001/* 002 * This library is part of OpenCms - 003 * the Open Source Content Management System 004 * 005 * Copyright (c) Alkacon Software GmbH & Co. KG (http://www.alkacon.com) 006 * 007 * This library is free software; you can redistribute it and/or 008 * modify it under the terms of the GNU Lesser General Public 009 * License as published by the Free Software Foundation; either 010 * version 2.1 of the License, or (at your option) any later version. 011 * 012 * This library is distributed in the hope that it will be useful, 013 * but WITHOUT ANY WARRANTY; without even the implied warranty of 014 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 015 * Lesser General Public License for more details. 016 * 017 * For further information about Alkacon Software, please see the 018 * company website: http://www.alkacon.com 019 * 020 * For further information about OpenCms, please see the 021 * project website: http://www.opencms.org 022 * 023 * You should have received a copy of the GNU Lesser General Public 024 * License along with this library; if not, write to the Free Software 025 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 026 */ 027 028package org.opencms.jsp; 029 030import org.opencms.file.CmsObject; 031import org.opencms.file.CmsUser; 032import org.opencms.main.CmsException; 033import org.opencms.main.CmsLog; 034import org.opencms.main.OpenCms; 035import org.opencms.security.CmsPersistentLoginAuthorizationHandler; 036import org.opencms.security.CmsPersistentLoginTokenHandler; 037import org.opencms.util.CmsMacroResolver; 038import org.opencms.util.CmsRequestUtil; 039 040import java.io.IOException; 041 042import javax.servlet.http.Cookie; 043 044import org.apache.commons.logging.Log; 045 046/** 047 * Login bean which sets a cookie that can be used by {@link CmsPersistentLoginAuthorizationHandler} to automatically 048 * log the user back in when his session has expired. 049 * 050 * The cookie's lifetime can be set using the setTokenLifetime method 051 */ 052public class CmsJspLoginPersistingBean extends CmsJspLoginBean { 053 054 /** The token life time. */ 055 private long m_tokenLifetime = CmsPersistentLoginTokenHandler.DEFAULT_LIFETIME; 056 057 /** The cookie path. */ 058 private String m_cookiePath = "%(CONTEXT_NAME)%(SERVLET_NAME)"; 059 060 /** True if the token has been set. */ 061 private boolean m_isTokenSet; 062 063 /** The logger for this class. */ 064 private static final Log LOG = CmsLog.getLog(CmsJspLoginPersistingBean.class); 065 066 /** 067 * Gets the path to use for the authorization cookie, optionally resolving any macros used.<p> 068 * 069 * @param resolveMacros if true, macros should be resolved 070 * @return the authorization cookie path 071 */ 072 public String getCookiePath(boolean resolveMacros) { 073 074 String result = m_cookiePath; 075 if (resolveMacros) { 076 CmsMacroResolver resolver = new CmsMacroResolver(); 077 // add special mappings for macros 078 resolver.addMacro("CONTEXT_NAME", OpenCms.getSystemInfo().getContextPath()); 079 resolver.addMacro("SERVLET_NAME", OpenCms.getSystemInfo().getServletPath()); 080 result = resolver.resolveMacros(result); 081 } 082 return result; 083 } 084 085 /** 086 * Returns true if the token has been set.<p> 087 * 088 * @return true if the token has been set 089 */ 090 public boolean isTokenSet() { 091 092 return m_isTokenSet; 093 } 094 095 /** 096 * @see org.opencms.jsp.CmsJspLoginBean#login(java.lang.String, java.lang.String, java.lang.String) 097 */ 098 @Override 099 public void login(String userName, String password, String projectName) { 100 101 super.login(userName, password, projectName); 102 if (isLoginSuccess()) { 103 CmsObject cms = getCmsObject(); 104 CmsPersistentLoginTokenHandler tokenHandler = new CmsPersistentLoginTokenHandler(); 105 tokenHandler.setTokenLifetime(m_tokenLifetime); 106 try { 107 final String token = tokenHandler.createToken(cms); 108 Cookie cookie = new Cookie(CmsPersistentLoginAuthorizationHandler.COOKIE_NAME, token); 109 cookie.setMaxAge((int)(m_tokenLifetime / 1000)); 110 cookie.setPath(getCookiePath(true)); 111 getResponse().addCookie(cookie); 112 m_isTokenSet = true; 113 } catch (CmsException e) { 114 LOG.error(e.getMessage(), e); 115 } 116 } 117 } 118 119 /** 120 * @see org.opencms.jsp.CmsJspLoginBean#logout() 121 */ 122 @Override 123 public void logout() throws IOException { 124 125 logout(true); 126 } 127 128 /** 129 * Logs the user out and optionally invalidates their login token.<p> 130 * 131 * @param invalidateToken true if the token should be invalidated 132 * 133 * @throws IOException if something goes wrong 134 */ 135 public void logout(boolean invalidateToken) throws IOException { 136 137 if (isLoggedIn() && invalidateToken) { 138 CmsUser user = getCmsObject().getRequestContext().getCurrentUser(); 139 CmsPersistentLoginTokenHandler tokenHandler = new CmsPersistentLoginTokenHandler(); 140 try { 141 Cookie cookie = new Cookie(CmsPersistentLoginAuthorizationHandler.COOKIE_NAME, ""); 142 cookie.setMaxAge(0); 143 cookie.setPath(getCookiePath(true)); 144 getResponse().addCookie(cookie); 145 tokenHandler.invalidateToken( 146 user, 147 CmsRequestUtil.getCookieValue( 148 getRequest().getCookies(), 149 CmsPersistentLoginAuthorizationHandler.COOKIE_NAME)); 150 } catch (Exception e) { 151 LOG.error("Could not invalidate tokens for user " + user, e); 152 } 153 154 } 155 super.logout(); 156 157 } 158 159 /** 160 * Sets the path to use for the login token cookie.<p> 161 * 162 * You can use the macros %(SERVLET_NAME) and %(CONTEXT_NAME) in the cookie path; the default 163 * value is %(CONTEXT_NAME)%(SERVLET_NAME).<p> 164 * 165 * @param cookiePath the cookie path, possibly including macros 166 */ 167 public void setCookiePath(String cookiePath) { 168 169 m_cookiePath = cookiePath; 170 } 171 172 /** 173 * Sets the number of milliseconds for which the tokens should be valid.<p> 174 * 175 * @param lifetime the token life time 176 */ 177 public void setTokenLifetime(long lifetime) { 178 179 m_tokenLifetime = lifetime; 180 } 181 182}