tag:blogger.com,1999:blog-29152436220340681192011-04-21T15:31:54.280-05:00Ivan Latyshhttp://www.blogger.com/profile/02743017339299369364noreply@blogger.comBlogger31100tag:blogger.com,1999:blog-2915243622034068119.post-86412796416913610112007-10-11T21:50:00.000-05:002007-10-11T21:53:39.686-05:00I recently launched an OpenSource project TimeTicker.<br />Check it out <a href="http://code.google.com/p/time-ticker/">http://code.google.com/p/time-ticker/</a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2915243622034068119-8641279641691361011?l=loud-thoughts.blogspot.com' alt='' /></div>Ivan Latyshhttp://www.blogger.com/profile/02743017339299369364noreply@blogger.com0tag:blogger.com,1999:blog-2915243622034068119.post-22533929217868791912006-11-15T10:59:00.000-05:002006-11-15T18:57:42.848-05:00<div style="text-align: justify;">I believe that many of us came across the situation when system need to authorize a user based on some custom criteria.<br />One of use cases is when user has been referred from one portal to another and suddenly you need to allow such user access to certain parts of you system.<br />So I been exploring possibilities in search of a simple solution.<br />Requirements are simple - user has been referred to our system from another portal and need to gain access to the certain area.<br />First what came to my mind is a sort of a gateway that will check referrer and passed parameters and make a decision if this request indeed valid and user can be granted certain privileges or not. This gateway can use passed or preset credentials and authorize user within JOSSO.<br />A simple Filter can do this job for us quite well.<br /></div><br /><div style="overflow: scroll; background-color: silver; height: 600px; color: black;"><pre><br />import javax.servlet.*;<br />import javax.servlet.http.HttpServletRequest;<br />import javax.servlet.http.HttpServletRequestWrapper;<br />import java.io.IOException;<br />import java.util.*;<br /><br />/**<br />* Simple filter that allow to examine incoming request and authorize user with JOSSO<br />* based on analisys.<br /><br />* It is useful for the situation when you need to authorize a user that is came from<br />* some legacy application or from another webapp or portal.<br /><br />*<br />* @author Ivan<br />* @version 0.1<br />*/<br />public class AutoLoginFilter implements Filter {<br /><br />/** Referer URL */<br />protected String referer_url;<br />/** user name */<br />protected String josso_username;<br />/** password */<br />protected String josso_password;<br />/** backto URL */<br />protected String josso_back_to;<br /><br />public void destroy() {<br />}<br /><br />public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws ServletException, IOException {<br />ServletRequest myreq = req;<br />if (req instanceof HttpServletRequest) {<br />HttpServletRequest httpServletRequest = (HttpServletRequest) req;<br />if (null==httpServletRequest.getUserPrincipal()<br />&&amp; httpServletRequest.getRequestURL().toString().matches(".+usernamePasswordLogin.do")<br />&&amp; null!=httpServletRequest.getHeader("referer")<br />&&amp; httpServletRequest.getHeader("referer").equalsIgnoreCase(referer_url)<br />&&amp; httpServletRequest.getMethod().equalsIgnoreCase("GET")) {<br />if (isValid(httpServletRequest)) {<br /> // create new request wrapper<br /> GuestLoginServletRequestWrapper wrapper = new GuestLoginServletRequestWrapper(httpServletRequest);<br /> // add additional parameters<br /> wrapper.parametersMap.put("josso_cmd", "login");<br /> wrapper.parametersMap.put("josso_username", josso_username);<br /> wrapper.parametersMap.put("josso_password", josso_password);<br /> wrapper.parametersMap.put("josso_back_to", josso_back_to);<br /> // switch request to the wrapper<br /> myreq = wrapper;<br />}<br />}<br />}<br />chain.doFilter(myreq, resp);<br />}<br /><br />public void init(FilterConfig config) throws ServletException {<br />referer_url = config.getInitParameter("referer_url");<br />if (null== referer_url || referer_url.trim().length()==0) config.getServletContext().log("ERROR: Initial parameter {referer_url} is not defined !");<br />josso_username = config.getInitParameter("josso_username");<br />if (null== josso_username || josso_username.trim().length()==0) config.getServletContext().log("ERROR: Initial parameter {josso_username) is not defined !");<br />josso_password = config.getInitParameter("josso_password");<br />if (null== josso_password || josso_password.trim().length()==0) config.getServletContext().log("ERROR: Initial parameter {josso_password) is not defined !");<br />josso_back_to = config.getInitParameter("josso_back_to");<br />if (null== josso_back_to || josso_back_to.trim().length()==0) config.getServletContext().log("ERROR: Initial parameter {josso_back_to) is not defined !");<br />}<br /><br />/**<br />* Does actual request validation.