Coverage Report

Coverage Report - org.kuali.rice.kew.web.DummyLoginFilter

Classes in this File

Line Coverage

Branch Coverage

Complexity

DummyLoginFilter

0/31

0/10

2.167

DummyLoginFilter$1

0/2

N/A

2.167

 /*
  * Copyright 2005-2008 The Kuali Foundation
  * 
  * 
  * Licensed under the Educational Community License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  * 
  * http://www.opensource.org/licenses/ecl2.php
  * 
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 package org.kuali.rice.kew.web;
 
 import java.io.IOException;
 
 import javax.servlet.Filter;
 import javax.servlet.FilterChain;
 import javax.servlet.FilterConfig;
 import javax.servlet.ServletException;
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletRequestWrapper;
 import javax.servlet.http.HttpServletResponse;
 
 import org.kuali.rice.kim.bo.entity.KimPrincipal;
 import org.kuali.rice.kim.service.IdentityManagementService;
 import org.kuali.rice.kim.service.KIMServiceLocator;
 import org.kuali.rice.kns.UserSession;
 import org.kuali.rice.kns.util.WebUtils;
 
 /**
  * A login filter which forwards to a login page that allows for the desired
  * authentication ID to be entered without the need for a password.
  *
  * @author Kuali Rice Team (rice.collab@kuali.org)
  */
 public class DummyLoginFilter implements Filter {
     private String loginPath;
     private boolean showPassword = false;
     @Override
         public void init(FilterConfig config) throws ServletException {
         loginPath = config.getInitParameter("loginPath");
         showPassword = Boolean.valueOf(config.getInitParameter("showPassword")).booleanValue();
         if (loginPath == null) {
             loginPath = "/WEB-INF/jsp/dummy_login.jsp";
         }
     }
 
         @Override
         public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
                 this.doFilter((HttpServletRequest) request, (HttpServletResponse) response, chain);
         }
     
         private void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException {
         final UserSession session = WebUtils.getUserSessionFromRequest(request);
         
         if (session == null) {
                 IdentityManagementService auth = KIMServiceLocator.getIdentityManagementService();
                        request.setAttribute("showPasswordField", Boolean.valueOf(showPassword));
             final String user = request.getParameter("__login_user");
             final String password = request.getParameter("__login_pw");
             if (user != null) {
                     // Very simple password checking. Nothing hashed or encrypted. This is strictly for demonstration purposes only.
                     final KimPrincipal principal = showPassword ? auth.getPrincipalByPrincipalNameAndPassword(user, password) : auth.getPrincipalByPrincipalName(user);
                     if (principal == null) {
                             handleInvalidLogin(request, response);        
                             return;
                     }
                     
                 // wrap the request with the remote user
                 // UserLoginFilter and WebAuthenticationService will create the session
                 request = new HttpServletRequestWrapper(request) {
                     @Override
                                         public String getRemoteUser() {
                         return user;
                     }
                 };        
                     
             } else {
                 // no session has been established and this is not a login form submission, so forward to login page
                 request.getRequestDispatcher(loginPath).forward(request, response);
                 return;
             }
         }
         chain.doFilter(request, response);
     }
         
         /**
          * Handles and invalid login attempt.
          *  
          * @param request the incoming request
          * @param response the outgoing response
          * @throws ServletException if unable to handle the invalid login
          * @throws IOException if unable to handle the invalid login
          */
         private void handleInvalidLogin(ServletRequest request, ServletResponse response) throws ServletException, IOException {
                 request.setAttribute("invalidAuth", Boolean.TRUE);
                 request.getRequestDispatcher(loginPath).forward(request, response);
         }
 
     @Override
         public void destroy() {
             loginPath = null;
     }
 }

1		/*
2		* Copyright 2005-2008 The Kuali Foundation
3		*
4		*
5		* Licensed under the Educational Community License, Version 2.0 (the "License");
6		* you may not use this file except in compliance with the License.
7		* You may obtain a copy of the License at
8		*
9		* http://www.opensource.org/licenses/ecl2.php
10		*
11		* Unless required by applicable law or agreed to in writing, software
12		* distributed under the License is distributed on an "AS IS" BASIS,
13		* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14		* See the License for the specific language governing permissions and
15		* limitations under the License.
16		*/
17		package org.kuali.rice.kew.web;
18
19		import java.io.IOException;
20
21		import javax.servlet.Filter;
22		import javax.servlet.FilterChain;
23		import javax.servlet.FilterConfig;
24		import javax.servlet.ServletException;
25		import javax.servlet.ServletRequest;
26		import javax.servlet.ServletResponse;
27		import javax.servlet.http.HttpServletRequest;
28		import javax.servlet.http.HttpServletRequestWrapper;
29		import javax.servlet.http.HttpServletResponse;
30
31		import org.kuali.rice.kim.bo.entity.KimPrincipal;
32		import org.kuali.rice.kim.service.IdentityManagementService;
33		import org.kuali.rice.kim.service.KIMServiceLocator;
34		import org.kuali.rice.kns.UserSession;
35		import org.kuali.rice.kns.util.WebUtils;
36
37		/**
38		* A login filter which forwards to a login page that allows for the desired
39		* authentication ID to be entered without the need for a password.
40		*
41		* @author Kuali Rice Team (rice.collab@kuali.org)
42		*/
43	0	public class DummyLoginFilter implements Filter {
44		private String loginPath;
45	0	private boolean showPassword = false;
46		@Override
47		public void init(FilterConfig config) throws ServletException {
48	0	loginPath = config.getInitParameter("loginPath");
49	0	showPassword = Boolean.valueOf(config.getInitParameter("showPassword")).booleanValue();
50	0	if (loginPath == null) {
51	0	loginPath = "/WEB-INF/jsp/dummy_login.jsp";
52		}
53	0	}
54
55		@Override
56		public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
57	0	this.doFilter((HttpServletRequest) request, (HttpServletResponse) response, chain);
58	0	}
59
60		private void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException {
61	0	final UserSession session = WebUtils.getUserSessionFromRequest(request);
62
63	0	if (session == null) {
64	0	IdentityManagementService auth = KIMServiceLocator.getIdentityManagementService();
65	0	request.setAttribute("showPasswordField", Boolean.valueOf(showPassword));
66	0	final String user = request.getParameter("__login_user");
67	0	final String password = request.getParameter("__login_pw");
68	0	if (user != null) {
69		// Very simple password checking. Nothing hashed or encrypted. This is strictly for demonstration purposes only.
70	0	final KimPrincipal principal = showPassword ? auth.getPrincipalByPrincipalNameAndPassword(user, password) : auth.getPrincipalByPrincipalName(user);
71	0	if (principal == null) {
72	0	handleInvalidLogin(request, response);
73	0	return;
74		}
75
76		// wrap the request with the remote user
77		// UserLoginFilter and WebAuthenticationService will create the session
78	0	request = new HttpServletRequestWrapper(request) {
79		@Override
80		public String getRemoteUser() {
81	0	return user;
82		}
83		};
84
85	0	} else {
86		// no session has been established and this is not a login form submission, so forward to login page
87	0	request.getRequestDispatcher(loginPath).forward(request, response);
88	0	return;
89		}
90		}
91	0	chain.doFilter(request, response);
92	0	}
93
94		/**
95		* Handles and invalid login attempt.
96		*
97		* @param request the incoming request
98		* @param response the outgoing response
99		* @throws ServletException if unable to handle the invalid login
100		* @throws IOException if unable to handle the invalid login
101		*/
102		private void handleInvalidLogin(ServletRequest request, ServletResponse response) throws ServletException, IOException {
103	0	request.setAttribute("invalidAuth", Boolean.TRUE);
104	0	request.getRequestDispatcher(loginPath).forward(request, response);
105	0	}
106
107		@Override
108		public void destroy() {
109	0	loginPath = null;
110	0	}
111		}