📄 showobfuscatedlogonaction.java
字号:
package com.sslexplorer.security.actions;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.struts.action.ActionForm;
import org.apache.struts.action.ActionForward;
import org.apache.struts.action.ActionMapping;
import com.sslexplorer.core.CoreServlet;
import com.sslexplorer.security.Constants;
import com.sslexplorer.security.LogonController;
import com.sslexplorer.security.LogonStateMachine;
import com.sslexplorer.security.SessionInfo;
import com.sslexplorer.security.forms.LogonForm;
public class ShowObfuscatedLogonAction extends ShowLogonAction {
public ActionForward execute(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response)
throws Exception {
LogonForm logonForm = (LogonForm) form;
LogonStateMachine logonStateMachine = (LogonStateMachine) request.getSession().getAttribute(
LogonStateMachine.LOGON_STATE_MACHINE);
// if this is null then it is either a initial signon or a new browser
// connect.
if (logonStateMachine == null) {
if (CoreServlet.getServlet().getLogonController().hasClientLoggedOn(request, response) == LogonController.LOGGED_ON) {
logonStateMachine = new LogonStateMachine();
request.getSession().setAttribute(LogonStateMachine.LOGON_STATE_MACHINE, logonStateMachine);
return logonStateMachine.getSpecificSignOnForward(mapping, CoreServlet.getServlet().getLogonController().getUser(
request), true);
} else {
logonStateMachine = new LogonStateMachine();
request.getSession().setAttribute(LogonStateMachine.LOGON_STATE_MACHINE, logonStateMachine);
}
} else {
logonForm.setObfuscatedMode(true);
request.getSession().setAttribute(LogonStateMachine.LOGON_STATE_MACHINE, logonStateMachine);
}
// get the next expected forward, can be null, if so just continue.
ActionForward fwd = logonStateMachine.nextStateActionForward(mapping, logonForm.getUsername());
if (request.getParameter("reset") != null) {
// this is when a cancel action is done.
logonStateMachine.setState(LogonStateMachine.STATE_RETURN_TO_LOGON);
return logonStateMachine.nextStateActionForward(mapping, logonForm.getUsername());
} else if (logonStateMachine.getState() == LogonStateMachine.STATE_KNOWN_USERNAME_SINGLE_SCHEME
|| logonStateMachine.getState() == LogonStateMachine.STATE_KNOWN_USERNAME_MULTIPLE_SCHEMES) {
// from here either the select scheme page is displayed or just
// schemes first module.
return super.execute(mapping, form, request, response);
} else if (logonStateMachine.getState() == LogonStateMachine.STATE_UNKNOWN_USERNAME) {
// unknows username, so we still want to prompt for password so as
// not to inform the user that it was a correct username.
logonStateMachine.setState(LogonStateMachine.STATE_UNKNOWN_USERNAME_PROMPT_FOR_PASSWORD);
return super.execute(mapping, form, request, response);
} else if (logonStateMachine.getState() == LogonStateMachine.STATE_KNOWN_USERNAME_NO_SCHEME_SPOOF_PASSWORD_ENTRY
|| logonStateMachine.getState() == LogonStateMachine.STATE_UNKNOWN_USERNAME_PROMPT_FOR_PASSWORD
|| logonStateMachine.getState() == LogonStateMachine.STATE_KNOWN_USERNAME_WRONG_PASSWORD) {
// spoof the password page as we do not want to infor the user of any information.
logonStateMachine.setState(LogonStateMachine.STATE_RETURN_TO_LOGON);
logonForm.reset(mapping, request);
logonForm.setUsername("");
return logonStateMachine.nextStateActionForward(mapping, logonForm.getUsername());
} else if (logonStateMachine.getState() == LogonStateMachine.STATE_KNOWN_USERNAME_NO_SCHEME) {
// no scheme so just spoof.
logonStateMachine.setState(LogonStateMachine.STATE_KNOWN_USERNAME_NO_SCHEME_SPOOF_PASSWORD_ENTRY);
return super.execute(mapping, form, request, response);
} else if (fwd != null) {
return fwd;
} else {
return super.execute(mapping, form, request, response);
}
}
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -