Start line:  
End line:  

Snippet Preview

Snippet HTML Code

Stack Overflow Questions
Copyright 2005-2013 The Kuali Foundation Licensed under the Educational Community License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.opensource.org/licenses/ecl2.php Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
 
 package org.kuali.rice.kew.web;
 
 
A login filter which forwards to a login page that allows for the desired authentication ID to be entered without the need for a password.

Author(s):
Kuali Rice Team (rice.collab@kuali.org)
 
 public class DummyLoginFilter implements Filter {
     private String loginPath;
     private boolean showPassword = false;
     @Override
 	public void init(FilterConfig configthrows ServletException {
          = config.getInitParameter("loginPath");
          = Boolean.valueOf(config.getInitParameter("showPassword")).booleanValue();
         if ( == null) {
              = "/WEB-INF/jsp/dummy_login.jsp";
         }
     }
 
 	public void doFilter(ServletRequest requestServletResponse responseFilterChain chainthrows IOExceptionServletException {
 		this.doFilter((HttpServletRequestrequest, (HttpServletResponseresponsechain);
 	}
     
 	private void doFilter(HttpServletRequest requestHttpServletResponse responseFilterChain chainthrows IOExceptionServletException {
         final UserSession session = KRADUtils.getUserSessionFromRequest(request);
         
         if (session == null) {
         	IdentityService auth = KimApiServiceLocator.getIdentityService();
        		request.setAttribute("showPasswordField", Boolean.valueOf());
             final String user = request.getParameter("__login_user");
             final String password = request.getParameter("__login_pw");
             if (user != null && !user.trim().isEmpty()) {
             	// Very simple password checking. Nothing hashed or encrypted. This is strictly for demonstration purposes only.
             	final Principal principal =  ? auth.getPrincipalByPrincipalNameAndPassword(userpassword) : auth.getPrincipalByPrincipalName(user);
             	if (principal == null) {
             		handleInvalidLogin(requestresponse);	
             		return;
             	}
             	
                 // wrap the request with the remote user
                 // UserLoginFilter and WebAuthenticationService will create the session
                 request = new HttpServletRequestWrapper(request) {
                     @Override
 					public String getRemoteUser() {
                         return user;
                     }
                 };	
             	
             } else {
                 // no session has been established and this is not a login form submission, so forward to login page
                 request.getRequestDispatcher().forward(requestresponse);
                 return;
             }
         } else {
             request = new HttpServletRequestWrapper(request) {
                     @Override
 					public String getRemoteUser() {
                         return session.getPrincipalName();
                     }
                 };
         }
         chain.doFilter(requestresponse);
     }

Handles and invalid login attempt.

Parameters:
request the incoming request
response the outgoing response
Throws:
javax.servlet.ServletException if unable to handle the invalid login
java.io.IOException if unable to handle the invalid login
	private void handleInvalidLogin(ServletRequest requestServletResponse responsethrows ServletExceptionIOException {
		request.setAttribute("invalidAuth".);
		request.getRequestDispatcher().forward(requestresponse);
	}
    @Override
	public void destroy() {
    	 = null;
    }
New to GrepCode? Check out our FAQ X