Context Navigation

source: fedd/abac-src/ttg/demo/src/SessionServlet.java @ bd3e314

axis_examplecompt_changesinfo-opsversion-1.30version-2.00version-3.01version-3.02

Last change on this file since bd3e314 was 8780cbec, checked in by Jay Jacobs <Jay.Jacobs@…>, 15 years ago
ABAC sources from Cobham
Property mode set to `100644`
File size: 5.4 KB

Rev	Line
[8780cbec]	1	import com.nailabs.abac.process.*;
	2	import com.nailabs.abac.trust.*;
	3	import com.nailabs.abac.test.*;
	4	import edu.stanford.peer.rbtm.credential.*;
	5	import java.io.*;
	6	import java.util.*;
	7	import java.rmi.*;
	8	import javax.servlet.*;
	9	import javax.servlet.http.*;
	10
	11
	12	public class SessionServlet extends HttpServlet {
	13	/** the key name for looking up the entity id of a session */
	14	static final String KEY = "EntityID";
	15	/** the hash code for the RTML Entity's signature */
	16	static final String HASH = "HashID";
	17	/** default action */
	18	String action = null;
	19	/**
	20	* sets up a new session and invalidates the old session if it exists
	21	* @param request the incoming HTTP request
	22	* @param id the new entity id for the new session ot be created
	23	*/
	24	public void setSessionId(HttpServletRequest request,String id,String hash)
	25	{
	26	HttpSession session = request.getSession(true);
	27
	28	// end current session and create a new one
	29	if(!session.isNew()) {
	30	try {
	31	session.invalidate();
	32	session = request.getSession(true);
	33	}
	34	catch(Exception ex) {
	35	ex.printStackTrace();
	36	}
	37	}
	38	session.setAttribute(KEY, id);
	39	session.setAttribute(HASH, hash);
	40	}
	41
	42	/** public accessor method for the entity id of the current http session */
	43	public String getSessionId(HttpServletRequest request) {
	44	HttpSession session = request.getSession(false);
	45
	46	if(session == null) {
	47	return null;
	48	}
	49	return (String)session.getAttribute(KEY);
	50	}
	51
	52	public String getSessionIdHash(HttpServletRequest request) {
	53	HttpSession session = request.getSession(false);
	54
	55	if(session == null) {
	56	return null;
	57	}
	58	return (String)session.getAttribute(HASH);
	59	}
	60
	61	protected void printStatus(PrintWriter out, String uid, String action) {
	62	out.println("<html><head><title>ABAC Status</title></head>");
	63	out.println("<body>");
	64	out.println(" <center>");
	65	out.println("<h1>User Authentication</h1>");
	66	out.print(" <p>You are currently logged in as: ");
	67	out.print(uid);
	68	out.println("</p>\n");
	69	out.println(" <form action=\"" + action + "\" method=\"post\">");
	70	out.println(" <input type=\"submit\" value=\"Logout\">");
	71	out.println(" <input type=\"hidden\" name=\"end\" value=\"end\">");
	72	out.println(" </form>");
	73	out.println(" </center>");
	74	out.println("<body>");
	75	out.println("</html>");
	76	}
	77
	78	protected void printLogin(PrintWriter out, String action)
	79	{
	80	final String TR = "<tr>", END_TR = "</tr>";
	81	final String TD = "<td>", END_TD = "</td>";
	82	final String TH = "<th>", END_TH = "</th>";
	83
	84	out.println("<html><head><title>ABAC Login</title></head>");
	85	out.println("<body>");
	86	out.println(" <center>");
	87	out.println("<h1>User Authentication</h1>");
	88	out.println("</p>\n");
	89	out.println("\t<form action=\"" + action +"\" method=\"post\">");
	90	out.println("\t<table>");
	91	out.println(TR + TH);
	92	out.println("User Name:" + END_TH + TD);
	93	out.println("\t\t<input type=\"text\" name =\"username\" />");
	94	out.println(END_TD + END_TR);
	95	out.println(TR + TH);
	96	out.println("Password:" + END_TH + TD);
	97	out.println("\t\t<input type=\"password\" name=\"password\" />");
	98	out.println(END_TD + END_TR);
	99	out.println("\t</table>");
	100	out.println("<p> <INPUT type=\"submit\" value=\"Send\">");
	101	out.println("<INPUT type=\"reset\"> </p>");
	102	out.println("\t</form>");
	103	out.println(" </center>");
	104	out.println("<body>");
	105	out.println("</html>");
	106	}
	107
	108	public void init(ServletConfig config) throws ServletException {
	109	config.getServletContext().log("Loading authentication servlet.");
	110	}
	111
	112
	113	protected void doGet(HttpServletRequest req, HttpServletResponse resp)
	114	throws ServletException, java.io.IOException {
	115	PrintWriter out = resp.getWriter();
	116	String uid = getSessionId(req);
	117	String action = req.getRequestURI().toString();
	118
	119	if(uid == null) {
	120	printLogin(out, action);
	121	} else {
	122	printStatus(out, uid, action);
	123	}
	124	out.close();
	125	}
	126
	127
	128	protected void doPost(HttpServletRequest req, HttpServletResponse resp)
	129	throws ServletException, java.io.IOException {
	130	PrintWriter out = resp.getWriter();
	131	String uid = req.getParameter("username");
	132	String pass = req.getParameter("password");
	133	String action = req.getRequestURI().toString();
	134
	135	System.out.println("Authenticating for user " + uid);
	136
	137	System.out.print("Parameters = ");
	138	Enumeration e = req.getParameterNames();
	139	while(e.hasMoreElements()) {
	140	System.out.print(e.nextElement());
	141	System.out.print(", ");
	142	}
	143	System.out.println("");
	144
	145	if(req.getParameter("end") != null) {
	146	try {
	147	req.getSession().invalidate();
	148	}
	149	catch(Exception ex) {
	150	ex.printStackTrace();
	151	}
	152	printLogin(out, action);
	153	} else {
	154	setSessionId(req, uid, "FakeHashKey" + uid);
	155	printStatus(out, getSessionId(req), action);
	156	}
	157	out.close();
	158	}
	159	}
	160
	161

Note: See TracBrowser for help on using the repository browser.

Download in other formats: