Coverage Report

Coverage Report - org.kuali.rice.kew.web.DummyLoginFilter

Classes in this File

Line Coverage

Branch Coverage

Complexity

DummyLoginFilter

0/31

0/10

2.167

DummyLoginFilter$1

0/2

N/A

2.167

 /*
  * Copyright 2005-2008 The Kuali Foundation
  * 
  * 
  * Licensed under the Educational Community License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  * 
  * http://www.opensource.org/licenses/ecl2.php
  * 
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 package org.kuali.rice.kew.web;
 
 import org.kuali.rice.kim.api.identity.IdentityService;
 import org.kuali.rice.kim.api.identity.principal.Principal;
 import org.kuali.rice.kim.api.services.KimApiServiceLocator;
 import org.kuali.rice.krad.UserSession;
 import org.kuali.rice.krad.util.KRADUtils;
 
 import javax.servlet.Filter;
 import javax.servlet.FilterChain;
 import javax.servlet.FilterConfig;
 import javax.servlet.ServletException;
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletRequestWrapper;
 import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
 
 /**
  * A login filter which forwards to a login page that allows for the desired
  * authentication ID to be entered without the need for a password.
  *
  * @author Kuali Rice Team (rice.collab@kuali.org)
  */
 public class DummyLoginFilter implements Filter {
     private String loginPath;
     private boolean showPassword = false;
     @Override
         public void init(FilterConfig config) throws ServletException {
         loginPath = config.getInitParameter("loginPath");
         showPassword = Boolean.valueOf(config.getInitParameter("showPassword")).booleanValue();
         if (loginPath == null) {
             loginPath = "/WEB-INF/jsp/dummy_login.jsp";
         }
     }
 
         @Override
         public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
                 this.doFilter((HttpServletRequest) request, (HttpServletResponse) response, chain);
         }
     
         private void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException {
         final UserSession session = KRADUtils.getUserSessionFromRequest(request);
         
         if (session == null) {
                 IdentityService auth = KimApiServiceLocator.getIdentityService();
                        request.setAttribute("showPasswordField", Boolean.valueOf(showPassword));
             final String user = request.getParameter("__login_user");
             final String password = request.getParameter("__login_pw");
             if (user != null) {
                     // Very simple password checking. Nothing hashed or encrypted. This is strictly for demonstration purposes only.
                     final Principal principal = showPassword ? auth.getPrincipalByPrincipalNameAndPassword(user, password) : auth.getPrincipalByPrincipalName(user);
                     if (principal == null) {
                             handleInvalidLogin(request, response);        
                             return;
                     }
                     
                 // wrap the request with the remote user
                 // UserLoginFilter and WebAuthenticationService will create the session
                 request = new HttpServletRequestWrapper(request) {
                     @Override
                                         public String getRemoteUser() {
                         return user;
                     }
                 };        
                     
             } else {
                 // no session has been established and this is not a login form submission, so forward to login page
                 request.getRequestDispatcher(loginPath).forward(request, response);
                 return;
             }
         }
         chain.doFilter(request, response);
     }
         
         /**
          * Handles and invalid login attempt.
          *  
          * @param request the incoming request
          * @param response the outgoing response
          * @throws ServletException if unable to handle the invalid login
          * @throws IOException if unable to handle the invalid login
          */
         private void handleInvalidLogin(ServletRequest request, ServletResponse response) throws ServletException, IOException {
                 request.setAttribute("invalidAuth", Boolean.TRUE);
                 request.getRequestDispatcher(loginPath).forward(request, response);
         }
 
     @Override
         public void destroy() {
             loginPath = null;
     }
 }