<br />* Here we will perform more rigorous testing.<br />*<br />* @param request request<br />* @return <tt>true</tt> if request is valid and user can be logged in, <tt>false</tt> otherwise.<br />*/<br />private boolean isValid(HttpServletRequest request) {<br />return true;<br />}<br /><br />/**<br />* Simple request wrapper.<br />* Allow to add josso parameters to the request<br />*/<br />class GuestLoginServletRequestWrapper extends HttpServletRequestWrapper {<br />protected Map<string,object> parametersMap;<br /><br />public GuestLoginServletRequestWrapper(HttpServletRequest httpServletRequest) {<br />super(httpServletRequest);<br />// create custom parameter map<br />parametersMap = new HashMap<string, object="">(httpServletRequest.getParameterMap());<br />}<br /><br />public String getParameter(String s) {<br />Object value = parametersMap.get(s);<br />if (value instanceof String[]) {<br />return ((String[]) value)[0];<br />}<br />return (String) value;<br />}<br /><br />public Enumeration getParameterNames() {<br />return new Hashtable<string, object="">(parametersMap).keys();<br />}<br /><br />public String[] getParameterValues(String s) {<br />Object value = parametersMap.get(s);<br />if (value instanceof String) {<br />return new String[]{(String)value};<br />}<br />return (String[])value;<br />}<br /><br />public Map getParameterMap() {<br />return parametersMap;<br />}<br /><br />}<br /><br />}<br /></pre></div><br />Now we should configure this filter:<br /><div style="overflow: scroll; background-color: silver; color: black;"><pre>&lt;filter&gt;<br />&lt;filter-name&gt;AutoLoginFilter&lt;/filter-name&gt;<br />&lt;filter-class&gt;AutoLoginFilter&lt;/filter-class&gt;<br />&lt;init-param&gt;<br />&lt;param-name&gt;referer_url&lt;/param-name&gt;<br />&lt;param-value&gt;http://myserver.com/referer.html&lt;/param-value&gt;<br />&lt;/init-param&gt;<br />&lt;init-param&gt;<br />&lt;param-name&gt;josso_username&lt;/param-name&gt;<br />&lt;param-value&gt;guest&lt;/param-value&gt;<br />&lt;/init-param&gt;<br />&lt;init-param&gt;<br />&lt;param-name&gt;josso_password&lt;/param-name&gt;<br />&lt;param-value&gt;guest&lt;/param-value&gt;<br />&lt;/init-param&gt;<br />&lt;init-param&gt;<br />&lt;param-name&gt;josso_back_to&lt;/param-name&gt;<br />&lt;param-value&gt;/guest&lt;/param-value&gt;<br />&lt;/init-param&gt;<br />&lt;/filter&gt;</pre></div><br /><br />And map it:<br /><div style="overflow: scroll; background-color: silver; color: black;"><pre>&lt;filter-mapping&gt;<br />&lt;filter-name&gt;AutoLoginFilter&lt;/filter-name&gt;<br />&lt;url-pattern&gt;*.do&lt;/url-pattern&gt;<br />&lt;/filter-mapping&gt;</pre></div><br />Here you should be careful, this filter should be configured in JOSSO web application and should be mapped to login.do action.<br />Please use extreme caution with this approach, since referrer url is very easy to fake. You should not rely only on referrer url, use some other meaningful verification algorithm. For instance you can pass encrypted user information with expiration time, etc.<br /><br />Now you can customize implementation with your own isValid() method.<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2915243622034068119-2253392921786879191?l=loud-thoughts.blogspot.com' alt='' /></div>Ivan Latyshhttp://www.blogger.com/profile/02743017339299369364noreply@blogger.com0tag:blogger.com,1999:blog-2915243622034068119.post-3302969543910420792006-09-28T13:35:00.000-05:002006-11-15T10:59:26.363-05:00Anything what we do has the beginning and has the end.<br />And any choice that we make along this journey bring us one step closer to the end.<br />So let's do this step and mark the beginning of this blog with a hope that the end is still far away.<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2915243622034068119-330296954391042079?l=loud-thoughts.blogspot.com' alt='' /></div>Ivan Latyshhttp://www.blogger.com/profile/02743017339299369364noreply@blogger.com0