code.grnet.gr Git - pithos/blob - src/gr/ebs/gss/server/TokenRetriever.java

   1 /*
   2  * Copyright 2008, 2009 Electronic Business Systems Ltd.
   3  *
   4  * This file is part of GSS.
   5  *
   6  * GSS is free software: you can redistribute it and/or modify
   7  * it under the terms of the GNU General Public License as published by
   8  * the Free Software Foundation, either version 3 of the License, or
   9  * (at your option) any later version.
  10  *
  11  * GSS is distributed in the hope that it will be useful,
  12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14  * GNU General Public License for more details.
  15  *
  16  * You should have received a copy of the GNU General Public License
  17  * along with GSS.  If not, see <http://www.gnu.org/licenses/>.
  18  */
  19 package gr.ebs.gss.server;
  20
  21 import gr.ebs.gss.client.exceptions.ObjectNotFoundException;
  22 import gr.ebs.gss.client.exceptions.RpcException;
  23 import gr.ebs.gss.server.domain.User;
  24
  25 import java.io.IOException;
  26 import java.io.PrintWriter;
  27 import java.net.URLEncoder;
  28
  29 import javax.servlet.http.HttpServletRequest;
  30 import javax.servlet.http.HttpServletResponse;
  31
  32 import org.apache.commons.codec.binary.Base64;
  33 import org.apache.commons.logging.Log;
  34 import org.apache.commons.logging.LogFactory;
  35
  36 /**
  37  * The servlet that handles authentication token retrieval.
  38  *
  39  * @author past
  40  */
  41 public class TokenRetriever extends BaseServlet {
  42         /**
  43          * The serial version UID of the class.
  44          */
  45         private static final long serialVersionUID = 1L;
  46
  47         /**
  48          * The request parameter name for the nonce.
  49          */
  50         private static final String NONCE_PARAM = "nonce";
  51
  52         /**
  53          * The request parameter name for the user.
  54          */
  55         private static final String USER_PARAM = "user";
  56
  57         /**
  58          * The logger.
  59          */
  60         private static Log logger = LogFactory.getLog(TokenRetriever.class);
  61
  62         @Override
  63         public void service(HttpServletRequest request, HttpServletResponse response) throws IOException {
  64                 String username = request.getParameter(USER_PARAM);
  65                 String nonceEncoded = request.getParameter(NONCE_PARAM);
  66                 User user = null;
  67                 if (username == null) {
  68                         String error = "No username supplied";
  69                         logger.info(error);
  70                         response.setContentType("text/html");
  71                         response.sendError(HttpServletResponse.SC_FORBIDDEN, error);
  72                         return;
  73                 }
  74                 if (nonceEncoded == null) {
  75                         String error = "No nonce supplied";
  76                         logger.info(error);
  77                         response.setContentType("text/html");
  78                         response.sendError(HttpServletResponse.SC_FORBIDDEN, error);
  79                         return;
  80                 }
  81                 nonceEncoded = URLEncoder.encode(nonceEncoded, "US-ASCII");
  82                 try {
  83                         user = getService().findUser(username);
  84                         if (user == null) {
  85                                 String error = "User was not found";
  86                                 logger.info(error);
  87                                 response.setContentType("text/html");
  88                                 response.sendError(HttpServletResponse.SC_FORBIDDEN, error);
  89                                 return;
  90                         }
  91                         String nonce = user.getNonce();
  92                         if (nonce == null || !nonce.equals(nonceEncoded))
  93                                 throw new ObjectNotFoundException("No match found");
  94                 } catch (RpcException e) {
  95                         String error = "An error occurred while communicating with the service";
  96                         logger.error(error, e);
  97                         response.setContentType("text/html");
  98                         response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, error);
  99                         return;
 100                 } catch (ObjectNotFoundException e) {
 101                         logger.info(e.getMessage());
 102                         response.setContentType("text/html");
 103                         response.sendError(HttpServletResponse.SC_FORBIDDEN, e.getMessage());
 104                         return;
 105                 }
 106                 byte[] token = user.getAuthToken();
 107                 if (token == null) {
 108                         String error = "Authentication token invalid";
 109                         logger.error(error);
 110                         response.setContentType("text/html");
 111                         response.sendError(HttpServletResponse.SC_UNAUTHORIZED, error);
 112                         return;
 113                 }
 114                 user.setNonce(null);
 115                 user.setNonceExpiryDate(null);
 116                 String tokenEncoded = new String(Base64.encodeBase64(token), "US-ASCII");
 117                 response.setContentType("text/plain");
 118             PrintWriter out = response.getWriter();
 119             out.println(tokenEncoded);
 120         }
 121 }