/* * Copyright (c) 2003, KNOPFLERFISH project * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following * conditions are met: * * - Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * - Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the documentation and/or other materials * provided with the distribution. * * - Neither the name of the KNOPFLERFISH project nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. */ package org.knopflerfish.bundle.httpconsole; import java.util.*; import java.net.URL; import java.io.*; import javax.servlet.*; import javax.servlet.http.*; import org.osgi.framework.*; import org.osgi.service.http.*; public class Login { static final String LOGIN_USER = "loginname"; static final String LOGIN_PWD = "loginpwd"; static final String LOGIN_CMD = "login_cmd"; static final String LOGOUT_CMD = "logout_cmd"; static final String USER_OBJ = ConsoleServlet.class.getName() + ".user"; boolean bRequireLogin = "true".equals(System.getProperty("org.knopflerfish.httpconsole.requirelogin", "false")); String adminUser = System.getProperty("org.knopflerfish.httpconsole.user", "admin"); String adminPwd = System.getProperty("org.knopflerfish.httpconsole.pwd", "admin"); long expirationTime = 60 * 10; // time in seconds public Login() { try { expirationTime = Long.getLong("org.knopflerfish.httpconsole.expirationtime", expirationTime).longValue(); } catch (Exception e) { Activator.log.warn("Bad expiration time", e); } } boolean isValidUser(String user, String pwd) { return adminUser.equals(user) && adminPwd.equals(pwd); } /** * Check if the use has been logged in. If not, print a login page */ boolean checkLogin(HttpServletRequest request, HttpServletResponse response) throws IOException { if(!bRequireLogin) { return true; } HttpSession session = request.getSession(); if(null != request.getParameter(LOGOUT_CMD)) { session.removeAttribute(USER_OBJ); } String msg = null; UserObject userObj = null; // Catch ClassCastException since the bundle itself // may have been updated since the last request. If this // happens, the http server may very well still hold on // to a class named "UserObject", but which actually isn't // the same class as the new, update bundle expects. try { userObj = (UserObject)session.getAttribute(USER_OBJ); } catch (ClassCastException e) { msg = "console updated/session expired"; session.removeAttribute(USER_OBJ); } if(userObj != null) { if(userObj.hasExpired()) { session.removeAttribute(USER_OBJ); msg = "Session has expired"; } else { userObj.touch(); return true; } } String user = ""; if(null != request.getParameter(LOGIN_CMD)) { user = request.getParameter(LOGIN_USER); String pwd = request.getParameter(LOGIN_PWD); if(isValidUser(user, pwd)) { userObj = new UserObject(); session.setAttribute(USER_OBJ, userObj); return true; } msg = "Login failed"; } if(user == null) { user = ""; } PrintWriter out = response.getWriter(); printHeader(out); Util.formStart(out, false); out.println("

Log in to HTTP console

"); out.println("
"); if(msg != null) { out.println("
"); out.println(msg); out.println("
"); } out.println(""); out.println(" "); out.println(" "); out.println(" "); out.println(" "); out.println(" "); out.println(" "); out.println(" "); out.println(" "); out.println(" "); out.println(" "); out.println(" "); out.println("
Login name"); out.println(" "); out.println("
Password"); out.println(" "); out.println("
"); out.println(" "); out.println("
"); out.println(""); out.println("
"); out.println("
 
"); printFooter(out); return false; } void printHeader(PrintWriter out) throws IOException { out.println(""); out.println(""); out.println("Knopflerfish OSGi console"); out.println(""); out.println(""); out.println(""); } void printFooter(PrintWriter out) throws IOException { out.println(""); out.println(""); } /** * Simple object for storing user info in an HttpSession. * The HttpSession.setMaxInactiveInterval() could have been * used instead of the custom timer...but then it would be * hard to give a "session expired" message at timeouts. */ class UserObject { long touchTime; public UserObject() { touch(); } public void touch() { touchTime = System.currentTimeMillis(); } public boolean hasExpired() { return (System.currentTimeMillis() - touchTime) > ( 1000 * expirationTime); } } }