grid/src/main/java/org/apache/oodt/grid/LoginServlet.java - oodt - Git at Google

 /**
  * Licensed to the Apache Software Foundation (ASF) under one or more
  * contributor license agreements.  See the NOTICE file distributed with
  * this work for additional information regarding copyright ownership.
  * The ASF licenses this file to You under the Apache License, Version 2.0
  * (the "License"); you may not use this file except in compliance with
  * the License.  You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 package org.apache.oodt.grid;

 import java.io.IOException;
 import java.util.Arrays;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;

 /**
  * Controller servlet that authenticates the administrator password.
  *
  */
 public class LoginServlet extends GridServlet {
 	/**
 	 * Handle authentication from an administrator.
 	 *
 	 * @param req a <code>HttpServletRequest</code> value.
 	 * @param res a <code>HttpServletResponse</code> value.
 	 * @throws ServletException if an error occurs.
 	 * @throws IOException if an error occurs.
 	 */
 	public void doPost(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException {
 		Configuration config = getConfiguration();			       // Get configuration
 		if (!approveAccess(config, req, res)) return;			       // Do https, localhost checking first

 		ConfigBean cb = getConfigBean(req);				       // Get bean
 		if (cb.isAuthentic()) {						       // Already authentic?
 			req.getRequestDispatcher("config.jsp").forward(req, res);      // Back to the config page with you!
 			return;
 		}

 		String password = req.getParameter("password");			       // Get submitted password
 		if (password == null) password = "";				       // If none, use an empty string
 		byte[] bytes = password.getBytes();				       // Get the bytes
 		if (!Arrays.equals(config.getPassword(), bytes)) {		       // Compare to stored password bytes
 			cb.setMessage("Password incorrect");			       // Not equal!  Set message.
 			throw new ServletException(new AuthenticationRequiredException());
 		} else {
 			cb.setMessage("");					       // Equal, clear message
 			cb.setAuthentic(true);					       // You are now authenticated
 			req.getRequestDispatcher("config.jsp").forward(req, res);      // To the config page with you!
 		}
 	}
 }
	/**
	* Licensed to the Apache Software Foundation (ASF) under one or more
	* contributor license agreements. See the NOTICE file distributed with
	* this work for additional information regarding copyright ownership.
	* The ASF licenses this file to You under the Apache License, Version 2.0
	* (the "License"); you may not use this file except in compliance with
	* the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	package org.apache.oodt.grid;

	import java.io.IOException;
	import java.util.Arrays;
	import javax.servlet.ServletException;
	import javax.servlet.http.HttpServletRequest;
	import javax.servlet.http.HttpServletResponse;

	/**
	* Controller servlet that authenticates the administrator password.
	*
	*/
	public class LoginServlet extends GridServlet {
	/**
	* Handle authentication from an administrator.
	*
	* @param req a <code>HttpServletRequest</code> value.
	* @param res a <code>HttpServletResponse</code> value.
	* @throws ServletException if an error occurs.
	* @throws IOException if an error occurs.
	*/
	public void doPost(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException {
	Configuration config = getConfiguration(); // Get configuration
	if (!approveAccess(config, req, res)) return; // Do https, localhost checking first

	ConfigBean cb = getConfigBean(req); // Get bean
	if (cb.isAuthentic()) { // Already authentic?
	req.getRequestDispatcher("config.jsp").forward(req, res); // Back to the config page with you!
	return;
	}

	String password = req.getParameter("password"); // Get submitted password
	if (password == null) password = ""; // If none, use an empty string
	byte[] bytes = password.getBytes(); // Get the bytes
	if (!Arrays.equals(config.getPassword(), bytes)) { // Compare to stored password bytes
	cb.setMessage("Password incorrect"); // Not equal! Set message.
	throw new ServletException(new AuthenticationRequiredException());
	} else {
	cb.setMessage(""); // Equal, clear message
	cb.setAuthentic(true); // You are now authenticated
	req.getRequestDispatcher("config.jsp").forward(req, res); // To the config page with you!
	}
	}
	}