This repository has been archived by the owner on Nov 9, 2017. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 57
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix(ZNTA-1067): fix kerberos authentication
This change solves a problem where Kerberos authentication doesn't get triggered due to the new Url rewriter changing the expected response code and thus stopping the whole process. The old klogin.xhtml page is replaced with a servlet which performs the same tasks without the need to go through the Url rewriter.
- Loading branch information
Carlos A. Munoz
committed
May 5, 2016
1 parent
a39a548
commit 0acb853
Showing
7 changed files
with
108 additions
and
65 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
98 changes: 98 additions & 0 deletions
98
zanata-war/src/main/java/org/zanata/servlet/KLoginServlet.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,98 @@ | ||
/* | ||
* Copyright 2016, Red Hat, Inc. and individual contributors as indicated by the | ||
* @author tags. See the copyright.txt file in the distribution for a full | ||
* listing of individual contributors. | ||
* | ||
* This is free software; you can redistribute it and/or modify it under the | ||
* terms of the GNU Lesser General Public License as published by the Free | ||
* Software Foundation; either version 2.1 of the License, or (at your option) | ||
* any later version. | ||
* | ||
* This software is distributed in the hope that it will be useful, but WITHOUT | ||
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS | ||
* FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more | ||
* details. | ||
* | ||
* You should have received a copy of the GNU Lesser General Public License | ||
* along with this software; if not, write to the Free Software Foundation, | ||
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF | ||
* site: http://www.fsf.org. | ||
*/ | ||
package org.zanata.servlet; | ||
|
||
import org.zanata.security.AuthenticationManager; | ||
import org.zanata.security.UserRedirectBean; | ||
|
||
import javax.inject.Inject; | ||
import javax.servlet.ServletException; | ||
import javax.servlet.annotation.WebServlet; | ||
import javax.servlet.http.HttpServlet; | ||
import javax.servlet.http.HttpServletRequest; | ||
import javax.servlet.http.HttpServletResponse; | ||
import java.io.IOException; | ||
|
||
/** | ||
* Servlet which serves as a landing place to perform kerberos ticket | ||
* based authentication. | ||
* @author Carlos Munoz <a href="mailto:camunoz@redhat.com">camunoz@redhat.com</a> | ||
*/ | ||
@WebServlet( | ||
urlPatterns = {"/account/klogin"} | ||
) | ||
public class KLoginServlet extends HttpServlet { | ||
|
||
@Inject | ||
private UserRedirectBean userRedirect; | ||
|
||
@Inject | ||
private AuthenticationManager authenticationManager; | ||
|
||
@Override | ||
protected void doGet(HttpServletRequest req, HttpServletResponse resp) | ||
throws ServletException, IOException { | ||
// Set the continue parameter | ||
String continueUrl = req.getParameter("continue"); | ||
if(continueUrl != null) | ||
userRedirect.setEncodedUrl(continueUrl); | ||
// perform the authentication | ||
authenticationManager.kerberosLogin(); | ||
performRedirection(resp, continueUrl); | ||
} | ||
|
||
/** | ||
* Performs the redirection based on the results from the authentication | ||
* process. | ||
* This is logic that would normally be in faces-config.xml, but as this is | ||
* a servlet, it cannot take advantage of that. | ||
*/ | ||
private void performRedirection(HttpServletResponse resp, | ||
String continueUrl) throws IOException { | ||
String authRedirectResult = | ||
authenticationManager.getAuthenticationRedirect(); | ||
switch (authRedirectResult) { | ||
case "login": | ||
resp.sendRedirect("/account/login"); | ||
break; | ||
|
||
case "edit": | ||
resp.sendRedirect("/profile/create_user"); | ||
break; | ||
|
||
case "inactive": | ||
resp.sendRedirect("/account/inactive_account"); | ||
break; | ||
|
||
case "dashboard": | ||
resp.sendRedirect("/dashboard"); | ||
break; | ||
|
||
case "home": | ||
resp.sendRedirect("/"); | ||
break; | ||
|
||
case "redirect": | ||
resp.sendRedirect(continueUrl); | ||
break; | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file was deleted.
Oops, something went wrong.