2 * Copyright 2008, 2009 Electronic Business Systems Ltd.
4 * This file is part of GSS.
6 * GSS is free software: you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation, either version 3 of the License, or
9 * (at your option) any later version.
11 * GSS is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with GSS. If not, see <http://www.gnu.org/licenses/>.
19 package gr.ebs.gss.server;
21 import gr.ebs.gss.client.exceptions.ObjectNotFoundException;
22 import gr.ebs.gss.client.exceptions.RpcException;
23 import gr.ebs.gss.server.domain.User;
25 import java.io.IOException;
26 import java.io.PrintWriter;
27 import java.net.URLEncoder;
29 import javax.servlet.http.HttpServletRequest;
30 import javax.servlet.http.HttpServletResponse;
32 import org.apache.commons.codec.binary.Base64;
33 import org.apache.commons.logging.Log;
34 import org.apache.commons.logging.LogFactory;
37 * The servlet that handles authentication token retrieval.
41 public class TokenRetriever extends BaseServlet {
43 * The serial version UID of the class.
45 private static final long serialVersionUID = 1L;
48 * The request parameter name for the nonce.
50 private static final String NONCE_PARAM = "nonce";
53 * The request parameter name for the user.
55 private static final String USER_PARAM = "user";
60 private static Log logger = LogFactory.getLog(TokenRetriever.class);
63 public void service(HttpServletRequest request, HttpServletResponse response) throws IOException {
64 String username = request.getParameter(USER_PARAM);
65 String nonceEncoded = request.getParameter(NONCE_PARAM);
67 if (username == null) {
68 String error = "No username supplied";
70 response.setContentType("text/html");
71 response.sendError(HttpServletResponse.SC_FORBIDDEN, error);
74 if (nonceEncoded == null) {
75 String error = "No nonce supplied";
77 response.setContentType("text/html");
78 response.sendError(HttpServletResponse.SC_FORBIDDEN, error);
81 nonceEncoded = URLEncoder.encode(nonceEncoded, "US-ASCII");
83 user = getService().findUser(username);
85 String error = "User was not found";
87 response.setContentType("text/html");
88 response.sendError(HttpServletResponse.SC_FORBIDDEN, error);
91 String nonce = user.getNonce();
92 if (nonce == null || !nonce.equals(nonceEncoded))
93 throw new ObjectNotFoundException("No match found");
94 } catch (RpcException e) {
95 String error = "An error occurred while communicating with the service";
96 logger.error(error, e);
97 response.setContentType("text/html");
98 response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, error);
100 } catch (ObjectNotFoundException e) {
101 logger.info(e.getMessage());
102 response.setContentType("text/html");
103 response.sendError(HttpServletResponse.SC_FORBIDDEN, e.getMessage());
106 byte[] token = user.getAuthToken();
108 String error = "Authentication token invalid";
110 response.setContentType("text/html");
111 response.sendError(HttpServletResponse.SC_UNAUTHORIZED, error);
115 user.setNonceExpiryDate(null);
116 String tokenEncoded = new String(Base64.encodeBase64(token), "US-ASCII");
117 response.setContentType("text/plain");
118 PrintWriter out = response.getWriter();
119 out.println(tokenEncoded);