1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34 package info.magnolia.cms.security.auth.callback;
35
36 import info.magnolia.cms.beans.config.MIMEMapping;
37 import info.magnolia.cms.i18n.Messages;
38 import info.magnolia.cms.i18n.MessagesManager;
39 import info.magnolia.cms.security.auth.login.LoginResult;
40 import info.magnolia.context.Context;
41 import info.magnolia.context.MgnlContext;
42 import info.magnolia.freemarker.FreemarkerUtil;
43 import info.magnolia.init.MagnoliaConfigurationProperties;
44
45 import java.net.URI;
46 import java.net.URISyntaxException;
47 import java.util.HashMap;
48 import java.util.Map;
49
50 import javax.inject.Inject;
51 import javax.security.auth.login.LoginException;
52 import javax.servlet.http.HttpServletRequest;
53 import javax.servlet.http.HttpServletResponse;
54
55 import org.apache.commons.lang.ClassUtils;
56 import org.slf4j.Logger;
57 import org.slf4j.LoggerFactory;
58
59
60
61
62
63
64 public class FormClientCallback extends AbstractHttpClientCallback {
65
66 private static final Logger log = LoggerFactory.getLogger(FormClientCallback.class);
67
68 public static final String ERROR_STRING = "errorString";
69 public static final String SERVICE_CONTACT = "serviceContact";
70 public static final String ERROR_STRING_CSRF = "errorStringCsrf";
71 public static final String SECURITY_WARNING_URL = "securityWarningUrl";
72 public static final String SECURITY_WARNING_URL_FIX = "securityWarningUrlFix";
73 public static final String SECURITY_WARNING_URL_LINK = "securityWarningUrlLink";
74
75 protected final String ADMINCENTRAL_LOGIN_PATH = ".magnolia/pages/adminCentral.html";
76
77 private MagnoliaConfigurationProperties configurationProperties;
78 private String loginForm;
79
80 private boolean hasQueryParameters;
81 private boolean isStandardLoginURL;
82
83 @Inject
84 public FormClientCallback(MagnoliaConfigurationProperties configurationProperties) {
85 this.configurationProperties = configurationProperties;
86 }
87
88
89
90
91 protected boolean isLoginPage(HttpServletRequest request){
92
93 final String adminCentralLoginPath = MgnlContext.getContextPath() + "/" + ADMINCENTRAL_LOGIN_PATH;
94 String pathWithQueryString;
95
96
97 final String url = request.getRequestURL().toString();
98 try {
99 pathWithQueryString = new URI(url).getPath();
100 } catch (URISyntaxException e) {
101 pathWithQueryString = "";
102 }
103 String queryString = request.getQueryString();
104 if (queryString != null) {
105 pathWithQueryString += "?"+queryString;
106 }
107
108 return adminCentralLoginPath.equals(pathWithQueryString);
109 }
110
111 @Override
112 public void handle(HttpServletRequest request, HttpServletResponse response) {
113 try {
114 if (!response.isCommitted()) {
115 response.setContentType("text/html");
116 if (null == request.getCharacterEncoding()) {
117 response.setCharacterEncoding(MIMEMapping.getContentEncodingOrDefault("text/html"));
118 }
119 }
120
121 isStandardLoginURL = isLoginPage(request);
122
123 FreemarkerUtil.process(getLoginForm(), getMessages(), response.getWriter());
124 }
125 catch (Throwable t) {
126 log.error("exception while writing login template", t);
127 }
128 }
129
130 public String getLoginForm() {
131 return loginForm;
132 }
133
134 public void setLoginForm(String loginForm) {
135 this.loginForm = loginForm;
136 }
137
138
139
140
141
142
143
144 protected Map<String, Object> getMessages() {
145 LoginResult loginResult = LoginResult.getCurrentLoginResult();
146 LoginException exception = loginResult.getLoginException();
147 Map<String, Object> messages = new HashMap<String, Object>();
148 final Messages mm = MessagesManager.getMessages();
149
150 if (null != exception) {
151 final String exName = ClassUtils.getShortClassName(exception, null);
152 final String defaultMessage = mm.get("login.defaultError");
153 messages.put(ERROR_STRING, mm.getWithDefault("login." + exName, defaultMessage));
154 }
155 String serviceContact = this.configurationProperties.getProperty("magnolia.service.contact");
156 if (serviceContact != null) {
157 messages.put(SERVICE_CONTACT, serviceContact);
158 }
159
160 if (MgnlContext.getAttribute(Context.ATTRIBUTE_POSSIBLE_CSRF) != null){
161 final String csrfError = mm.get("error.csrf.RefererRequired");
162 messages.put(ERROR_STRING_CSRF, csrfError);
163
164 if (!isStandardLoginURL){
165 messages.put(SECURITY_WARNING_URL, mm.get("securityWarning.url"));
166 messages.put(SECURITY_WARNING_URL_FIX, mm.get("securityWarning.url.fix"));
167 messages.put(SECURITY_WARNING_URL_LINK, ADMINCENTRAL_LOGIN_PATH);
168 }
169 }
170
171 return messages;
172 }
173
174 }