View Javadoc

1   package it.unseen.simplesso.web;
2   
3   import it.unseen.simplesso.filter.SecurityFilter;
4   import java.io.IOException;
5   import java.io.PrintWriter;
6   import java.net.URL;
7   import java.util.HashMap;
8   import java.util.Map;
9   
10  import javax.servlet.ServletException;
11  import javax.servlet.http.HttpServlet;
12  import javax.servlet.http.HttpServletRequest;
13  import javax.servlet.http.HttpServletResponse;
14  import javax.servlet.http.HttpSession;
15  
16  import org.apache.commons.logging.Log;
17  import org.apache.commons.logging.LogFactory;
18  
19  /**
20   * Verify servlet for central SSO.
21   * 
22   * @author Sergio Moretto
23   */
24  public class VerifyServlet extends HttpServlet {
25      public static final String LOGOUT_TABLE_ATTRIBUTE = "logoutTable";
26      public static final String USER_ATTRIBUTE = "user";
27  
28      private static final Log log = LogFactory.getLog(VerifyServlet.class);
29  
30      
31  
32      /**
33       * Handle request from application security filter.
34       * 
35       * @param request http request object
36       * @param response http response object
37       * @throws ServletException
38       * @throws IOException
39       */
40      @Override
41      protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
42          HttpSession session = request.getSession(false);
43  
44          response.setContentType("text/plain");
45  
46          if (session == null) {
47              log.error("no session");
48              response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
49              return;
50          }
51  
52          String username = (String) session.getAttribute(USER_ATTRIBUTE);
53  
54          if (username == null) {
55              log.error("session exist but not user");
56              response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
57              return;
58          }
59  
60          if (log.isDebugEnabled()) {
61          	log.debug("verify user: " + username);
62          }
63  
64          String logout = request.getParameter(SecurityFilter.LOGOUT_PARAM);
65          String remoteSessionId = request.getParameter(SecurityFilter.SESSION_ID_PARAM);
66  
67          if ((logout == null) || (remoteSessionId == null)) {
68              log.error("logout parameter or session id not specified");
69              response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
70              return;
71          }
72  
73          URL logoutUrl = new URL(logout);
74  
75          Map<URL, String> logoutTable = (Map<URL, String>) session.getAttribute(LOGOUT_TABLE_ATTRIBUTE);
76          if (logoutTable == null) {
77              logoutTable = new HashMap<URL, String>();
78          }
79          logoutTable.put(logoutUrl, remoteSessionId);
80  
81          session.setAttribute(LOGOUT_TABLE_ATTRIBUTE, logoutTable);
82  
83          response.setStatus(HttpServletResponse.SC_OK);
84          PrintWriter output = response.getWriter();
85          output.print(username);
86      }
87  }
88