2 * Copyright 2008, 2009 Electronic Business Systems Ltd.
4 * This file is part of GSS.
6 * GSS is free software: you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation, either version 3 of the License, or
9 * (at your option) any later version.
11 * GSS is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with GSS. If not, see <http://www.gnu.org/licenses/>.
19 package gr.ebs.gss.server;
21 import static gr.ebs.gss.server.configuration.GSSConfigurationFactory.getConfiguration;
22 import gr.ebs.gss.client.exceptions.ObjectNotFoundException;
23 import gr.ebs.gss.client.exceptions.RpcException;
24 import gr.ebs.gss.server.domain.User;
25 import gr.ebs.gss.server.ejb.ExternalAPI;
27 import java.io.IOException;
28 import java.io.PrintWriter;
29 import java.net.URLEncoder;
31 import javax.naming.Context;
32 import javax.naming.InitialContext;
33 import javax.naming.NamingException;
34 import javax.rmi.PortableRemoteObject;
35 import javax.servlet.http.HttpServlet;
36 import javax.servlet.http.HttpServletRequest;
37 import javax.servlet.http.HttpServletResponse;
39 import org.apache.commons.codec.binary.Base64;
40 import org.apache.commons.logging.Log;
41 import org.apache.commons.logging.LogFactory;
44 * The servlet that handles authentication token retrieval.
48 public class TokenRetriever extends HttpServlet {
50 * The serial version UID of the class.
52 private static final long serialVersionUID = 1L;
55 * The request parameter name for the nonce.
57 private static final String NONCE_PARAM = "nonce";
60 * The request parameter name for the user.
62 private static final String USER_PARAM = "user";
67 private static Log logger = LogFactory.getLog(TokenRetriever.class);
70 * A helper method that retrieves a reference to the ExternalAPI bean and
71 * stores it for future use.
73 * @return an ExternalAPI instance
74 * @throws RpcException in case an error occurs
76 private ExternalAPI getService() throws RpcException {
78 final Context ctx = new InitialContext();
79 final Object ref = ctx.lookup(getConfiguration().getString("externalApiPath"));
80 return (ExternalAPI) PortableRemoteObject.narrow(ref, ExternalAPI.class);
81 } catch (final NamingException e) {
82 logger.error("Unable to retrieve the ExternalAPI EJB", e);
83 throw new RpcException("An error occurred while contacting the naming service");
88 public void service(HttpServletRequest request, HttpServletResponse response) throws IOException {
89 String username = request.getParameter(USER_PARAM);
90 String nonceEncoded = request.getParameter(NONCE_PARAM);
92 if (username == null) {
93 String error = "No username supplied";
95 response.setContentType("text/html");
96 response.sendError(HttpServletResponse.SC_FORBIDDEN, error);
99 if (nonceEncoded == null) {
100 String error = "No nonce supplied";
102 response.setContentType("text/html");
103 response.sendError(HttpServletResponse.SC_FORBIDDEN, error);
106 nonceEncoded = URLEncoder.encode(nonceEncoded, "US-ASCII");
108 user = getService().findUser(username);
110 String error = "User was not found";
112 response.setContentType("text/html");
113 response.sendError(HttpServletResponse.SC_FORBIDDEN, error);
116 String nonce = user.getNonce();
117 if (nonce == null || !nonce.equals(nonceEncoded))
118 throw new ObjectNotFoundException("No match found");
119 } catch (RpcException e) {
120 String error = "An error occurred while communicating with the service";
121 logger.error(error, e);
122 response.setContentType("text/html");
123 response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, error);
125 } catch (ObjectNotFoundException e) {
126 logger.info(e.getMessage());
127 response.setContentType("text/html");
128 response.sendError(HttpServletResponse.SC_FORBIDDEN, e.getMessage());
131 byte[] token = user.getAuthToken();
133 String error = "Authentication token invalid";
135 response.setContentType("text/html");
136 response.sendError(HttpServletResponse.SC_UNAUTHORIZED, error);
140 user.setNonceExpiryDate(null);
141 String tokenEncoded = new String(Base64.encodeBase64(token), "US-ASCII");
142 response.setContentType("text/plain");
143 PrintWriter out = response.getWriter();
144 out.println(tokenEncoded);