import com.nailabs.abac.process.*; import com.nailabs.abac.trust.*; import com.nailabs.abac.test.*; import edu.stanford.peer.rbtm.credential.*; import java.io.*; import java.util.*; import java.rmi.*; import javax.servlet.*; import javax.servlet.http.*; public class SessionServlet extends HttpServlet { /** the key name for looking up the entity id of a session */ static final String KEY = "EntityID"; /** the hash code for the RTML Entity's signature */ static final String HASH = "HashID"; /** default action */ String action = null; /** * sets up a new session and invalidates the old session if it exists * @param request the incoming HTTP request * @param id the new entity id for the new session ot be created */ public void setSessionId(HttpServletRequest request,String id,String hash) { HttpSession session = request.getSession(true); // end current session and create a new one if(!session.isNew()) { try { session.invalidate(); session = request.getSession(true); } catch(Exception ex) { ex.printStackTrace(); } } session.setAttribute(KEY, id); session.setAttribute(HASH, hash); } /** public accessor method for the entity id of the current http session */ public String getSessionId(HttpServletRequest request) { HttpSession session = request.getSession(false); if(session == null) { return null; } return (String)session.getAttribute(KEY); } public String getSessionIdHash(HttpServletRequest request) { HttpSession session = request.getSession(false); if(session == null) { return null; } return (String)session.getAttribute(HASH); } protected void printStatus(PrintWriter out, String uid, String action) { out.println("ABAC Status"); out.println(""); out.println("
"); out.println("

User Authentication

"); out.print("

You are currently logged in as: "); out.print(uid); out.println("

\n"); out.println("
"); out.println(" "); out.println(" "); out.println("
"); out.println("
"); out.println(""); out.println(""); } protected void printLogin(PrintWriter out, String action) { final String TR = "", END_TR = ""; final String TD = "", END_TD = ""; final String TH = "", END_TH = ""; out.println("ABAC Login"); out.println(""); out.println("
"); out.println("

User Authentication

"); out.println("

\n"); out.println("\t
"); out.println("\t"); out.println(TR + TH); out.println("User Name:" + END_TH + TD); out.println("\t\t"); out.println(END_TD + END_TR); out.println(TR + TH); out.println("Password:" + END_TH + TD); out.println("\t\t"); out.println(END_TD + END_TR); out.println("\t
"); out.println("

"); out.println("

"); out.println("\t
"); out.println("
"); out.println(""); out.println(""); } public void init(ServletConfig config) throws ServletException { config.getServletContext().log("Loading authentication servlet."); } protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, java.io.IOException { PrintWriter out = resp.getWriter(); String uid = getSessionId(req); String action = req.getRequestURI().toString(); if(uid == null) { printLogin(out, action); } else { printStatus(out, uid, action); } out.close(); } protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, java.io.IOException { PrintWriter out = resp.getWriter(); String uid = req.getParameter("username"); String pass = req.getParameter("password"); String action = req.getRequestURI().toString(); System.out.println("Authenticating for user " + uid); System.out.print("Parameters = "); Enumeration e = req.getParameterNames(); while(e.hasMoreElements()) { System.out.print(e.nextElement()); System.out.print(", "); } System.out.println(""); if(req.getParameter("end") != null) { try { req.getSession().invalidate(); } catch(Exception ex) { ex.printStackTrace(); } printLogin(out, action); } else { setSessionId(req, uid, "FakeHashKey" + uid); printStatus(out, getSessionId(req), action); } out.close(); } }