Coverage Report

Coverage Report - org.kuali.rice.kew.web.DummyLoginFilter

Classes in this File

Line Coverage

Branch Coverage

Complexity

DummyLoginFilter

0/33

0/10

0/2

0/2

 /**
  * Copyright 2005-2011 The Kuali Foundation
  *
  * Licensed under the Educational Community License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  * http://www.opensource.org/licenses/ecl2.php
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 package org.kuali.rice.kew.web;
 
 import org.kuali.rice.kim.api.identity.IdentityService;
 import org.kuali.rice.kim.api.identity.principal.Principal;
 import org.kuali.rice.kim.api.services.KimApiServiceLocator;
 import org.kuali.rice.krad.UserSession;
 import org.kuali.rice.krad.util.KRADUtils;
 
 import javax.servlet.Filter;
 import javax.servlet.FilterChain;
 import javax.servlet.FilterConfig;
 import javax.servlet.ServletException;
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletRequestWrapper;
 import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
 
 /**
  * A login filter which forwards to a login page that allows for the desired
  * authentication ID to be entered without the need for a password.
  *
  * @author Kuali Rice Team (rice.collab@kuali.org)
  */
 public class DummyLoginFilter implements Filter {
     private String loginPath;
     private boolean showPassword = false;
     @Override
         public void init(FilterConfig config) throws ServletException {
         loginPath = config.getInitParameter("loginPath");
         showPassword = Boolean.valueOf(config.getInitParameter("showPassword")).booleanValue();
         if (loginPath == null) {
             loginPath = "/WEB-INF/jsp/dummy_login.jsp";
         }
     }
 
         @Override
         public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
                 this.doFilter((HttpServletRequest) request, (HttpServletResponse) response, chain);
         }
     
         private void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException {
         final UserSession session = KRADUtils.getUserSessionFromRequest(request);
         
         if (session == null) {
                 IdentityService auth = KimApiServiceLocator.getIdentityService();
                        request.setAttribute("showPasswordField", Boolean.valueOf(showPassword));
             final String user = request.getParameter("__login_user");
             final String password = request.getParameter("__login_pw");
             if (user != null) {
                     // Very simple password checking. Nothing hashed or encrypted. This is strictly for demonstration purposes only.
                     final Principal principal = showPassword ? auth.getPrincipalByPrincipalNameAndPassword(user, password) : auth.getPrincipalByPrincipalName(user);
                     if (principal == null) {
                             handleInvalidLogin(request, response);        
                             return;
                     }
                     
                 // wrap the request with the remote user
                 // UserLoginFilter and WebAuthenticationService will create the session
                 request = new HttpServletRequestWrapper(request) {
                     @Override
                                         public String getRemoteUser() {
                         return user;
                     }
                 };        
                     
             } else {
                 // no session has been established and this is not a login form submission, so forward to login page
                 request.getRequestDispatcher(loginPath).forward(request, response);
                 return;
             }
         } else {
             request = new HttpServletRequestWrapper(request) {
                     @Override
                                         public String getRemoteUser() {
                         return session.getPrincipalName();
                     }
                 };
         }
         chain.doFilter(request, response);
     }
         
         /**
          * Handles and invalid login attempt.
          *  
          * @param request the incoming request
          * @param response the outgoing response
          * @throws ServletException if unable to handle the invalid login
          * @throws IOException if unable to handle the invalid login
          */
         private void handleInvalidLogin(ServletRequest request, ServletResponse response) throws ServletException, IOException {
                 request.setAttribute("invalidAuth", Boolean.TRUE);
                 request.getRequestDispatcher(loginPath).forward(request, response);
         }
 
     @Override
         public void destroy() {
             loginPath = null;
     }
 }

