logonaction.java

这是linux下ssl vpn的实现程序

/*
 *  SSL-Explorer
 *
 *  Copyright (C) 2003-2006 3SP LTD. All Rights Reserved
 *
 *  This program is free software; you can redistribute it and/or
 *  modify it under the terms of the GNU General Public License
 *  as published by the Free Software Foundation; either version 2 of
 *  the License, or (at your option) any later version.
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public
 *  License along with this program; if not, write to the Free Software
 *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 */
			
package com.sslexplorer.security.actions;

import java.util.Iterator;
import java.util.List;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.struts.Globals;
import org.apache.struts.action.Action;
import org.apache.struts.action.ActionForm;
import org.apache.struts.action.ActionForward;
import org.apache.struts.action.ActionMapping;
import org.apache.struts.action.ActionMessage;
import org.apache.struts.action.ActionMessages;

import com.sslexplorer.boot.ContextHolder;
import com.sslexplorer.boot.KeyStoreManager;
import com.sslexplorer.boot.VersionInfo;
import com.sslexplorer.core.BundleActionMessage;
import com.sslexplorer.core.CoreServlet;
import com.sslexplorer.core.CoreUtil;
import com.sslexplorer.core.GlobalWarning;
import com.sslexplorer.core.ServletRequestAdapter;
import com.sslexplorer.extensions.ExtensionBundle;
import com.sslexplorer.policyframework.PolicyUtil;
import com.sslexplorer.replacementproxy.RequestParameterMap;
import com.sslexplorer.security.AccountLockedException;
import com.sslexplorer.security.AuthenticationModule;
import com.sslexplorer.security.AuthenticationScheme;
import com.sslexplorer.security.AuthenticationSchemeSequence;
import com.sslexplorer.security.Constants;
import com.sslexplorer.security.InputRequiredException;
import com.sslexplorer.security.InvalidLoginCredentialsException;
import com.sslexplorer.security.LogonController;
import com.sslexplorer.security.LogonStateMachine;
import com.sslexplorer.security.PasswordCredentials;
import com.sslexplorer.security.User;

/**
 * Logs a user into the SSL Explorer.
 * 
 * @author Lee David Painter
 * @version $Revision: 1.61 $
 */
public class LogonAction extends Action {

    private static Log log = LogFactory.getLog(LogonAction.class);

    public ActionForward execute(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response)
                    throws Exception {

        ActionMessages msgs = new ActionMessages();
        
        if (request.getSession().getAttribute(Constants.SESSION_LOCKED) == null
                        && CoreServlet.getServlet().getLogonController().hasClientLoggedOn(request, response) == LogonController.LOGGED_ON) {
        	if (log.isDebugEnabled())
        		log.debug(request.getRemoteHost() + " is already authenticated");

            return mapping.findForward("success");
        }

        /*
         * Get the authentication session and module to use to validate this
         * authentication attempt
         */
        AuthenticationScheme scheme = (AuthenticationScheme) request.getSession().getAttribute(Constants.AUTH_SESSION);
        if (scheme == null) {
            ActionForward fwd = ShowLogonAction.checkAuthSession(null, -1, false, mapping, request, response);
            if (fwd != null) {
                scheme = (AuthenticationScheme) request.getSession().getAttribute(Constants.AUTH_SESSION);
            } else {
                return mapping.findForward("logon");
            }
        }
        
        AuthenticationModule module = scheme.currentAuthenticationModule();
        if (module == null) {
            log.error("No authentication module.");
            request.getSession().removeAttribute(Constants.AUTH_SESSION);
            return mapping.findForward("logon");
        }

        try {
            if (!scheme.getEnabled()){
                msgs.add(Globals.ERROR_KEY, new ActionMessage("login.logonNotAllowed", "The logon scheme for the user is not enabled."));
                saveErrors(request, msgs);
                LogonStateMachine logonStateMachine = (LogonStateMachine) request.getSession().getAttribute(LogonStateMachine.LOGON_STATE_MACHINE);
                
                if(logonStateMachine==null) {
                    logonStateMachine = new LogonStateMachine();
                    request.getSession().setAttribute(LogonStateMachine.LOGON_STATE_MACHINE, logonStateMachine);            
                }
                
                logonStateMachine.setState(LogonStateMachine.STATE_RETURN_TO_LOGON);
                return mapping.findForward("logon");
            }
            
            authenticate(scheme, request);

            // Check logon is currently allowed
            String logonNotAllowedReason = CoreServlet.getServlet().getLogonController().checkLogonAllowed(scheme.getUser().getPrincipalName());

            if (logonNotAllowedReason != null) {
                log.warn("Logon not allowed because '" + logonNotAllowedReason + "'");
                msgs.add(Globals.ERROR_KEY, new ActionMessage("login.logonNotAllowed", logonNotAllowedReason));
                saveErrors(request, msgs);
                return mapping.findForward("logon");
            }
            
            // Check for the next authentication modules
            AuthenticationModule nextModule = scheme.nextAuthenticationModule();
            if (nextModule != null && request.getSession().getAttribute(Constants.SESSION_LOCKED) == null) {
            	if (log.isDebugEnabled())
            		log.debug("There are more authentication modules to satisfy (current mapping = " + mapping.getPath());
                ActionForward fw = mapping.findForward("logon");
                return fw;
            }

            return finishAuthentication(scheme, request, response);
        } catch(InputRequiredException ex) {
        	// The page wants to display
        	return mapping.findForward("logon");
        } catch (AccountLockedException ale) {
            return accountLocked(mapping, request, ale, scheme, msgs);
        } catch (InvalidLoginCredentialsException ex) {

            if (ex.getReset()) {
                request.getSession().removeAttribute(Constants.AUTH_SESSION);
            }
            msgs.add(Globals.ERROR_KEY, new ActionMessage("login.invalidCredentials", ex.getMessage()));
            saveErrors(request, msgs);
            if (scheme.getUsername() != null) {
                try {
                    CoreServlet.getServlet().getLogonController().logonFailed(scheme.getUsername(), scheme.getAccountLock());
                } catch (AccountLockedException ale) {
                    return accountLocked(mapping, request, ale, scheme, msgs);
                }
            }
            ActionForward forward = mapping.findForward("logon");
            log.error(scheme.getUsername() + " [" + request.getRemoteHost() + "] authenticated failed (forwarding to "
                            + forward.getPath() + ").", ex);
            return forward;
        } catch (Exception e) {
            log.error("Internal error authenticating.", e);
            request.getSession().setAttribute(Constants.EXCEPTION, e);