[Peepagg-cvs] fake/WEB-INF/src/fake LoginServlet.java,1.2,1.3

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Update of /cvsroot/peepagg//fake/WEB-INF/src/fake
In directory sc8-pr-cvs1:/tmp/cvs-serv7876/WEB-INF/src/fake

Modified Files:
	LoginServlet.java 
Log Message:
Added the rest of the SP stuff but it is not working yet.

Index: LoginServlet.java
===================================================================
RCS file: /cvsroot/peepagg//fake/WEB-INF/src/fake/LoginServlet.java,v
retrieving revision 1.2
retrieving revision 1.3
diff -C2 -d -r1.2 -r1.3
*** LoginServlet.java	15 Dec 2003 01:47:41 -0000	1.2
--- LoginServlet.java	15 Dec 2003 05:12:13 -0000	1.3
***************
*** 9,12 ****
--- 9,13 ----
  import java.io.IOException;
  import java.sql.Connection;
+ import java.sql.ResultSet;
  import java.sql.SQLException;
  import java.sql.Statement;
***************
*** 47,52 ****
  	protected void doGet(HttpServletRequest arg0, HttpServletResponse arg1)
  		throws ServletException, IOException {
! 		// TODO Auto-generated method stub
! 		super.doGet(arg0, arg1);
  	}
  
--- 48,53 ----
  	protected void doGet(HttpServletRequest arg0, HttpServletResponse arg1)
  		throws ServletException, IOException {
! 
! 		doPost(arg0, arg1);
  	}
  
***************
*** 61,70 ****
  		HttpServletResponse response)
  		throws ServletException, IOException {
! 		HttpSession session = request.getSession();
! 		String userName = request.getParameter("userID");
! 		if (userName == null || userName.trim().length() == 0) {
! 			response.sendError(400, "User name must be set");
! 			return;
  		}
  		Connection conn = null;
  		try {
--- 62,144 ----
  		HttpServletResponse response)
  		throws ServletException, IOException {
! 		try {
! 			HttpSession session = request.getSession();
! 			String userName = request.getParameter("userID");
! 			String providerID = request.getParameter("ProviderID");
! 			String sessionID = request.getParameter("sessionID");
! 			if (sessionID != null) {
! 				validateSession(
! 					request,
! 					response,
! 					session,
! 					userName,
! 					sessionID);
! 			}
! 			if (providerID != null) {
! 				useSP(request, response, session, providerID);
! 			} else if (userName != null && userName.trim().length() > 0) {
! 				useIDP(request, response, session, userName);
! 			} else {
! 				response.sendError(
! 					400,
! 					"UserId, SessionID or ProviderID must be set");
! 
! 			}
! 		} catch (ServletException e) {
! 			throw e;
! 		} catch (Exception e) {
! 			throw new ServletException("error", e);
  		}
+ 	}
+ 
+ 	/**
+ 	 * @param request
+ 	 * @param response
+ 	 * @param session
+ 	 * @param sessionID
+ 	 */
+ 	private void validateSession(
+ 		HttpServletRequest request,
+ 		HttpServletResponse response,
+ 		HttpSession session,
+ 		String sessionID,
+ 		String userid)
+ 		throws NamingException, SQLException, IOException {
+ 		if (isSessionIDValid(userid, sessionID)) {
+ 			saveFakeUserName(session, userid);
+ 			response.sendRedirect(getBaseURL(request) + "/success.jsp");
+ 		} else {
+ 			response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
+ 		}
+ 
+ 	}
+ 
+ 	/**
+ 	 * @param request
+ 	 * @param response
+ 	 * @param session
+ 	 * @param providerID
+ 	 */
+ 	private void useSP(
+ 		HttpServletRequest request,
+ 		HttpServletResponse response,
+ 		HttpSession session,
+ 		String providerID)
+ 		throws IOException {
+ 		response.sendRedirect(
+ 			"http://localhost:8080/SP/lamp/sp?"
+ 				+ "ProviderID="
+ 				+ providerID
+ 				+ "&successURL="
+ 				+ getBaseURL(request)
+ 				+ "/success.jsp");
+ 	}
+ 
+ 	private void useIDP(
+ 		HttpServletRequest request,
+ 		HttpServletResponse response,
+ 		HttpSession session,
+ 		String userName)
+ 		throws IOException, ServletException {
  		Connection conn = null;
  		try {
***************
*** 73,90 ****
  			Random r = new Random();
  			String sessionID = Integer.toHexString(r.nextInt());
! 			// Note: Use an
! 			// ABSOLUTE URL
! 			// here, not
! 			// relative,
! 			// because it
! 			// will be used to redirect the user
! 			// across host domains.
! 
! 			String thisPage = request.getRequestURL().toString();
! 			thisPage =
! 				thisPage.substring(
! 					0,
! 					thisPage.indexOf(request.getContextPath())
! 						+ request.getContextPath().length());
  			boolean success =
  				statement.execute(
--- 147,151 ----
  			Random r = new Random();
  			String sessionID = Integer.toHexString(r.nextInt());
! 			String thisPage = getBaseURL(request);
  			boolean success =
  				statement.execute(
***************
*** 94,98 ****
  						+ sessionID
  						+ "')");
! 			session.setAttribute("fake_userId", userName);
  
