ziver/zallery
1
0
Fork 0
Code Pull requests Releases Activity

Added whitelist pages

Browse source
This commit is contained in:
Ziver Koc 2018-08-04 23:15:51 +02:00
parent a4eb5c613d
commit d6bd76e408
5 changed files with 41 additions and 20 deletions
Download patch file Download diff file Expand all files Collapse all files

12
WebContent/page_login.jsp
View file

@ -16,14 +16,14 @@
<div class="form-bottom"> <div class="form-bottom">
<form role="form" action="" method="post" class="login-form"> <form role="form" action="" method="post" class="login-form">
<div class="form-group"> <div class="form-group">
<label class="sr-only" for="form-username">Username</label> <label class="sr-only" for="email">Username</label>
<input type="text" name="form-username" placeholder="Username..." <input type="text" name="email" placeholder="Email..."
class="form-username form-control" id="form-username"> class="form-username form-control" id="email">
</div> </div>
<div class="form-group"> <div class="form-group">
<label class="sr-only" for="form-password">Password</label> <label class="sr-only" for="password">Password</label>
<input type="password" name="form-password" placeholder="Password..." <input type="password" name="password" placeholder="Password..."
class="form-password form-control" id="form-password"> class="form-password form-control" id="password">
</div> </div>
<button type="submit" class="btn">Sign in!</button> <button type="submit" class="btn">Sign in!</button>
</form> </form>

2
src/zall/ZalleryServlet.java
View file

@ -65,7 +65,7 @@ public abstract class ZalleryServlet extends HttpServlet {
dispatcher.forward(request, response); dispatcher.forward(request, response);
} }
public void redirect(String url, HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { public static void redirect(String url, HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
if (url.startsWith("http")) if (url.startsWith("http"))
response.sendRedirect(url); response.sendRedirect(url);
else { else {

30
src/zall/filter/AuthenticationFilter.java
View file

@ -4,6 +4,7 @@ import zall.bean.User;
import zall.manager.AuthenticationManager; import zall.manager.AuthenticationManager;
import zall.page.LoginServlet; import zall.page.LoginServlet;
import zall.page.RegisterServlet; import zall.page.RegisterServlet;
import zutil.ObjectUtil;
import zutil.log.LogUtil; import zutil.log.LogUtil;
import javax.servlet.*; import javax.servlet.*;
@ -13,12 +14,17 @@ import java.io.IOException;
import java.util.logging.Logger; import java.util.logging.Logger;
/** /**
* This filter will check if user is isValid if not will redirect to /login page * This filter will check if user is valid, if not it will redirect to the login page
*/ */
@WebFilter(urlPatterns = "/") @WebFilter("/*")
public class AuthenticationFilter implements Filter { public class AuthenticationFilter implements Filter {
private static final Logger logger = LogUtil.getLogger(); private static final Logger logger = LogUtil.getLogger();
private static final String[] WHITELIST = new String[]{
LoginServlet.URI,
RegisterServlet.URI
};
@Override @Override
public void init(FilterConfig filterConfig) { } public void init(FilterConfig filterConfig) { }
@ -28,11 +34,12 @@ public class AuthenticationFilter implements Filter {
User user = null; User user = null;
// continue the request via the filter pipeline if it is login page or it is a isValid User // continue the request via the filter pipeline if it is login page or it is a isValid User
if (requestURI.equals(LoginServlet.URI) || if (AuthenticationManager.isValid(user, (HttpServletRequest) request)) {
requestURI.equals(RegisterServlet.URI) ||
AuthenticationManager.isValid(user, (HttpServletRequest) request)) {
logger.finest("User already authenticated, continuing filter chain."); logger.finest("User already authenticated, continuing filter chain.");
chain.doFilter(request, response); chain.doFilter(request, response);
} else if (isWhitelisted(requestURI)){
logger.fine("Continuing filtering chain for whitelisted page: " + requestURI);
chain.doFilter(request, response);
} else { } else {
// do not continue the filter pipeline forward to login page // do not continue the filter pipeline forward to login page
logger.fine("User not authenticated, redirecting to login page."); logger.fine("User not authenticated, redirecting to login page.");
@ -40,6 +47,17 @@ public class AuthenticationFilter implements Filter {
} }
} }
private boolean isWhitelisted(String requestURI) {
if (ObjectUtil.isEmpty(requestURI))
return false;
for (String whitelistURI : WHITELIST) {
if (requestURI.endsWith(whitelistURI))
return true;
}
return false;
}
@Override @Override
public void destroy() { } public void destroy() { }
} }

4
src/zall/manager/AuthenticationManager.java
View file

@ -39,10 +39,10 @@ public class AuthenticationManager {
setUserAuthenticated(db, user, User.AuthType.USER_INPUT, request, response); setUserAuthenticated(db, user, User.AuthType.USER_INPUT, request, response);
return user; return user;
} else { } else {
logger.info("Incorrect password for username: " + user); logger.info("Incorrect password for username: " + email);
} }
} else { } else {
logger.info("Incorrect username provided: " + user); logger.info("Incorrect username provided: " + email);
} }
return null; return null;
} }

13
src/zall/page/LoginServlet.java
View file

@ -20,9 +20,12 @@ import java.util.logging.Logger;
public class LoginServlet extends ZalleryServlet { public class LoginServlet extends ZalleryServlet {
private static Logger logger = LogUtil.getLogger(); private static Logger logger = LogUtil.getLogger();
public static final String URI = "/login"; public static final String URI = "/login";
private static final String JSP_FILE = "page_login.jsp"; private static final String JSP_FILE = "page_login.jsp";
private static final String FORM_EMAIL = "email";
private static final String FORM_PASSWORD = "password";
public void doGet(HttpServletRequest request, HttpServletResponse response, DBConnection db) throws ServletException, IOException, SQLException { public void doGet(HttpServletRequest request, HttpServletResponse response, DBConnection db) throws ServletException, IOException, SQLException {
// User already logged in? // User already logged in?
@ -34,10 +37,10 @@ public class LoginServlet extends ZalleryServlet {
// Forward user // Forward user
if (user != null) { if (user != null) {
include(JSP_FILE, request, response);
} else {
logger.fine("User(" + user.getEmail() + ") already authenticated, forwarding to gallery."); logger.fine("User(" + user.getEmail() + ") already authenticated, forwarding to gallery.");
redirect(GalleryServlet.URI, request, response); redirect(GalleryServlet.URI, request, response);
} else {
include(JSP_FILE, request, response);
} }
} }
@ -45,8 +48,8 @@ public class LoginServlet extends ZalleryServlet {
public void doPost(HttpServletRequest request, HttpServletResponse response, DBConnection db) throws SQLException, ServletException, IOException { public void doPost(HttpServletRequest request, HttpServletResponse response, DBConnection db) throws SQLException, ServletException, IOException {
UserMessage msgs = UserMessage.getUserMessage(request.getSession()); UserMessage msgs = UserMessage.getUserMessage(request.getSession());
User user = AuthenticationManager.authenticate(db, User user = AuthenticationManager.authenticate(db,
request.getParameter("email"), request.getParameter(FORM_EMAIL),
request.getParameter("password"), request.getParameter(FORM_PASSWORD),
request, response); request, response);
// Successful login // Successful login