<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> <%@ page trimDirectiveWhitespaces="true" %> <%@ page import="org.crosswire.utils.Utils" %> <%@ page import="org.crosswire.webtools.RightsAndRoles" %> <%@ page import="org.crosswire.webtools.RightsAndRoles.User" %> <%@ page import="org.crosswire.webtools.annotation.*" %> <%@ page import="org.crosswire.webtools.*" %> <%@ page import="javax.validation.constraints.NotNull" %> <%@ page import="javax.validation.constraints.Pattern" %> <%@ page import="org.crosswire.community.projects.ntmss.data.Transcription" %> <%@ page import="java.util.Map" %> <%@ page import="java.util.HashMap" %> <%! @Description(value = "Authenticate to the system and establish a session.", name = "auth/session/open") public static class MyParameters extends Parameters { @NotNull @Description(value = "login user name (screen name)") public String userName; @Description(value = "internal") public String userID; @NotNull @Description(value = "login password") public String passwd; @Description(value = "What should be returned. Options are 'user' and 'sessionHashOnly'", example = "sessionHashOnly", defaultValue = "user") public String detail = "user"; @Pattern(regexp = "^(sessionHashOnly|json|xml|csv|gchart)([ +].+)?$", message = "Valid response formats: \"json\", \"xml\", \"csv\", or \"gchart\" (not all endpoints support gchart)") @Description(value = "session response output format (json|xml|csv|gchart)", example = "json", defaultValue = "xml") public String format = null; @Override protected void afterLoad() { if ("sessionHashOnly".equals(format)) { detail = format; format = null; } // since we shadow super.format in our class to update the regex validation super.format = format; userName = Transcription.assureUnicode(userName); if (userName == null) userName = userID; passwd = Transcription.assureUnicode(passwd); } @Override protected void customValidation() { if (userName != null && passwd != null) { String userData = null; try { Map userDataMap = new HashMap(); if (format != null && !"sessionHashOnly".equals(format)) userDataMap.put("format", format); userData = Serializer.toJSON(userDataMap); } catch (Exception e) {/* ignore format if we have troubles */ } getLogger().info("VMR web services auth/session/open: requested auth for user: " + userName); // if our portal is logging us in, check to be sure the request came for an authorized IP address if ("LOCALLIFERAY".equals(passwd)) { String localServers = Utils.getSysConfig().getProperty("AllowLocalAuthFrom"); if (localServers != null) { for (String l : localServers.split(",")) { if (l.equals(request.getRemoteAddr())) { user = RightsAndRoles.getInstance().getUser(Integer.parseInt(userName)); break; } } } if (user == null) { getLogger().info("VMR web services auth/session/open: local auth attempted but not allowed from IP: " + request.getRemoteAddr() + ". check that your community/WEB-INF/sysconfig.properties has: AllowLocalAuthFrom=" + request.getRemoteAddr()); } } else { user = RightsAndRoles.getInstance().authenticateUser(userName, passwd, userData); getLogger().info("user after login: " + user); } } } } %> <% MyParameters params = new MyParameters().loadFromRequest(request, response, false); if (params.getErrors().size() == 0) { if (params.getUser() != null) { params.getLogger().info("VMR web services auth/session/open: authentication succeeded for user: " + params.getUser().getUserName()); String sessionHash = RightsAndRoles.getInstance().openSession(params.getUser(), response); if ("sessionHashOnly".equals(params.detail)) { response.setContentType("text/plain"); out.print(sessionHash); return; } Serializer.output(response, out, params, params.getUser()); return; } else { params.addError(-1, "authentication failed for user: " + params.userName, 401); } } else ((Parameters)params).format = "html"; Serializer.reportErrors(request, response, out, params); %>