  			response.sendRedirect(
--- 155,159 ----
  						+ sessionID
  						+ "')");
! 			saveFakeUserName(session, userName);
  
  			response.sendRedirect(
***************
*** 109,125 ****
  
  		} catch (Exception e) {
! 			response.sendError(500, e.getMessage());
! 			e.printStackTrace();
! 			return;
  		} finally {
! 			if (conn != null) {
! 				try {
! 					conn.close();
! 				} catch (SQLException e1) {
! 					e1.printStackTrace();
! 				}
! 			}
  		}
  
  	}
  
--- 170,220 ----
  
  		} catch (Exception e) {
! 			throw new ServletException("Error in IDP for " + userName, e);
  		} finally {
! 			close(conn);
  		}
+ 	}
+ 
+ 	/**
+ 	 * Get the base url for this Page
+ 	 * 
+ 	 * @param request
+ 	 * @return
+ 	 */
+ 	private String getBaseURL(HttpServletRequest request) {
+ 		// Note: Use an
+ 		// ABSOLUTE URL
+ 		// here, not
+ 		// relative,
+ 		// because it
+ 		// will be used to redirect the user
+ 		// across host domains.
  
+ 		String thisPage = request.getRequestURL().toString();
+ 		thisPage =
+ 			thisPage.substring(
+ 				0,
+ 				thisPage.indexOf(request.getContextPath())
+ 					+ request.getContextPath().length());
+ 		return thisPage;
+ 	}
+ 
+ 	private void saveFakeUserName(HttpSession session, String userName) {
+ 		session.setAttribute("fake_userId", userName);
+ 	}
+ 
+ 	/**
+ 	 * Safely and quitly close a connection
+ 	 * 
+ 	 * @param conn
+ 	 */
+ 	private void close(Connection conn) {
+ 		if (conn != null) {
+ 			try {
+ 				conn.close();
+ 			} catch (SQLException e1) {
+ 				e1.printStackTrace();
+ 			}
+ 		}
  	}
  
***************
*** 132,135 ****
--- 227,248 ----
  		Connection conn = ds.getConnection();
  		return conn;
+ 	}
+ 	protected boolean isSessionIDValid(String userID, String sessionID)
+ 		throws NamingException, SQLException {
+ 		Connection conn = null;
+ 		try {
+ 			conn = getConnection();
+ 			Statement statement = conn.createStatement();
+ 			ResultSet rs =
+ 				statement.executeQuery(
+ 					"select count(*) from  fsn_session where userID='"
+ 						+ userID
+ 						+ "' and sessionID ='"
+ 						+ sessionID
+ 						+ "'");
+ 			return rs.next() && rs.getInt(1) >= 1;
+ 		} finally {
+ 			close(conn);
+ 		}
  	}