AuthenticationServlet.java example

Explorer
jsfs-master
/* USE THIS FILE ACCORDING TO THE COPYRIGHT RULES IN LICENSE.TXT WHICH IS PART OF THE SOURCE CODE PACKAGE */ 
package your.app;

import java.io.IOException;
import java.math.BigInteger;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;


/**
 * This servlet generates the tokens used to connect the browser with JSFS Agent.
 * The web.xml constrains access to the servlet by an authentication mechanism.
 */
public class AuthenticationServlet extends HttpServlet {
  
  private static final long serialVersionUID = -3891364599072873699L;
  
  private static Log log = LogFactory.getLog(AuthenticationServlet.class);
  
  /**
   * A secret value used to compute the token.
   */
  private long secret = new SecureRandom().nextLong();

  /**
   * @see HttpServlet#HttpServlet()
   */
  public AuthenticationServlet() {
    super();
  }
  
  @Override
  public void destroy() {
    super.destroy();
  }
  
  /**
   * Create JSFS token.
   * @param userName User name
   * @param remoteAddr Remote address
   * @return MD5 hash of user + address + secret
   */
  private String createToken(String userName, String remoteAddr) {
    if (log.isDebugEnabled()) log.debug("createToken(userName=" + userName + ", remoteAddr=" + remoteAddr);
    String token = null;
    if (userName != null && userName.length() != 0) {
      String plaintext = userName + "*" + remoteAddr + "*" + secret;
            
      try {
        MessageDigest m = MessageDigest.getInstance("MD5");
        m.reset();
        m.update(plaintext.getBytes());
        byte[] digest = m.digest();
        BigInteger bigInt = new BigInteger(1,digest);
        token = bigInt.toString(16);
      }
      catch (NoSuchAlgorithmException e) {
        log.error("Create token failed", e);
      }
    }
    if (log.isDebugEnabled()) log.debug(")createToken=" + token);
    return token;
  }

  /**
   * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse
   *      response)
   */
  protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    if (log.isDebugEnabled()) log.debug("doGet(");
    
    // Create a JSFS Token? 
    if (request.getParameter("jsfstoken") != null) {
      
      String token = createToken(request.getRemoteUser(), ""); // should use request.getRemoteAddr(), "" makes testing easier
      if (token != null) {
        
        // JSFS does not require a HttpSession.
        
        // If a session is created here, the browser and JSFS agent will 
        // receive different sessions, unless you use your own session manager.
        // http://tomcat.apache.org/tomcat-7.0-doc/config/manager.html
        
        response.setContentType("text/plain");
        response.getWriter().print(token);
      }
      else {
        response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
      }
      
    }
    else {
      
      // Your servlet implementation.
      // Maybe create a HttpSession...
      super.doGet(request, response);
    }
    
    if (log.isDebugEnabled()) log.debug(")doGet");
  }

}