showlogonaction.java
来自「这是linux下ssl vpn的实现程序」· Java 代码 · 共 213 行
JAVA
213 行
/*
* SSL-Explorer
*
* Copyright (C) 2003-2006 3SP LTD. All Rights Reserved
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2 of
* the License, or (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public
* License along with this program; if not, write to the Free Software
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
package com.sslexplorer.security.actions;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.struts.Globals;
import org.apache.struts.action.ActionForm;
import org.apache.struts.action.ActionForward;
import org.apache.struts.action.ActionMapping;
import org.apache.struts.action.ActionMessage;
import org.apache.struts.action.ActionMessages;
import com.sslexplorer.boot.Util;
import com.sslexplorer.core.CoreServlet;
import com.sslexplorer.core.actions.DefaultAction;
import com.sslexplorer.security.AccountLock;
import com.sslexplorer.security.AuthenticationModule;
import com.sslexplorer.security.AuthenticationScheme;
import com.sslexplorer.security.AuthenticationSchemeSequence;
import com.sslexplorer.security.Constants;
import com.sslexplorer.security.LogonController;
import com.sslexplorer.security.SessionInfo;
import com.sslexplorer.security.forms.LogonForm;
public class ShowLogonAction extends DefaultAction {
final static Log log = LogFactory.getLog(ShowLogonAction.class);
public ActionForward execute(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response)
throws Exception {
/* The logon page should not be shown if already logged on. It is important
* that hasClientLoggedOn is called first, as this is what places the
* session lock in the session attributes.
*/
if (CoreServlet.getServlet().getLogonController().hasClientLoggedOn(request, response) == LogonController.LOGGED_ON
&&
request.getSession().getAttribute(Constants.SESSION_LOCKED) == null) {
return mapping.findForward("home");
}
ActionForward fwd = super.execute(mapping, form, request, response);
boolean reset = "true".equals(request.getParameter("reset"));
if (request.getSession().getAttribute(Constants.SESSION_LOCKED) != null) {
ActionMessages messages = new ActionMessages();
messages.add(Globals.MESSAGE_KEY, new ActionMessage("login.sessionLocked"));
saveMessages(request, messages);
}
int selectScheme = -1;
try {
selectScheme = Integer.parseInt(request.getParameter("selectedAuthenticationScheme"));
}
catch(Exception e) {
}
int defaultScheme = CoreServlet.getServlet().getPropertyDatabase().getPropertyInt(0, null, "authenticationScheme.default");
if(selectScheme != -1) {
request.getSession().setAttribute(Constants.SELECTED_SCHEME, new Integer(selectScheme));
reset = true;
}
else {
Integer i = ((Integer)request.getSession().getAttribute(Constants.SELECTED_SCHEME));
selectScheme = i == null ? -1 : i.intValue();
if(selectScheme == -1) {
selectScheme = defaultScheme;
}
}
/* The only schemes the are valid for selection at logon are those that
* are enabled and those that are <strong>not</strong> system schemes.
* Could these up and if we have more than 1 we can show the auth.
* scheme select page.
*/
List as = CoreServlet.getServlet().getSystemDatabase().getAuthenticationSchemeSequences();
int enabledSchemes = 0;
for(Iterator i = as.iterator(); i.hasNext(); ) {
AuthenticationSchemeSequence seq = (AuthenticationSchemeSequence)i.next();
if(seq.getEnabled() && !seq.isSystemScheme()) {
enabledSchemes++;
}
}
((LogonForm)form).setHasMoreAuthenticationSchemes(enabledSchemes > 1);
try {
fwd = checkAuthSession(((LogonForm)form), selectScheme, reset, mapping, request, response);
Util.noCache(response);
return fwd;
} catch (Exception e) {
request.getSession().removeAttribute(Constants.AUTH_SESSION);
throw e;
}
}
public static ActionForward checkAuthSession(LogonForm form, int selectScheme, boolean reset, ActionMapping mapping, HttpServletRequest request,
HttpServletResponse response) throws Exception {
AuthenticationScheme authScheme = (AuthenticationScheme) request.getSession().getAttribute(Constants.AUTH_SESSION);
if (authScheme == null || reset) {
int scheme = selectScheme == -1 ? CoreServlet.getServlet().getPropertyDatabase().getPropertyInt(0, null, "authenticationScheme.default") : selectScheme;
if (log.isDebugEnabled())
log.debug("Creating new authentication session using scheme '" + scheme + "'");
/* Build up a list of authentication schemes to try, in case the configured scheme
* fails for some reason.
*/
List schemesToTry = new ArrayList();
schemesToTry.add(new Integer(scheme));
List allSchemes = CoreServlet.getServlet().getSystemDatabase().getAuthenticationSchemeSequences();
for(Iterator i = allSchemes.iterator(); i.hasNext(); ) {
AuthenticationSchemeSequence seq = (AuthenticationSchemeSequence)i.next();
if(!seq.isSystemScheme() && seq.getResourceId() != scheme) {
schemesToTry.add(new Integer(seq.getResourceId()));
}
}
// Try all schemes until one initialises
boolean found = false;
for(Iterator i = schemesToTry.iterator(); i.hasNext();) {
Integer id = (Integer)i.next();
if (log.isDebugEnabled())
log.debug("Trying to initialise scheme " + id);
try {
authScheme = CoreServlet.getServlet().getSystemDatabase().getAuthenticationSchemeSequence(id.intValue());
if(authScheme==null) {
log.info("NULL authentication scheme with id " + id.intValue());
continue;
}
authScheme.setUsername(form.getUsername());
authScheme.init(request.getSession());
if (authScheme.nextAuthenticationModule() == null) {
throw new Exception("No authentication modules have been configured.");
}
request.getSession().setAttribute(Constants.AUTH_SESSION, authScheme);
if (log.isDebugEnabled())
log.debug("Scheme " + id + " initialised OK");
found = true;
break;
}
catch(Throwable t) {
log.error("Failed to initialise scheme " + id + ". ", t);
}
}
// Make sure at least on scheme was ok
if(!found) {
throw new Exception("Could not find any usable authentication schemes. Please re-run SSL-Explorer in setup mode and configuration at least one authentication scheme.");
}
}
while (true) {
AuthenticationModule module = authScheme.currentAuthenticationModule();
if(form != null) {
form.setCurrentModuleIndex(authScheme.getCurrentModuleIndex());
}
// The module may wish to forward somewhere other than to the
// default login page
ActionForward forward = module.startAuthentication(mapping, request, response);
if (module.isRequired()) {
return forward;
} else {
// Are we at the end of the sequence
if (authScheme.nextAuthenticationModule() == null) {
return LogonAction.finishAuthentication(authScheme, request, response);
}
}
}
}
/* (non-Javadoc)
* @see com.sslexplorer.core.actions.DefaultAction#checkForVPNMessages(javax.servlet.http.HttpServletRequest)
*/
protected void checkForVPNMessages(HttpServletRequest request) {
// We do not want any vpn client messages at the logon page
}
public int getNavigationContext(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) {
return SessionInfo.ALL_CONTEXTS;
}
}
⌨️ 快捷键说明
复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?