1		/**
2		* Copyright 2005-2011 The Kuali Foundation
3		*
4		* Licensed under the Educational Community License, Version 2.0 (the "License");
5		* you may not use this file except in compliance with the License.
6		* You may obtain a copy of the License at
7		*
8		* http://www.opensource.org/licenses/ecl2.php
9		*
10		* Unless required by applicable law or agreed to in writing, software
11		* distributed under the License is distributed on an "AS IS" BASIS,
12		* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13		* See the License for the specific language governing permissions and
14		* limitations under the License.
15		*/
16		package org.kuali.rice.kew.web;
17
18		import org.kuali.rice.kim.api.identity.IdentityService;
19		import org.kuali.rice.kim.api.identity.principal.Principal;
20		import org.kuali.rice.kim.api.services.KimApiServiceLocator;
21		import org.kuali.rice.krad.UserSession;
22		import org.kuali.rice.krad.util.KRADUtils;
23
24		import javax.servlet.Filter;
25		import javax.servlet.FilterChain;
26		import javax.servlet.FilterConfig;
27		import javax.servlet.ServletException;
28		import javax.servlet.ServletRequest;
29		import javax.servlet.ServletResponse;
30		import javax.servlet.http.HttpServletRequest;
31		import javax.servlet.http.HttpServletRequestWrapper;
32		import javax.servlet.http.HttpServletResponse;
33		import java.io.IOException;
34
35		/**
36		* A login filter which forwards to a login page that allows for the desired
37		* authentication ID to be entered without the need for a password.
38		*
39		* @author Kuali Rice Team (rice.collab@kuali.org)
40		*/
41	0	public class DummyLoginFilter implements Filter {
42		private String loginPath;
43	0	private boolean showPassword = false;
44		@Override
45		public void init(FilterConfig config) throws ServletException {
46	0	loginPath = config.getInitParameter("loginPath");
47	0	showPassword = Boolean.valueOf(config.getInitParameter("showPassword")).booleanValue();
48	0	if (loginPath == null) {
49	0	loginPath = "/WEB-INF/jsp/dummy_login.jsp";
50		}
51	0	}
52
53		@Override
54		public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
55	0	this.doFilter((HttpServletRequest) request, (HttpServletResponse) response, chain);
56	0	}
57
58		private void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException {
59	0	final UserSession session = KRADUtils.getUserSessionFromRequest(request);
60
61	0	if (session == null) {
62	0	IdentityService auth = KimApiServiceLocator.getIdentityService();
63	0	request.setAttribute("showPasswordField", Boolean.valueOf(showPassword));
64	0	final String user = request.getParameter("__login_user");
65	0	final String password = request.getParameter("__login_pw");
66	0	if (user != null) {
67		// Very simple password checking. Nothing hashed or encrypted. This is strictly for demonstration purposes only.
68	0	final Principal principal = showPassword ? auth.getPrincipalByPrincipalNameAndPassword(user, password) : auth.getPrincipalByPrincipalName(user);
69	0	if (principal == null) {
70	0	handleInvalidLogin(request, response);
71	0	return;
72		}
73
74		// wrap the request with the remote user
75		// UserLoginFilter and WebAuthenticationService will create the session
76	0	request = new HttpServletRequestWrapper(request) {
77		@Override
78		public String getRemoteUser() {
79	0	return user;
80		}
81		};
82
83	0	} else {
84		// no session has been established and this is not a login form submission, so forward to login page
85	0	request.getRequestDispatcher(loginPath).forward(request, response);
86	0	return;
87		}
88	0	} else {
89	0	request = new HttpServletRequestWrapper(request) {
90		@Override
91		public String getRemoteUser() {
92	0	return session.getPrincipalName();
93		}
94		};
95		}
96	0	chain.doFilter(request, response);
97	0	}
98
99		/**
100		* Handles and invalid login attempt.
101		*
102		* @param request the incoming request
103		* @param response the outgoing response
104		* @throws ServletException if unable to handle the invalid login
105		* @throws IOException if unable to handle the invalid login
106		*/
107		private void handleInvalidLogin(ServletRequest request, ServletResponse response) throws ServletException, IOException {
108	0	request.setAttribute("invalidAuth", Boolean.TRUE);
109	0	request.getRequestDispatcher(loginPath).forward(request, response);
110	0	}
111
112		@Override
113		public void destroy() {
114	0	loginPath = null;
115	0	}
116		}