📄 defaultlogoncontroller.java
字号:
/*
* SSL-Explorer
*
* Copyright (C) 2003-2006 3SP LTD. All Rights Reserved
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2 of
* the License, or (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public
* License along with this program; if not, write to the Free Software
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
package com.sslexplorer.security;
import java.io.IOException;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Date;
import java.util.GregorianCalendar;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.regex.Pattern;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import javax.servlet.http.HttpSessionBindingEvent;
import javax.servlet.http.HttpSessionBindingListener;
import javax.swing.JOptionPane;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.struts.action.Action;
import org.apache.struts.action.ActionForward;
import org.apache.struts.action.ActionMapping;
import org.apache.struts.util.MessageResources;
import com.sslexplorer.boot.ContextHolder;
import com.sslexplorer.boot.HostService;
import com.sslexplorer.boot.HttpConstants;
import com.sslexplorer.boot.PropertyList;
import com.sslexplorer.boot.ReplacementEngine;
import com.sslexplorer.boot.RequestHandlerRequest;
import com.sslexplorer.boot.RequestHandlerResponse;
import com.sslexplorer.core.CoreAttributeConstants;
import com.sslexplorer.core.CoreEvent;
import com.sslexplorer.core.CoreEventConstants;
import com.sslexplorer.core.CoreServlet;
import com.sslexplorer.core.CoreUtil;
import com.sslexplorer.core.GlobalWarning;
import com.sslexplorer.core.PageInterceptException;
import com.sslexplorer.core.PageInterceptListener;
import com.sslexplorer.core.ServletRequestAdapter;
import com.sslexplorer.core.ServletResponseAdapter;
import com.sslexplorer.forwarding.VPNListeningSocket;
import com.sslexplorer.policyframework.PolicyUtil;
import com.sslexplorer.policyframework.ResourceUtil;
import com.sslexplorer.properties.PropertyProfile;
import com.sslexplorer.requesthandler.connect.ConnectRequestHandler;
import com.sslexplorer.requesthandler.connect.ConnectRequestHandlerListener;
import com.sslexplorer.security.actions.PromptForPrivateKeyPassphraseDispatchAction;
import com.sslexplorer.security.actions.UpdatePrivateKeyPassphraseDispatchAction;
import com.sslexplorer.util.TicketGenerator;
/**
* This class is the default implementation of the
* {@link com.sslexplorer.security.LogonController} and maintains and validates
* all logons to SSL-Explorer whether the be through the web based user
* interface or other sub-systems such as the <i>Embedded Client</i>.
*
* @author Lee David Painter <a href="mailto: lee@3sp.com"><lee@3sp.com></a>
* @author Brett Smith <a href="mailto: brett@3sp.com"><brett@3sp.com></a>
* @version $Revision: 1.103 $
*/
public class DefaultLogonController implements LogonController, ConnectRequestHandlerListener {
protected static Log log = LogFactory.getLog(DefaultLogonController.class);
HashMap logons = new HashMap();
HashMap logonsBySessionId = new HashMap();
HashMap pendingVPNSessionsByTicket = new HashMap();
HashMap pendingVPNSessionTicketsByLogon = new HashMap();
HashMap activeVPNSessionsByTicket = new HashMap();
HashMap activeVPNSessionsByLogon = new HashMap();
int sessionTimeoutBlockId;
HashMap lockedUsers = new HashMap();
List authenticationModules;
HashMap authorizedTickets = new HashMap();
/**
* Constructor.
*/
public DefaultLogonController() {
lockedUsers = new HashMap();
}
/*
* (non-Javadoc)
*
* @see com.sslexplorer.security.LogonController#init()
*/
public void init() {
new HeartbeatWatcher();
ConnectRequestHandler proxyHandler = CoreServlet.getServlet().getConnectProxyMethodHandler();
if (proxyHandler != null) {
proxyHandler.addProxyHandlerListener(this);
} else {
// Probably setup mode
}
}
/*
* (non-Javadoc)
*
* @see com.sslexplorer.security.LogonController#isAdministrator(com.sslexplorer.policyframework.Principal)
*/
public boolean isAdministrator(User principal) {
// In setup mode everyone is an administrator
if (ContextHolder.getContext().isSetupMode()) {
return true;
}
try {
// Now check the default administrators
if(principal==null) {
log.error("NULL principal object passed to isAdministrator!");
return false;
}
if(principal.getPrincipalName()==null) {
log.error("NULL principal name in principal object passed to isAdministrator!");
return false;
}
List administrators = new PropertyList(CoreServlet.getServlet().getPropertyDatabase().getProperty(0, null,"security.administrators"));
for(Iterator it = administrators.iterator(); it.hasNext();) {
if(principal.getPrincipalName().equals((String)it.next()))
return true;
}
} catch (Exception e) {
log.error("Failed to determine administrator status.", e);
}
return false;
}
/*
* (non-Javadoc)
*
* @see com.sslexplorer.security.LogonController#addSessionTimeoutBlock(javax.servlet.http.HttpSession,
* java.lang.String)
*/
public synchronized int addSessionTimeoutBlock(HttpSession session, String reason) {
Map sessionTimeoutBlocks = (Map) session.getAttribute(Constants.SESSION_TIMEOUT_BLOCKS);
if (sessionTimeoutBlocks == null) {
sessionTimeoutBlocks = new HashMap();
session.setAttribute(Constants.SESSION_TIMEOUT_BLOCKS, sessionTimeoutBlocks);
}
sessionTimeoutBlocks.put(String.valueOf(++sessionTimeoutBlockId), reason);
if (log.isDebugEnabled())
log.debug("Preventing session timeout on session " + session.getId() + " (id of " + sessionTimeoutBlockId + ") because '"
+ reason + "'. There are now " + sessionTimeoutBlocks.size() + " reasons not to timeout the session.");
session.setMaxInactiveInterval(-1);
return sessionTimeoutBlockId;
}
/*
* (non-Javadoc)
*
* @see com.sslexplorer.security.LogonController#removeSessionTimeoutBlock(javax.servlet.http.HttpSession,
* int)
*/
public synchronized void removeSessionTimeoutBlock(HttpSession session, int sessionTimeoutBlockId) {
try {
Map sessionTimeoutBlocks = (Map) session.getAttribute(Constants.SESSION_TIMEOUT_BLOCKS);
if (sessionTimeoutBlocks != null) {
String reason = (String) sessionTimeoutBlocks.get(String.valueOf(sessionTimeoutBlockId));
if (reason == null) {
log.warn("No session timeout block with id of " + sessionTimeoutBlockId);
} else {
sessionTimeoutBlocks.remove(String.valueOf(sessionTimeoutBlockId));
if (log.isDebugEnabled())
log.debug("Removing session timeout block " + sessionTimeoutBlockId + " for session " + session.getId() + " ('"
+ reason + "'). There are now " + sessionTimeoutBlocks.size()
+ " reasons not to timeout the session.");
}
if (sessionTimeoutBlocks.size() == 0) {
session.removeAttribute(Constants.SESSION_TIMEOUT_BLOCKS);
try {
PropertyProfile profile = (PropertyProfile) session.getAttribute(Constants.SELECTED_PROFILE);
User user = (User) session.getAttribute(Constants.USER);
int minutes = Integer.parseInt(CoreServlet.getServlet().getPropertyDatabase().getProperty(
profile == null ? 0 : profile.getResourceId(), user == null ? null : user.getPrincipalName(),
"webServer.sessionInactivityTimeout"));
if (log.isDebugEnabled())
log.debug("Initialising timeout for session " + session.getId() + " to " + minutes + " minutes");
session.setMaxInactiveInterval(minutes == 0 ? -1 : minutes * 60);
} catch (Exception e) {
log.error("Failed to reset session timeout.", e);
}
}
}
} catch (IllegalStateException ise) {
log.error("Couldnt prevent session timeout.", ise);
}
}
public void logoffSession(HttpServletRequest request, HttpServletResponse response) throws InvalidTicketException {
if (log.isInfoEnabled())
log.info("Logging off session " + request.getSession().getId());
if (request.getSession().getAttribute(Constants.LOGON_TICKET) == null) {
throw new InvalidTicketException("The current session does not contain a logon ticket");
} else {
String ticket = (String) request.getSession().getAttribute(Constants.LOGON_TICKET);
// if (log.isInfoEnabled()) {log.info("Logging off ticket " + ticket);}
logoff(ticket);
if (request.getCookies() != null) {
for (int i = 0; i < request.getCookies().length; i++) {
Cookie cookie = request.getCookies()[i];
if (cookie.getName().equals(Constants.LOGON_TICKET) || cookie.getName().equals(Constants.DOMAIN_LOGON_TICKET)) {
cookie.setMaxAge(0);
response.addCookie(cookie);
}
}
}
request.getSession().removeAttribute(Constants.LOGON_TICKET);
request.getSession().invalidate();
}
}
public List getSessionInfo(String username, int sessionType) {
List info = null;
for (Iterator i = logons.entrySet().iterator(); i.hasNext();) {
Map.Entry entry = (Map.Entry) i.next();
SessionInfo inf = (SessionInfo) entry.getValue();
if (inf.getUser().getPrincipalName().equals(username)
&& (sessionType == -1 || (sessionType != -1 && sessionType == inf.getType()))) {
if (info == null) {
info = new ArrayList();
}
info.add(inf);
}
}
return info;
}
public int getUserStatus(String username) throws Exception {
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -