Coverage Report

Coverage Report - org.kuali.rice.kew.web.DummyLoginFilter

Classes in this File

Line Coverage

Branch Coverage

Complexity

DummyLoginFilter

0/31

0/10

2.167

DummyLoginFilter$1

0/2

N/A

2.167

 /*
  * Copyright 2005-2008 The Kuali Foundation
  * 
  * 
  * Licensed under the Educational Community License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  * 
  * http://www.opensource.org/licenses/ecl2.php
  * 
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 package org.kuali.rice.kew.web;
 
 import java.io.IOException;
 
 import javax.servlet.Filter;
 import javax.servlet.FilterChain;
 import javax.servlet.FilterConfig;
 import javax.servlet.ServletException;
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletRequestWrapper;
 import javax.servlet.http.HttpServletResponse;
 
 import org.kuali.rice.kim.api.entity.principal.Principal;
 import org.kuali.rice.kim.api.services.IdentityManagementService;
 import org.kuali.rice.kim.api.services.KimApiServiceLocator;
 
 import org.kuali.rice.kns.UserSession;
 import org.kuali.rice.kns.util.WebUtils;
 
 /**
  * A login filter which forwards to a login page that allows for the desired
  * authentication ID to be entered without the need for a password.
  *
  * @author Kuali Rice Team (rice.collab@kuali.org)
  */
 public class DummyLoginFilter implements Filter {
     private String loginPath;
     private boolean showPassword = false;
     @Override
         public void init(FilterConfig config) throws ServletException {
         loginPath = config.getInitParameter("loginPath");
         showPassword = Boolean.valueOf(config.getInitParameter("showPassword")).booleanValue();
         if (loginPath == null) {
             loginPath = "/WEB-INF/jsp/dummy_login.jsp";
         }
     }
 
         @Override
         public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
                 this.doFilter((HttpServletRequest) request, (HttpServletResponse) response, chain);
         }
     
         private void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException {
         final UserSession session = WebUtils.getUserSessionFromRequest(request);
         
         if (session == null) {
                 IdentityManagementService auth = KimApiServiceLocator.getIdentityManagementService();
                        request.setAttribute("showPasswordField", Boolean.valueOf(showPassword));
             final String user = request.getParameter("__login_user");
             final String password = request.getParameter("__login_pw");
             if (user != null) {
                     // Very simple password checking. Nothing hashed or encrypted. This is strictly for demonstration purposes only.
                     final Principal principal = showPassword ? auth.getPrincipalByPrincipalNameAndPassword(user, password) : auth.getPrincipalByPrincipalName(user);
                     if (principal == null) {
                             handleInvalidLogin(request, response);        
                             return;
                     }
                     
                 // wrap the request with the remote user
                 // UserLoginFilter and WebAuthenticationService will create the session
                 request = new HttpServletRequestWrapper(request) {
                     @Override
                                         public String getRemoteUser() {
                         return user;
                     }
                 };        
                     
             } else {
                 // no session has been established and this is not a login form submission, so forward to login page
                 request.getRequestDispatcher(loginPath).forward(request, response);
                 return;
             }
         }
         chain.doFilter(request, response);
     }
         
         /**
          * Handles and invalid login attempt.
          *  
          * @param request the incoming request
          * @param response the outgoing response
          * @throws ServletException if unable to handle the invalid login
          * @throws IOException if unable to handle the invalid login
          */
         private void handleInvalidLogin(ServletRequest request, ServletResponse response) throws ServletException, IOException {
                 request.setAttribute("invalidAuth", Boolean.TRUE);
                 request.getRequestDispatcher(loginPath).forward(request, response);
         }
 
     @Override
         public void destroy() {
             loginPath = null;
     }
 }

