Context Navigation

source: fedd/abac-src/ttg/demo/src/SessionServlet.java @ df783c1

axis_examplecompt_changesinfo-opsversion-2.00version-3.01version-3.02

Last change on this file since df783c1 was 8780cbec, checked in by Jay Jacobs <Jay.Jacobs@…>, 15 years ago
ABAC sources from Cobham
Property mode set to `100644`
File size: 5.4 KB

Line
1	import com.nailabs.abac.process.*;
2	import com.nailabs.abac.trust.*;
3	import com.nailabs.abac.test.*;
4	import edu.stanford.peer.rbtm.credential.*;
5	import java.io.*;
6	import java.util.*;
7	import java.rmi.*;
8	import javax.servlet.*;
9	import javax.servlet.http.*;
10
11
12	public class SessionServlet extends HttpServlet {
13	/** the key name for looking up the entity id of a session */
14	static final String KEY = "EntityID";
15	/** the hash code for the RTML Entity's signature */
16	static final String HASH = "HashID";
17	/** default action */
18	String action = null;
19	/**
20	* sets up a new session and invalidates the old session if it exists
21	* @param request the incoming HTTP request
22	* @param id the new entity id for the new session ot be created
23	*/
24	public void setSessionId(HttpServletRequest request,String id,String hash)
25	{
26	HttpSession session = request.getSession(true);
27
28	// end current session and create a new one
29	if(!session.isNew()) {
30	try {
31	session.invalidate();
32	session = request.getSession(true);
33	}
34	catch(Exception ex) {
35	ex.printStackTrace();
36	}
37	}
38	session.setAttribute(KEY, id);
39	session.setAttribute(HASH, hash);
40	}
41
42	/** public accessor method for the entity id of the current http session */
43	public String getSessionId(HttpServletRequest request) {
44	HttpSession session = request.getSession(false);
45
46	if(session == null) {
47	return null;
48	}
49	return (String)session.getAttribute(KEY);
50	}
51
52	public String getSessionIdHash(HttpServletRequest request) {
53	HttpSession session = request.getSession(false);
54
55	if(session == null) {
56	return null;
57	}
58	return (String)session.getAttribute(HASH);
59	}
60
61	protected void printStatus(PrintWriter out, String uid, String action) {
62	out.println("<html><head><title>ABAC Status</title></head>");
63	out.println("<body>");
64	out.println(" <center>");
65	out.println("<h1>User Authentication</h1>");
66	out.print(" <p>You are currently logged in as: ");
67	out.print(uid);
68	out.println("</p>\n");
69	out.println(" <form action=\"" + action + "\" method=\"post\">");
70	out.println(" <input type=\"submit\" value=\"Logout\">");
71	out.println(" <input type=\"hidden\" name=\"end\" value=\"end\">");
72	out.println(" </form>");
73	out.println(" </center>");
74	out.println("<body>");
75	out.println("</html>");
76	}
77
78	protected void printLogin(PrintWriter out, String action)
79	{
80	final String TR = "<tr>", END_TR = "</tr>";
81	final String TD = "<td>", END_TD = "</td>";
82	final String TH = "<th>", END_TH = "</th>";
83
84	out.println("<html><head><title>ABAC Login</title></head>");
85	out.println("<body>");
86	out.println(" <center>");
87	out.println("<h1>User Authentication</h1>");
88	out.println("</p>\n");
89	out.println("\t<form action=\"" + action +"\" method=\"post\">");
90	out.println("\t<table>");
91	out.println(TR + TH);
92	out.println("User Name:" + END_TH + TD);
93	out.println("\t\t<input type=\"text\" name =\"username\" />");
94	out.println(END_TD + END_TR);
95	out.println(TR + TH);
96	out.println("Password:" + END_TH + TD);
97	out.println("\t\t<input type=\"password\" name=\"password\" />");
98	out.println(END_TD + END_TR);
99	out.println("\t</table>");
100	out.println("<p> <INPUT type=\"submit\" value=\"Send\">");
101	out.println("<INPUT type=\"reset\"> </p>");
102	out.println("\t</form>");
103	out.println(" </center>");
104	out.println("<body>");
105	out.println("</html>");
106	}
107
108	public void init(ServletConfig config) throws ServletException {
109	config.getServletContext().log("Loading authentication servlet.");
110	}
111
112
113	protected void doGet(HttpServletRequest req, HttpServletResponse resp)
114	throws ServletException, java.io.IOException {
115	PrintWriter out = resp.getWriter();
116	String uid = getSessionId(req);
117	String action = req.getRequestURI().toString();
118
119	if(uid == null) {
120	printLogin(out, action);
121	} else {
122	printStatus(out, uid, action);
123	}
124	out.close();
125	}
126
127
128	protected void doPost(HttpServletRequest req, HttpServletResponse resp)
129	throws ServletException, java.io.IOException {
130	PrintWriter out = resp.getWriter();
131	String uid = req.getParameter("username");
132	String pass = req.getParameter("password");
133	String action = req.getRequestURI().toString();
134
135	System.out.println("Authenticating for user " + uid);
136
137	System.out.print("Parameters = ");
138	Enumeration e = req.getParameterNames();
139	while(e.hasMoreElements()) {
140	System.out.print(e.nextElement());
141	System.out.print(", ");
142	}
143	System.out.println("");
144
145	if(req.getParameter("end") != null) {
146	try {
147	req.getSession().invalidate();
148	}
149	catch(Exception ex) {
150	ex.printStackTrace();
151	}
152	printLogin(out, action);
153	} else {
154	setSessionId(req, uid, "FakeHashKey" + uid);
155	printStatus(out, getSessionId(req), action);
156	}
157	out.close();
158	}
159	}
160
161

Note: See TracBrowser for help on using the repository browser.

Download in other formats: