Source code

001package votorola.a.web.wic.authen; // Copyright 2012, Michael Allan.  Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Votorola Software"), to deal in the Votorola Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicence, and/or sell copies of the Votorola Software, and to permit persons to whom the Votorola Software is furnished to do so, subject to the following conditions: The preceding copyright notice and this permission notice shall be included in all copies or substantial portions of the Votorola Software. THE VOTOROLA SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE VOTOROLA SOFTWARE OR THE USE OR OTHER DEALINGS IN THE VOTOROLA SOFTWARE.
002
003import java.util.logging.*;
004import org.apache.wicket.Page;
005import org.apache.wicket.request.cycle.RequestCycle;
006import org.apache.wicket.request.mapper.parameter.PageParameters;
007import votorola.a.voter.*;
008import votorola.a.web.wic.*;
009import votorola.g.lang.*;
010import votorola.g.logging.*;
011
012
013/** A basic login page.  Each instantiable subclass must have a public constructor that
014  * accepts page parameters, enabling it to be constructed by WC_LoginLink.
015  */
016  @SuppressWarnings("deprecation") // of IDPair.isFromEmail(), fails placed on method (1.7.0_06)
017public @ThreadRestricted("wicket") abstract class LoginPage extends VPageHTML
018{
019
020
021    /** Constructs a LoginPage.
022      */
023    LoginPage( final PageParameters pP ) { super( pP ); }
024
025
026
027   // ------------------------------------------------------------------------------------
028
029
030    /** The name of the cookie that stores the state of the "keep me logged in" check box.
031      */
032    static final String COOKIE_PERSIST_BUTTON = "vo_loginPersistButton";
033      // "voLogin.persistButton" would have been more standard
034
035
036
037    /** Sets the return page encoded in the page parameters as the response page.
038      *
039      *     @see Authenticator#newLoginPage(PageParameters)
040      */
041    final void respondWithReturnPage( final RequestCycle cycle )
042    {
043        final PageParameters pP = getPageParameters();
044        final Class<? extends Page> returnClass = Authenticator.extractReturnClass( pP );
045        if( VoterPage.class.isAssignableFrom( returnClass ))
046        {
047            final VSession.User user = VSession.get().user(); // as newly authenticated
048            if( user != null && pP.get("u") == null && pP.get("v") == null )
049            {
050                pP.set( "u", user.username() );
051            }
052        }
053        cycle.setResponsePage( returnClass, pP );
054    }
055
056
057
058    /** Sets the newly authenticated user in the session.
059      *
060      *     @param method the name of the authentication method for logging purposes.
061      *     @see votorola.a.web.wic.VSession.User#isPersistent()
062      *     @param toReplaceSession answers whether to replace the session in order to
063      *       defend the user from a potential fixation attack.  This is currently
064      *       disabled and has no effect.
065      *
066      *     @see <a href='https://www.owasp.org/index.php/Session_Fixation'>Session Fixation</a>
067      */
068    static void setUserInSession( IDPair id, final String method, final boolean persistent,
069      final boolean toReplaceSession, final VRequestCycle cycle )
070    {
071        logger.fine( "logging in by " + method + ": " + id.username() );
072        if( id.isFromEmail() ) id = new IDPair( id.email(), id.username(), /*isFromEmail*/false );
073          // forcing it to appear in mailish form
074        final VSession session = VSession.get();
075        if( toReplaceSession ) session.replaceSession();
076        try
077        {
078            session.setUser( id, persistent,
079              VOWicket.get().vsRun().trustserver().getTraceNode(/*list, look it up*/null,id), cycle);
080        }
081        catch( java.io.IOException|java.sql.SQLException x ) { throw new RuntimeException( x ); }
082    }
083
084
085
086//// P r i v a t e ///////////////////////////////////////////////////////////////////////
087
088
089    private static final Logger logger = LoggerX.i( LoginPage.class );
090
091
092}