1		/*
2		* Copyright 2005-2008 The Kuali Foundation
3		*
4		*
5		* Licensed under the Educational Community License, Version 2.0 (the "License");
6		* you may not use this file except in compliance with the License.
7		* You may obtain a copy of the License at
8		*
9		* http://www.opensource.org/licenses/ecl2.php
10		*
11		* Unless required by applicable law or agreed to in writing, software
12		* distributed under the License is distributed on an "AS IS" BASIS,
13		* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14		* See the License for the specific language governing permissions and
15		* limitations under the License.
16		*/
17		package org.kuali.rice.kew.web;
18
19		import org.kuali.rice.kim.api.identity.IdentityService;
20		import org.kuali.rice.kim.api.identity.principal.Principal;
21		import org.kuali.rice.kim.api.services.KimApiServiceLocator;
22		import org.kuali.rice.krad.UserSession;
23		import org.kuali.rice.krad.util.KRADUtils;
24
25		import javax.servlet.Filter;
26		import javax.servlet.FilterChain;
27		import javax.servlet.FilterConfig;
28		import javax.servlet.ServletException;
29		import javax.servlet.ServletRequest;
30		import javax.servlet.ServletResponse;
31		import javax.servlet.http.HttpServletRequest;
32		import javax.servlet.http.HttpServletRequestWrapper;
33		import javax.servlet.http.HttpServletResponse;
34		import java.io.IOException;
35
36		/**
37		* A login filter which forwards to a login page that allows for the desired
38		* authentication ID to be entered without the need for a password.
39		*
40		* @author Kuali Rice Team (rice.collab@kuali.org)
41		*/
42	0	public class DummyLoginFilter implements Filter {
43		private String loginPath;
44	0	private boolean showPassword = false;
45		@Override
46		public void init(FilterConfig config) throws ServletException {
47	0	loginPath = config.getInitParameter("loginPath");
48	0	showPassword = Boolean.valueOf(config.getInitParameter("showPassword")).booleanValue();
49	0	if (loginPath == null) {
50	0	loginPath = "/WEB-INF/jsp/dummy_login.jsp";
51		}
52	0	}
53
54		@Override
55		public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
56	0	this.doFilter((HttpServletRequest) request, (HttpServletResponse) response, chain);
57	0	}
58
59		private void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException {
60	0	final UserSession session = KRADUtils.getUserSessionFromRequest(request);
61
62	0	if (session == null) {
63	0	IdentityService auth = KimApiServiceLocator.getIdentityService();
64	0	request.setAttribute("showPasswordField", Boolean.valueOf(showPassword));
65	0	final String user = request.getParameter("__login_user");
66	0	final String password = request.getParameter("__login_pw");
67	0	if (user != null) {
68		// Very simple password checking. Nothing hashed or encrypted. This is strictly for demonstration purposes only.
69	0	final Principal principal = showPassword ? auth.getPrincipalByPrincipalNameAndPassword(user, password) : auth.getPrincipalByPrincipalName(user);
70	0	if (principal == null) {
71	0	handleInvalidLogin(request, response);
72	0	return;
73		}
74
75		// wrap the request with the remote user
76		// UserLoginFilter and WebAuthenticationService will create the session
77	0	request = new HttpServletRequestWrapper(request) {
78		@Override
79		public String getRemoteUser() {
80	0	return user;
81		}
82		};
83
84	0	} else {
85		// no session has been established and this is not a login form submission, so forward to login page
86	0	request.getRequestDispatcher(loginPath).forward(request, response);
87	0	return;
88		}
89		}
90	0	chain.doFilter(request, response);
91	0	}
92
93		/**
94		* Handles and invalid login attempt.
95		*
96		* @param request the incoming request
97		* @param response the outgoing response
98		* @throws ServletException if unable to handle the invalid login
99		* @throws IOException if unable to handle the invalid login
100		*/
101		private void handleInvalidLogin(ServletRequest request, ServletResponse response) throws ServletException, IOException {
102	0	request.setAttribute("invalidAuth", Boolean.TRUE);
103	0	request.getRequestDispatcher(loginPath).forward(request, response);
104	0	}
105
106		@Override
107		public void destroy() {
108	0	loginPath = null;
109	0	}
110		}