/**
* The contents of this file are subject to the license and copyright
* detailed in the LICENSE and NOTICE files at the root of the source
* tree and available online at
*
* http://www.dspace.org/license/
*/
package org.dspace.app.webui.servlet;
import java.io.IOException;
import java.security.cert.X509Certificate;
import java.sql.SQLException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.log4j.Logger;
import org.dspace.app.webui.util.Authenticate;
import org.dspace.app.webui.util.JSPManager;
import org.dspace.app.webui.util.UIUtil;
import org.dspace.authorize.AuthorizeException;
import org.dspace.core.Context;
import org.dspace.core.LogManager;
import org.dspace.eperson.EPerson;
/**
* X509 certificate authentication servlet. This is an
* access point for interactive certificate auth that will
* not be implicit (i.e. not immediately performed
* because the resource is being accessed via HTTP
*
* @author Robert Tansley
* @author Mark Diggory
* @version $Revision$
*/
public class X509CertificateServlet extends DSpaceServlet
{
/** serialization id */
private static final long serialVersionUID = -3571151231655696793L;
/** log4j logger */
private static Logger log = Logger.getLogger(X509CertificateServlet.class);
protected void doDSGet(Context context, HttpServletRequest request,
HttpServletResponse response) throws ServletException, IOException,
SQLException, AuthorizeException
{
// Obtain the certificate from the request, if any
X509Certificate[] certs = (X509Certificate[]) request
.getAttribute("javax.servlet.request.X509Certificate");
if ((certs == null) || (certs.length == 0))
{
log.info(LogManager.getHeader(context, "failed_login",
"type=x509certificate"));
JSPManager.showJSP(request, response, "/login/no-valid-cert.jsp");
}
else
{
Context ctx = UIUtil.obtainContext(request);
EPerson eperson = ctx.getCurrentUser();
// Do we have an active e-person now?
if ((eperson != null) && eperson.canLogIn())
{
// Everything OK - they should have already been logged in.
// resume previous request
Authenticate.resumeInterruptedRequest(request, response);
return;
}
// If we get to here, no valid cert
log.info(LogManager.getHeader(context, "failed_login",
"type=x509certificate"));
JSPManager.showJSP(request, response, "/login/no-valid-cert.jsp");
}
}
}