1		/*
2		* Copyright 2005-2008 The Kuali Foundation
3		*
4		*
5		* Licensed under the Educational Community License, Version 2.0 (the "License");
6		* you may not use this file except in compliance with the License.
7		* You may obtain a copy of the License at
8		*
9		* http://www.opensource.org/licenses/ecl2.php
10		*
11		* Unless required by applicable law or agreed to in writing, software
12		* distributed under the License is distributed on an "AS IS" BASIS,
13		* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14		* See the License for the specific language governing permissions and
15		* limitations under the License.
16		*/
17		package org.kuali.rice.kew.web;
18
19		import java.io.IOException;
20
21		import javax.servlet.Filter;
22		import javax.servlet.FilterChain;
23		import javax.servlet.FilterConfig;
24		import javax.servlet.ServletException;
25		import javax.servlet.ServletRequest;
26		import javax.servlet.ServletResponse;
27		import javax.servlet.http.HttpServletRequest;
28		import javax.servlet.http.HttpServletRequestWrapper;
29		import javax.servlet.http.HttpServletResponse;
30
31		import org.kuali.rice.kim.api.entity.principal.Principal;
32		import org.kuali.rice.kim.api.services.IdentityManagementService;
33		import org.kuali.rice.kim.api.services.KimApiServiceLocator;
34
35		import org.kuali.rice.kns.UserSession;
36		import org.kuali.rice.kns.util.WebUtils;
37
38		/**
39		* A login filter which forwards to a login page that allows for the desired
40		* authentication ID to be entered without the need for a password.
41		*
42		* @author Kuali Rice Team (rice.collab@kuali.org)
43		*/
44	0	public class DummyLoginFilter implements Filter {
45		private String loginPath;
46	0	private boolean showPassword = false;
47		@Override
48		public void init(FilterConfig config) throws ServletException {
49	0	loginPath = config.getInitParameter("loginPath");
50	0	showPassword = Boolean.valueOf(config.getInitParameter("showPassword")).booleanValue();
51	0	if (loginPath == null) {
52	0	loginPath = "/WEB-INF/jsp/dummy_login.jsp";
53		}
54	0	}
55
56		@Override
57		public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
58	0	this.doFilter((HttpServletRequest) request, (HttpServletResponse) response, chain);
59	0	}
60
61		private void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException {
62	0	final UserSession session = WebUtils.getUserSessionFromRequest(request);
63
64	0	if (session == null) {
65	0	IdentityManagementService auth = KimApiServiceLocator.getIdentityManagementService();
66	0	request.setAttribute("showPasswordField", Boolean.valueOf(showPassword));
67	0	final String user = request.getParameter("__login_user");
68	0	final String password = request.getParameter("__login_pw");
69	0	if (user != null) {
70		// Very simple password checking. Nothing hashed or encrypted. This is strictly for demonstration purposes only.
71	0	final Principal principal = showPassword ? auth.getPrincipalByPrincipalNameAndPassword(user, password) : auth.getPrincipalByPrincipalName(user);
72	0	if (principal == null) {
73	0	handleInvalidLogin(request, response);
74	0	return;
75		}
76
77		// wrap the request with the remote user
78		// UserLoginFilter and WebAuthenticationService will create the session
79	0	request = new HttpServletRequestWrapper(request) {
80		@Override
81		public String getRemoteUser() {
82	0	return user;
83		}
84		};
85
86	0	} else {
87		// no session has been established and this is not a login form submission, so forward to login page
88	0	request.getRequestDispatcher(loginPath).forward(request, response);
89	0	return;
90		}
91		}
92	0	chain.doFilter(request, response);
93	0	}
94
95		/**
96		* Handles and invalid login attempt.
97		*
98		* @param request the incoming request
99		* @param response the outgoing response
100		* @throws ServletException if unable to handle the invalid login
101		* @throws IOException if unable to handle the invalid login
102		*/
103		private void handleInvalidLogin(ServletRequest request, ServletResponse response) throws ServletException, IOException {
104	0	request.setAttribute("invalidAuth", Boolean.TRUE);
105	0	request.getRequestDispatcher(loginPath).forward(request, response);
106	0	}
107
108		@Override
109		public void destroy() {
110	0	loginPath = null;
111	0	}
112		}