diff --git a/src/zall/Zallery.java b/src/zall/Zallery.java index e9f8655..40a00cf 100755 --- a/src/zall/Zallery.java +++ b/src/zall/Zallery.java @@ -76,24 +76,4 @@ public class Zallery extends HttpServlet{ } } - - public static String getCookieValue(Cookie[] cookies, String name) { - if( cookies == null ) - return null; - for(Cookie cookie : cookies) { - if ( name.equals(cookie.getName()) ) - return cookie.getValue(); - } - return null; - } - - // /mywebapp/servlet/MyServlet/a/b;c=123?d=789 - public static String getUrl(HttpServletRequest req) { - String reqUri = req.getRequestURI().toString(); - String queryString = req.getQueryString(); // d=789 - if (queryString != null) { - reqUri += "?"+queryString; - } - return reqUri; - } } diff --git a/src/zall/ZalleryConstant.java b/src/zall/ZalleryConstant.java index 1757294..6b8203a 100755 --- a/src/zall/ZalleryConstant.java +++ b/src/zall/ZalleryConstant.java @@ -9,8 +9,7 @@ public interface ZalleryConstant { /** Session Constants **/ - String SESSION_KEY_USER = "zall_user"; - String SESSION_KEY_AUTH_HASH = "zall_ueser_session_hash"; + /** Language Key Constants **/ diff --git a/src/zall/ZalleryServlet.java b/src/zall/ZalleryServlet.java index e17dc90..dc7bc98 100644 --- a/src/zall/ZalleryServlet.java +++ b/src/zall/ZalleryServlet.java @@ -64,4 +64,19 @@ public abstract class ZalleryServlet extends HttpServlet { if (dispatcher != null) dispatcher.forward(request, response); } + + public void redirect(String url, HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { + if (url.startsWith("http")) + response.sendRedirect(url); + else { + if (!url.startsWith("/")) + url = "/" + url; + + String path = request.getRequestURI(); + if (!path.endsWith("/")) + path = path.substring(0, path.lastIndexOf("/")); + + response.sendRedirect(path + url); + } + } } diff --git a/src/zall/bean/User.java b/src/zall/bean/User.java index c4d6a8d..b078246 100755 --- a/src/zall/bean/User.java +++ b/src/zall/bean/User.java @@ -20,7 +20,6 @@ public class User extends DBBean{ public enum AuthType{ USER_INPUT, COOKIE } - public static final long SESSION_TIMEOUT = 1000*60*60*24*3; // 3day ttl protected String name; protected String email; @@ -51,10 +50,7 @@ public class User extends DBBean{ * Uses normal user and password to get user object, * this function will save the bean * - * @param db is the DB connection - * @param email is the email of the user - * @return The user object or null if non where found - * @throws SQLException + * @return the user object or null if non where found */ public static User load(DBConnection db, String email) throws SQLException{ PreparedStatement sql = db.getPreparedStatement( @@ -75,27 +71,14 @@ public class User extends DBBean{ * Uses a cookie value to get the user object, * this function will save the bean * - * @param db is the DB connection - * @param hash is the cookie hash - * @param request is the HTTP request object - * @return The user object or null if non where found - * @throws SQLException + * @return the user object or null if non where found */ - public static User loadByCookie(HttpServletRequest request, DBConnection db, String hash ) throws SQLException{ + public static User loadBySessionHash(DBConnection db, String hash) throws SQLException{ PreparedStatement sql = db.getPreparedStatement( "SELECT * FROM User WHERE sessionHash=? LIMIT 1"); sql.setString(1, hash); - User user = DBConnection.exec(sql, DBBeanSQLResultHandler.create(User.class, db)); - if( user != null && - user.ipHost.equals( request.getLocalName() ) && - user.loginDate.getTime()+SESSION_TIMEOUT > System.currentTimeMillis() ){ - user.loginDate = new Timestamp( System.currentTimeMillis() ); - user.save(db); - user.setAuthBy( AuthType.COOKIE ); - return user; - } - return null; + return DBConnection.exec(sql, DBBeanSQLResultHandler.create(User.class, db)); } diff --git a/src/zall/filter/AuthenticationFilter.java b/src/zall/filter/AuthenticationFilter.java index f675cdb..f91f159 100755 --- a/src/zall/filter/AuthenticationFilter.java +++ b/src/zall/filter/AuthenticationFilter.java @@ -2,6 +2,8 @@ package zall.filter; import zall.bean.User; import zall.manager.AuthenticationManager; +import zall.page.LoginServlet; +import zall.page.RegisterServlet; import javax.servlet.