logonaction.java

这是linux下ssl vpn的实现程序

            request.getSession().removeAttribute(Constants.AUTH_SESSION);
            return mapping.findForward("logonException");
        }

    }

    private ActionForward accountLocked(ActionMapping mapping, HttpServletRequest request, AccountLockedException ale,
                    AuthenticationScheme scheme, ActionMessages msgs) {

        request.getSession().removeAttribute(Constants.AUTH_SESSION);
        msgs.add(Globals.ERROR_KEY, new ActionMessage(ale.isDisabled() ? "login.accountDisabled" : "login.accountLocked", String
            .valueOf(((ale.getTimeLeft() / 1000) + 59) / 60)));
        saveErrors(request, msgs);
        log.warn(scheme.getUsername() + " [" + request.getRemoteHost() + "] account locked", ale);

        return (mapping.findForward("logon"));
    }

    /**
     * Complete the authentication process.
     * 
     * @param scheme scheme
     * @param request request
     * @param response response
     * @return forward to
     * @throws Exception on any error
     */
    public static ActionForward finishAuthentication(AuthenticationScheme scheme, HttpServletRequest request,
                    HttpServletResponse response) throws Exception {

        // Check we have a user object
        if (scheme.getUser() == null) {
            throw new Exception("No authentication module provided a user.");
        }

        // If the user is a manager, check if there is a new SSL-Explorer
        // version, or if there any exension updates
        if (CoreServlet.getServlet().getPolicyDatabase().isAnyResourcePermissionAllowed(scheme.getUser(),
            true, true, false)) {
            VersionInfo.Version version = CoreServlet.getServlet().getUpdateChecker().getAvailableCoreVersion();
            if (version != null && version.compareTo(ContextHolder.getContext().getVersion()) > 0) {
            	if (log.isInfoEnabled())
            		log.info("There appears to be new version of SSL-Explorer available (" + version + ")");
                CoreUtil.addMultipleGlobalWarning(GlobalWarning.MANAGEMENT_USERS, new BundleActionMessage("extensions",
                    "versionCheck.newVersionAvailable", version.toString()));
            }
            
            
            if("false".equals(ContextHolder.getContext().getContextProperty("webServer.disableCertificateWarning")) &&
                            !KeyStoreManager.getInstance(KeyStoreManager.DEFAULT_KEY_STORE).isCertificateTrusted(
                                            ContextHolder.getContext().getContextProperty("webServer.alias"))) {
                CoreUtil.addMultipleGlobalWarning(GlobalWarning.MANAGEMENT_USERS, new BundleActionMessage("keystore",
                    "keyStore.untrustedCertificate.warning"));                
            }
            List updateableExtensions = CoreServlet.getServlet().getUpdateChecker().getUpdateableExtensions();
            if (updateableExtensions != null && updateableExtensions.size() > 0) {
                StringBuffer sb = new StringBuffer();
                for (Iterator i = updateableExtensions.iterator(); i.hasNext();) {
                    ExtensionBundle bundle = (ExtensionBundle) i.next();
                    if (sb.length() > 0) {
                        sb.append(",");
                    }
                    sb.append(bundle.getId());
                }
                log.error("There are extension updates for " + sb.toString());
                CoreUtil.addMultipleGlobalWarning(GlobalWarning.MANAGEMENT_USERS, new BundleActionMessage("extensions",
                    "versionCheck.updatedExtensionsAvailable", String.valueOf(updateableExtensions.size()), sb.toString()));
            }

        }

        /*
         * Each authentication module needs to be informed that authentication
         * is now complete so it may perform any last minute checks
         */
        scheme.authenticationComplete(request, response);

        // Allow the home page to be redirected.
        request.getSession().setAttribute(Constants.REDIRECT_HOME, "true");

        // Authenitcation sequence complete
        if (log.isDebugEnabled())
        	log.debug(scheme.getUsername() + " [" + request.getRemoteHost() + "] has been authenticated");

        // Forward control to the specified success URI (possibly from the
        // initial unautenticated request)
        String originalRequest = (String) request.getSession().getAttribute(Constants.ORIGINAL_REQUEST);
        ActionForward forward = null;

        // Where next?
        // profiles.promptForProfileAtLogon
        if (CoreServlet.getServlet().getPropertyDatabase().getPropertyBoolean(0, null, "profiles.promptForProfileAtLogon")) {
            // Prompt for the profile
            forward = new ActionForward("/showSelectPropertyProfile.do");
        } else {

            if (CoreServlet.getServlet().getPropertyDatabase().getPropertyBoolean(0, null, "client.autoStart")) {
                request.getSession().removeAttribute(Constants.ORIGINAL_REQUEST);
                request.getSession().setAttribute(Constants.REQ_ATTR_LAUNCH_VPN_CLIENT_REFERER, originalRequest);
                forward = new ActionForward("/launchVPNClient.do");
            } else {
                if (originalRequest != null && originalRequest.length() > 0) {
                    request.getSession().removeAttribute(Constants.ORIGINAL_REQUEST);
                    forward = new ActionForward(originalRequest, false);
                } else {
                    if(CoreServlet.getServlet().getLogonController().isAdministrator(scheme.getUser())) {
                        forward = new ActionForward("/showSystemConfiguration.do");
                    }
                    else {
                        forward = new ActionForward("/showHome.do");
                    }
                }
            }
        }
        return forward;

    }

    /**
     * Start the authentication process.
     * 
     * @param scheme scheme
     * @param request request
     * @throws Exception on any error
     */
    public static void authenticate(AuthenticationScheme scheme, HttpServletRequest request) throws Exception {
        AuthenticationModule module = scheme.currentAuthenticationModule();
        if (module == null) {
            throw new Exception("No current authentication module");
        }

        RequestParameterMap params = new RequestParameterMap(new ServletRequestAdapter(request));

        User currentUser = scheme.getUser();

        LogonStateMachine logonStateMachine = (LogonStateMachine) request.getSession().getAttribute(LogonStateMachine.LOGON_STATE_MACHINE);
        
        if(logonStateMachine==null) {
            logonStateMachine = new LogonStateMachine();
            request.getSession().setAttribute(LogonStateMachine.LOGON_STATE_MACHINE, logonStateMachine);            
        }
        
        try{
            if (logonStateMachine.getState() == LogonStateMachine.STATE_KNOWN_USERNAME_NO_SCHEME_SPOOF_PASSWORD_ENTRY){
                scheme.addCredentials(new PasswordCredentials("", "".toCharArray()));
            }
            else{
                scheme.addCredentials(module.authenticate(request, params));
                logonStateMachine.setState(LogonStateMachine.STATE_VALID_LOGON);
                // Check we have a user object
                if (currentUser == null && scheme.getUser() == null) {
                    throw new Exception("The first authentication did not provide a user.");
                }

            }
        }
        catch (Exception e) {
            logonStateMachine.setState(LogonStateMachine.STATE_KNOWN_USERNAME_WRONG_PASSWORD);
            throw e;
        }

        //
        PolicyUtil.checkLogin(scheme.getUser());
    }

}