code.grnet.gr Git - pithos/blob - src/gr/ebs/gss/server/TokenRetriever.java

   1 /*
   2  * Copyright 2008, 2009 Electronic Business Systems Ltd.
   3  *
   4  * This file is part of GSS.
   5  *
   6  * GSS is free software: you can redistribute it and/or modify
   7  * it under the terms of the GNU General Public License as published by
   8  * the Free Software Foundation, either version 3 of the License, or
   9  * (at your option) any later version.
  10  *
  11  * GSS is distributed in the hope that it will be useful,
  12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14  * GNU General Public License for more details.
  15  *
  16  * You should have received a copy of the GNU General Public License
  17  * along with GSS.  If not, see <http://www.gnu.org/licenses/>.
  18  */
  19 package gr.ebs.gss.server;
  20
  21 import static gr.ebs.gss.server.configuration.GSSConfigurationFactory.getConfiguration;
  22 import gr.ebs.gss.client.exceptions.ObjectNotFoundException;
  23 import gr.ebs.gss.client.exceptions.RpcException;
  24 import gr.ebs.gss.server.domain.User;
  25 import gr.ebs.gss.server.ejb.ExternalAPI;
  26
  27 import java.io.IOException;
  28 import java.io.PrintWriter;
  29 import java.net.URLEncoder;
  30
  31 import javax.naming.Context;
  32 import javax.naming.InitialContext;
  33 import javax.naming.NamingException;
  34 import javax.rmi.PortableRemoteObject;
  35 import javax.servlet.http.HttpServlet;
  36 import javax.servlet.http.HttpServletRequest;
  37 import javax.servlet.http.HttpServletResponse;
  38
  39 import org.apache.commons.codec.binary.Base64;
  40 import org.apache.commons.logging.Log;
  41 import org.apache.commons.logging.LogFactory;
  42
  43 /**
  44  * The servlet that handles authentication token retrieval.
  45  *
  46  * @author past
  47  */
  48 public class TokenRetriever extends HttpServlet {
  49         /**
  50          * The serial version UID of the class.
  51          */
  52         private static final long serialVersionUID = 1L;
  53
  54         /**
  55          * The request parameter name for the nonce.
  56          */
  57         private static final String NONCE_PARAM = "nonce";
  58
  59         /**
  60          * The request parameter name for the user.
  61          */
  62         private static final String USER_PARAM = "user";
  63
  64         /**
  65          * The logger.
  66          */
  67         private static Log logger = LogFactory.getLog(TokenRetriever.class);
  68
  69         /**
  70          * A helper method that retrieves a reference to the ExternalAPI bean and
  71          * stores it for future use.
  72          *
  73          * @return an ExternalAPI instance
  74          * @throws RpcException in case an error occurs
  75          */
  76         private ExternalAPI getService() throws RpcException {
  77                 try {
  78                         final Context ctx = new InitialContext();
  79                         final Object ref = ctx.lookup(getConfiguration().getString("externalApiPath"));
  80                         return (ExternalAPI) PortableRemoteObject.narrow(ref, ExternalAPI.class);
  81                 } catch (final NamingException e) {
  82                         logger.error("Unable to retrieve the ExternalAPI EJB", e);
  83                         throw new RpcException("An error occurred while contacting the naming service");
  84                 }
  85         }
  86
  87         @Override
  88         public void service(HttpServletRequest request, HttpServletResponse response) throws IOException {
  89                 String username = request.getParameter(USER_PARAM);
  90                 String nonceEncoded = request.getParameter(NONCE_PARAM);
  91                 User user = null;
  92                 if (username == null) {
  93                         String error = "No username supplied";
  94                         logger.info(error);
  95                         response.setContentType("text/html");
  96                         response.sendError(HttpServletResponse.SC_FORBIDDEN, error);
  97                         return;
  98                 }
  99                 if (nonceEncoded == null) {
 100                         String error = "No nonce supplied";
 101                         logger.info(error);
 102                         response.setContentType("text/html");
 103                         response.sendError(HttpServletResponse.SC_FORBIDDEN, error);
 104                         return;
 105                 }
 106                 nonceEncoded = URLEncoder.encode(nonceEncoded, "US-ASCII");
 107                 try {
 108                         user = getService().findUser(username);
 109                         if (user == null) {
 110                                 String error = "User was not found";
 111                                 logger.info(error);
 112                                 response.setContentType("text/html");
 113                                 response.sendError(HttpServletResponse.SC_FORBIDDEN, error);
 114                                 return;
 115                         }
 116                         String nonce = user.getNonce();
 117                         if (nonce == null || !nonce.equals(nonceEncoded))
 118                                 throw new ObjectNotFoundException("No match found");
 119                 } catch (RpcException e) {
 120                         String error = "An error occurred while communicating with the service";
 121                         logger.error(error, e);
 122                         response.setContentType("text/html");
 123                         response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, error);
 124                         return;
 125                 } catch (ObjectNotFoundException e) {
 126                         logger.info(e.getMessage());
 127                         response.setContentType("text/html");
 128                         response.sendError(HttpServletResponse.SC_FORBIDDEN, e.getMessage());
 129                         return;
 130                 }
 131                 byte[] token = user.getAuthToken();
 132                 if (token == null) {
 133                         String error = "Authentication token invalid";
 134                         logger.error(error);
 135                         response.setContentType("text/html");
 136                         response.sendError(HttpServletResponse.SC_UNAUTHORIZED, error);
 137                         return;
 138                 }
 139                 user.setNonce(null);
 140                 user.setNonceExpiryDate(null);
 141                 String tokenEncoded = new String(Base64.encodeBase64(token), "US-ASCII");
 142                 response.setContentType("text/plain");
 143             PrintWriter out = response.getWriter();
 144             out.println(tokenEncoded);
 145         }
 146 }