*; import javax.servlet.annotation.WebFilter; @@ -13,9 +15,6 @@ import java.io.IOException; */ @WebFilter(urlPatterns = "/") public class AuthenticationFilter implements Filter { - private static final String LOGIN_URI = "/login"; - private static final String REGISTER_URI = "/register"; - @Override public void init(FilterConfig filterConfig) { } @@ -26,13 +25,13 @@ public class AuthenticationFilter implements Filter { User user = null; // continue the request via the filter pipeline if it is login page or it is a isValid User - if (requestURI.equals(LOGIN_URI) || - requestURI.equals(REGISTER_URI) || + if (requestURI.equals(LoginServlet.URI) || + requestURI.equals(RegisterServlet.URI) || AuthenticationManager.isValid(user, (HttpServletRequest) request)) { chain.doFilter(request, response); } else { // do not continue the filter pipeline forward to login page - request.getRequestDispatcher(LOGIN_URI).forward(request, response); + request.getRequestDispatcher(LoginServlet.URI).forward(request, response); } } diff --git a/src/zall/manager/AuthenticationManager.java b/src/zall/manager/AuthenticationManager.java index 6ab84ec..1271fc2 100755 --- a/src/zall/manager/AuthenticationManager.java +++ b/src/zall/manager/AuthenticationManager.java @@ -1,10 +1,9 @@ package zall.manager; -import zall.Zallery; -import zall.ZalleryConstant; import zall.bean.Folder; import zall.bean.Media; import zall.bean.User; +import zall.util.ServletUtil; import zutil.Hasher; import zutil.db.DBConnection; import zutil.log.LogUtil; @@ -12,9 +11,9 @@ import zutil.log.LogUtil; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpSession; import java.sql.SQLException; +import java.sql.Timestamp; import java.util.logging.Logger; -import static zall.ZalleryConstant.SESSION_KEY_USER; /** * @@ -22,23 +21,50 @@ import static zall.ZalleryConstant.SESSION_KEY_USER; public class AuthenticationManager { private static final Logger logger = LogUtil.getLogger(); + public static final String SESSION_KEY_USER = "zall_user"; + public static final String SESSION_KEY_AUTH_HASH = "zall_ueser_session_hash"; + public static final long SESSION_TIMEOUT = 1000*60*60*24*3; // 3day + + /** * Authenticate a username and password and return the associated Uaer object */ public static User authenticate(DBConnection db, String email, String password) throws SQLException { - User authenticatedUser = null; User user = User.load(db, email); // Valid email? if( user != null ){ if (user.getPassword().equals(Hasher.MD5(password))) { - authenticatedUser = user; - authenticatedUser.setAuthBy(User.AuthType.USER_INPUT); - authenticatedUser.save(db); - logger.info("User(" + authenticatedUser.getName() + ") authenticated by "+authenticatedUser.getAuthBy()); + userAuthenticated(db, user, User.AuthType.USER_INPUT); + return user; } } - return authenticatedUser; + return null; + } + + /** + * Uses a cookie to authenticate a user, + * + * @return a user object or null authentications fails + */ + public static User authenticate(DBConnection db, HttpServletRequest request) throws SQLException{ + String sessionHash = ServletUtil.getCookieValue(request.getCookies(), SESSION_KEY_AUTH_HASH); + User user = User.loadBySessionHash(db, sessionHash); + + if( user != null && + user.getIpHost().equals(request.getRemoteAddr()) && + user.getLoginDate().getTime() + SESSION_TIMEOUT > System.currentTimeMillis()){ + userAuthenticated(db, user, User.AuthType.COOKIE); + return user; + } + return null; + } + + private static void userAuthenticated(DBConnection db, User user, User.AuthType authType) throws SQLException { + user.setLoginDate(new Timestamp(System.currentTimeMillis())); + user.setAuthBy(authType); + user.save(db); + logger.info("User(" + user.getName() + ") authenticated by " + user.getAuthBy()); } /** @@ -69,8 +95,8 @@ public class AuthenticationManager { case USER_INPUT: if (!user.isEmailVerified()) return false; case COOKIE: - String cookieHash = Zallery.getCookieValue(request.getCookies(), ZalleryConstant.SESSION_KEY_AUTH_HASH); - return user.getSessionHash().equals(cookieHash) && + String sessionHash = ServletUtil.getCookieValue(request.getCookies(), SESSION_KEY_AUTH_HASH); + return user.getSessionHash().equals(sessionHash) && user.getIpHost().equals(request.getRemoteAddr()); } return false; diff --git a/src/zall/page/ContentServlet.java b/src/zall/page/ContentServlet.java index 5aefa38..2e3ddd6 100755 --- a/src/zall/page/ContentServlet.java +++ b/src/zall/page/ContentServlet.java @@ -25,14 +25,21 @@ import zall.manager.AuthenticationManager; import zutil.db.DBConnection; import zutil.io.file.FileUtil; +import static zall.page.ContentServlet.URI_IMAGE; +import static zall.page.ContentServlet.URI_VIDEO; + /** * A headless page that provides media content. */ -@WebServlet({"/image", "/video"}) +@WebServlet({URI_IMAGE, URI_VIDEO}) public class ContentServlet extends ZalleryServlet { private static final long serialVersionUID = 1L; + public static final String URI_IMAGE = "/image"; + public static final String URI_VIDEO = "/video"; + + public void doGet(HttpServletRequest request, HttpServletResponse response, DBConnection db) throws ServletException, SQLException, IOException { String size = request.getParameter("size"); diff --git a/src/zall/page/GalleryServlet.java b/src/zall/page/GalleryServlet.java index 2fa9db0..68824a1 100755 --- a/src/zall/page/GalleryServlet.java +++ b/src/zall/page/GalleryServlet.java @@ -18,10 +18,12 @@ import java.sql.SQLException; import java.util.List; import java.util.logging.Logger; -@WebServlet("/gallery") + +@WebServlet(GalleryServlet.URI) public class GalleryServlet extends ZalleryServlet { private static Logger logger = LogUtil.getLogger(); + public static final String URI = "/gallery"; public static final String JSP_FILE = "page_gallery.jsp"; diff --git a/src/zall/page/LoginServlet.java b/src/zall/page/LoginServlet.java index 36f8083..5e2cc75 100755 --- a/src/zall/page/LoginServlet.java +++ b/src/zall/page/LoginServlet.java @@ -15,15 +15,29 @@ import java.io.IOException; import java.sql.SQLException; import java.util.logging.Logger; -@WebServlet("/login") + +@WebServlet(LoginServlet.URI) public class LoginServlet extends ZalleryServlet { private static Logger logger = LogUtil.getLogger(); + public static final String URI = "/login"; private static final String JSP_FILE = "page_login.jsp"; - public void doGet(HttpServletRequest request, HttpServletResponse response, DBConnection db) throws ServletException, IOException { - include(JSP_FILE, request, response); + public void doGet(HttpServletRequest request, HttpServletResponse response, DBConnection db) throws ServletException, IOException, SQLException { + // User already logged in? + User user = AuthenticationManager.getUserSession(request.getSession()); + + // Authenticate with cookies + if (user == null) + user = AuthenticationManager.authenticate(db, request); + + // Forward user + if (user != null) { + include(JSP_FILE, request, response); + } else { + redirect(GalleryServlet.URI, request, response); + } } diff --git a/src/zall/page/LogoutServlet.java b/src/zall/page/LogoutServlet.java index bb78386..1f99e1f 100755 --- a/src/zall/page/LogoutServlet.java +++ b/src/zall/page/LogoutServlet.java @@ -14,9 +14,11 @@ import java.sql.SQLException; /** * */ -@WebServlet(urlPatterns = "/logout") +@WebServlet(LogoutServlet.URI) public class LogoutServlet extends ZalleryServlet { + public static final String URI = "/logout"; + public void doGet(HttpServletRequest