Redirect to login for browser requests without a cookie present and also for requests...

[pithos] / src / gr / ebs / gss / server / Login.java

diff --git a/src/gr/ebs/gss/server/Login.java b/src/gr/ebs/gss/server/Login.java
index b0a715f..c577969 100644 (file)
--- a/src/gr/ebs/gss/server/Login.java
+++ b/src/gr/ebs/gss/server/Login.java
@@ -32,6 +32,7 @@ import java.io.UnsupportedEncodingException;
 import java.net.URI;
 import java.net.URISyntaxException;
 import java.net.URLEncoder;
+import java.util.Date;
 import java.util.Formatter;
 
 import javax.naming.Context;
@@ -78,12 +79,12 @@ public class Login extends HttpServlet {
        /**
         * The name of the authentication cookie.
         */
-       private static final String AUTH_COOKIE = "_gss_a";
+       public static final String AUTH_COOKIE = "_gss_a";
 
        /**
         * The separator character for the authentication cookie.
         */
-       private static final char COOKIE_SEPARATOR = '|';
+       public static final char COOKIE_SEPARATOR = '|';
 
        /**
         * The name of the the webdav cookie.
@@ -129,7 +130,7 @@ public class Login extends HttpServlet {
                String[] attrs = new String[] {"REMOTE_USER", "HTTP_SHIB_INETORGPERSON_DISPLAYNAME",
                                        "HTTP_SHIB_INETORGPERSON_GIVENNAME", "HTTP_SHIB_PERSON_COMMONNAME",
                                        "HTTP_SHIB_PERSON_SURNAME", "HTTP_SHIB_INETORGPERSON_MAIL",
-                                       "HTTP_SHIB_EP_UNSCOPEDAFFILIATION"};
+                                       "HTTP_SHIB_EP_UNSCOPEDAFFILIATION", "HTTP_PERSISTENT_ID"};
                StringBuilder buf = new StringBuilder("Shibboleth Attributes\n");
                for (String attr: attrs)
                        buf.append(attr+": ").append(request.getAttribute(attr)).append('\n');
@@ -150,6 +151,7 @@ public class Login extends HttpServlet {
                Object snAttr = request.getAttribute("HTTP_SHIB_PERSON_SURNAME"); // Multi-valued
                Object mailAttr = request.getAttribute("HTTP_SHIB_INETORGPERSON_MAIL"); // Multi-valued
                Object userclassAttr = request.getAttribute("HTTP_SHIB_EP_UNSCOPEDAFFILIATION"); // Multi-valued
+               Object persistentIdAttr = request.getAttribute("HTTP_PERSISTENT_ID");
                // Use a configured test username if found, as a shortcut for development deployments.
                String gwtServer = null;
                if (getConfiguration().getString("testUsername") != null) {
@@ -197,10 +199,20 @@ public class Login extends HttpServlet {
                String userclass = userclassAttr != null ? userclassAttr.toString() : "";
                if (userclass.indexOf(';') != -1)
                        userclass = userclass.substring(0, userclass.indexOf(';'));
+               String persistentId = persistentIdAttr != null ? persistentIdAttr.toString() : "";
+               String idp = "";
+               String idpid = "";
+               if (!persistentId.isEmpty()) {
+                       int bang = persistentId.indexOf('!');
+                       if (bang > -1) {
+                               idp = persistentId.substring(0, bang);
+                               idpid = persistentId.substring(bang + 1);
+                       }
+               }
                try {
                        user = getService().findUser(username);
                        if (user == null)
-                               user = getService().createUser(username, name, mail);
+                               user = getService().createUser(username, name, mail, idp, idpid);
                        if (!user.hasAcceptedPolicy()) {
                                String policyUrl = "policy.jsp";
                                if (request.getQueryString() != null)
@@ -208,26 +220,19 @@ public class Login extends HttpServlet {
                                response.sendRedirect(policyUrl);
                                return;
                        }
-                       // Update the user name and e-mail if modified.
-                       boolean update = false;
-                       if (!user.getName().equals(name)) {
-                               user.setName(name);
-                               update = true;
-                       }
-                       if (!user.getEmail().equals(mail)) {
-                               user.setEmail(mail);
-                               update = true;
-                       }
+                       user.setName(name);
+                       user.setEmail(mail);
+                       user.setIdentityProvider(idp);
+                       user.setIdentityProviderId(idpid);
+                       user.setLastLogin(new Date());
                        if (user.getAuthToken() == null)
                                user = getService().updateUserToken(user.getId());
                        // Set WebDAV password to token if it's never been set.
-                       if (user.getWebDAVPassword()==null || user.getWebDAVPassword().length()==0) {
+                       if (user.getWebDAVPassword() == null || user.getWebDAVPassword().length() == 0) {
                                String tokenEncoded = new String(Base64.encodeBase64(user.getAuthToken()), "US-ASCII");
                                user.setWebDAVPassword(tokenEncoded);
-                               update = true;
                        }
-                       if (update)
-                               getService().updateUser(user);
+                       getService().updateUser(user);
                } catch (RpcException e) {
                        String error = "An error occurred while communicating with the service";
                        logger.error(error, e);
@@ -262,7 +267,7 @@ public class Login extends HttpServlet {
                                nextUrl += "?u=" + userEncoded + "&t=" + tokenEncoded;
                        else {
                                String domain = next.getHost();
-                               String path = next.getPath();
+                               String path = getServletContext().getContextPath() + '/';
                                Cookie cookie = new Cookie(AUTH_COOKIE, userEncoded + COOKIE_SEPARATOR +
                                                        tokenEncoded);
                                cookie.setMaxAge(-1);