ziver/zallery
1
0
Fork 0
Code Pull requests Releases Activity

Added whitelist pages

Browse source
This commit is contained in:
Ziver Koc 2018-08-04 23:15:51 +02:00
parent a4eb5c613d
commit d6bd76e408
5 changed files with 41 additions and 20 deletions
Download patch file Download diff file Expand all files Collapse all files

12
WebContent/page_login.jsp
View file

@ -16,14 +16,14 @@
<div class="form-bottom">
<form role="form" action="" method="post" class="login-form">
<div class="form-group">
<label class="sr-only" for="form-username">Username</label>
<input type="text" name="form-username" placeholder="Username..."
class="form-username form-control" id="form-username">
<label class="sr-only" for="email">Username</label>
<input type="text" name="email" placeholder="Email..."
class="form-username form-control" id="email">
</div>
<div class="form-group">
<label class="sr-only" for="form-password">Password</label>
<input type="password" name="form-password" placeholder="Password..."
class="form-password form-control" id="form-password">
<label class="sr-only" for="password">Password</label>
<input type="password" name="password" placeholder="Password..."
class="form-password form-control" id="password">
</div>
<button type="submit" class="btn">Sign in!</button>
</form>

2
src/zall/ZalleryServlet.java
View file

@ -65,7 +65,7 @@ public abstract class ZalleryServlet extends HttpServlet {
dispatcher.forward(request, response);
}
public void redirect(String url, HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
public static void redirect(String url, HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
if (url.startsWith("http"))
response.sendRedirect(url);
else {

30
src/zall/filter/AuthenticationFilter.java
View file

@ -4,6 +4,7 @@ import zall.bean.User;
import zall.manager.AuthenticationManager;
import zall.page.LoginServlet;
import zall.page.RegisterServlet;
import zutil.ObjectUtil;
import zutil.log.LogUtil;
import javax.servlet.*;
@ -13,12 +14,17 @@ import java.io.IOException;
import java.util.logging.Logger;
/**
* This filter will check if user is isValid if not will redirect to /login page
* This filter will check if user is valid, if not it will redirect to the login page
*/
@WebFilter(urlPatterns = "/")
@WebFilter("/*")
public class AuthenticationFilter implements Filter {
private static final Logger logger = LogUtil.getLogger();
private static final String[] WHITELIST = new String[]{
LoginServlet.URI,
RegisterServlet.URI
};
@Override
public void init(FilterConfig filterConfig) { }
@ -28,11 +34,12 @@ public class AuthenticationFilter implements Filter {
User user = null;
// continue the request via the filter pipeline if it is login page or it is a isValid User
if (requestURI.equals(LoginServlet.URI) ||
requestURI.equals(RegisterServlet.URI) ||
AuthenticationManager.isValid(user, (HttpServletRequest) request)) {
if (AuthenticationManager.isValid(user, (HttpServletRequest) request)) {
logger.finest("User already authenticated, continuing filter chain.");
chain.doFilter(request, response);
} else if (isWhitelisted(requestURI)){
logger.fine("Continuing filtering chain for whitelisted page: " + requestURI);
chain.doFilter(request, response);
} else {
// do not continue the filter pipeline forward to login page
logger.fine("User not authenticated, redirecting to login page.");
@ -40,6 +47,17 @@ public class AuthenticationFilter implements Filter {
}
}
private boolean isWhitelisted(String requestURI) {
if (ObjectUtil.isEmpty(requestURI))
return false;
for (String whitelistURI : WHITELIST) {
if (requestURI.endsWith(whitelistURI))
return true;
}
return false;
}
@Override
public void destroy() { }
public void destroy() { }
}

4
src/zall/manager/AuthenticationManager.java
View file

@ -39,10 +39,10 @@ public class AuthenticationManager {
setUserAuthenticated(db, user, User.AuthType.USER_INPUT, request, response);
return user;
} else {
logger.info("Incorrect password for username: " + user);
logger.info("Incorrect password for username: " + email);
}
} else {
logger.info("Incorrect username provided: " + user);
logger.info("Incorrect username provided: " + email);
}
return null;
}

13
src/zall/page/LoginServlet.java
View file

@ -20,9 +20,12 @@ import java.util.logging.Logger;
public class LoginServlet extends ZalleryServlet {
private static Logger logger = LogUtil.getLogger();
public static final String URI = "/login";
public static final String URI = "/login";
private static final String JSP_FILE = "page_login.jsp";
private static final String FORM_EMAIL = "email";
private static final String FORM_PASSWORD = "password";
public void doGet(HttpServletRequest request, HttpServletResponse response, DBConnection db) throws ServletException, IOException, SQLException {
// User already logged in?
@ -34,10 +37,10 @@ public class LoginServlet extends ZalleryServlet {
// Forward user
if (user != null) {
include(JSP_FILE, request, response);
} else {
logger.fine("User(" + user.getEmail() + ") already authenticated, forwarding to gallery.");
redirect(GalleryServlet.URI, request, response);
} else {
include(JSP_FILE, request, response);
}
}
@ -45,8 +48,8 @@ public class LoginServlet extends ZalleryServlet {
public void doPost(HttpServletRequest request, HttpServletResponse response, DBConnection db) throws SQLException, ServletException, IOException {
UserMessage msgs = UserMessage.getUserMessage(request.getSession());
User user = AuthenticationManager.authenticate(db,
request.getParameter("email"),
request.getParameter("password"),
request.getParameter(FORM_EMAIL),
request.getParameter(FORM_PASSWORD),
request, response);
// Successful login