStatus = CoreServlet.getServlet().getLogonController().hasClientLoggedOn(request, response);
                    if (logonStatus == LogonController.INVALID_TICKET) {
                        ActionMessages msgs = new ActionMessages();
                        msgs.add(Globals.ERROR_KEY, new ActionMessage("login.invalidTicket"));
                        saveErrors(request, msgs);
                    } else if (logonStatus == LogonController.LOGGED_ON) {
                        User currentUser = CoreServlet.getServlet().getLogonController().getUser(request);
                        // Set the logon ticket / domain logon ticket again
                        CoreServlet.getServlet().getLogonController().addCookies(new ServletRequestAdapter(request), new ServletResponseAdapter(response),
                            (String) request.getSession().getAttribute(Constants.LOGON_TICKET), currentUser);

                        ActionForward fwd = checkIntercept(mapping, request, response);
                        if (fwd != null) {
                            return fwd;
                        }