request, HttpServletResponse response, DBConnection db) throws SQLException, IOException { User user = AuthenticationManager.getUserSession(request.getSession()); diff --git a/src/zall/page/MediaServlet.java b/src/zall/page/MediaServlet.java index 3d30fcb..b5abc49 100755 --- a/src/zall/page/MediaServlet.java +++ b/src/zall/page/MediaServlet.java @@ -18,10 +18,11 @@ import java.sql.SQLException; import java.util.logging.Level; import java.util.logging.Logger; -@WebServlet("/media") +@WebServlet(MediaServlet.URI) public class MediaServlet extends ZalleryServlet { private static Logger logger = LogUtil.getLogger(); + public static final String URI = "/media"; private static final String JSP_FILE = "page_media.jsp"; diff --git a/src/zall/page/ProfileServlet.java b/src/zall/page/ProfileServlet.java index 663add1..6067ec9 100755 --- a/src/zall/page/ProfileServlet.java +++ b/src/zall/page/ProfileServlet.java @@ -15,10 +15,11 @@ import java.io.IOException; import java.sql.SQLException; import java.util.logging.Logger; -@WebServlet("/profile") +@WebServlet(ProfileServlet.URI) public class ProfileServlet extends ZalleryServlet { private static Logger logger = LogUtil.getLogger(); + public static final String URI = "/profile"; private static final String JSP_FILE = "page_profile.jsp"; diff --git a/src/zall/page/RegisterServlet.java b/src/zall/page/RegisterServlet.java index d41ae4d..8d39d9a 100755 --- a/src/zall/page/RegisterServlet.java +++ b/src/zall/page/RegisterServlet.java @@ -16,10 +16,11 @@ import java.io.IOException; import java.sql.SQLException; import java.util.logging.Logger; -@WebServlet("/register") +@WebServlet(RegisterServlet.URI) public class RegisterServlet extends ZalleryServlet { private static Logger logger = LogUtil.getLogger(); + public static final String URI = "/register"; private static final String JSP_FILE = "page_register.jsp"; private static final String INPUT_ID_FIRST_NAME = "first-name"; diff --git a/src/zall/page/SlideshowServlet.java b/src/zall/page/SlideshowServlet.java index 66c2a57..4812602 100755 --- a/src/zall/page/SlideshowServlet.java +++ b/src/zall/page/SlideshowServlet.java @@ -14,10 +14,11 @@ import java.sql.SQLException; import java.util.List; import java.util.logging.Logger; -@WebServlet("/slideshow") +@WebServlet(SlideshowServlet.URI) public class SlideshowServlet extends ZalleryServlet { private static Logger logger = LogUtil.getLogger(); + public static final String URI = "/slideshow"; private static final String JSP_FILE = "page_slideshow.jsp"; diff --git a/src/zall/page/UserListServlet.java b/src/zall/page/UserListServlet.java index 7756f77..1af4a9c 100755 --- a/src/zall/page/UserListServlet.java +++ b/src/zall/page/UserListServlet.java @@ -14,10 +14,11 @@ import java.sql.SQLException; import java.util.List; import java.util.logging.Logger; -@WebServlet("/users") +@WebServlet(UserListServlet.URI) public class UserListServlet extends ZalleryServlet { private static Logger logger = LogUtil.getLogger(); + public static final String URI = "/users"; private static final String JSP_FILE = "page_users.jsp"; diff --git a/src/zall/util/ServletUtil.java b/src/zall/util/ServletUtil.java new file mode 100644 index 0000000..80fe8c2 --- /dev/null +++ b/src/zall/util/ServletUtil.java @@ -0,0 +1,30 @@ +package zall.util; + +import javax.servlet.http.Cookie; +import javax.servlet.http.HttpServletRequest; + + +public class ServletUtil { + + public static String getCookieValue(Cookie[] cookies, String name) { + if( cookies == null ) + return null; + + for(Cookie cookie : cookies) { + if (name.equals(cookie.getName())) + return cookie.getValue(); + } + return null; + } + + // /mywebapp/servlet/MyServlet/a/b;c=123?d=789 + public static String getUrl(HttpServletRequest req) { + String reqUri = req.getRequestURI(); + String queryString = req.getQueryString(); // d=789 + if (queryString != null) { + reqUri += "?"+queryString; + } + return reqUri; + } + +}