Author: doogie
Date: Fri Jun 28 19:08:32 2013
New Revision: 1497892
URL: http://svn.apache.org/r1497892
Log:
FEATURE: Add extension points to the controller login workflow; this
allows other components to automatically insert themselves, without
having to modify any existing files. This can be used for integrating
with Jasig CAS, or with OpenID.
Added:
ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/LoginCheck.java
Modified:
ofbiz/trunk/framework/common/webcommon/WEB-INF/common-controller.xml
ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/LoginWorker.java
Modified:
ofbiz/trunk/framework/common/webcommon/WEB-INF/common-controller.xml
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/framework/common/webcommon/WEB-INF/common-controller.xml?rev=1497892&r1=1497891&r2=1497892&view=diff
==============================================================================
---
ofbiz/trunk/framework/common/webcommon/WEB-INF/common-controller.xml
(original)
+++
ofbiz/trunk/framework/common/webcommon/WEB-INF/common-controller.xml
Fri Jun 28 19:08:32 2013
@@ -32,6 +32,7 @@ under the License.
<event name="checkServletRequestRemoteUserLogin"
type="java" path="org.ofbiz.webapp.control.LoginWorker"
invoke="checkServletRequestRemoteUserLogin"/>
<event name="checkExternalLoginKey" type="java"
path="org.ofbiz.webapp.control.LoginWorker"
invoke="checkExternalLoginKey"/>
<event name="checkProtectedView" type="java"
path="org.ofbiz.webapp.control.ProtectViewWorker"
invoke="checkProtectedView"/>
+<event name="extensionConnectLogin" type="java"
path="org.ofbiz.webapp.control.LoginWorker"
invoke="extensionConnectLogin"/>
</preprocessor>
<postprocessor>
<!-- Events to run on every request after all other
processing (chains exempt) -->
@@ -41,14 +42,14 @@ under the License.
<request-map uri="checkLogin" edit="false">
<description>Verify a user is logged in.</description>
<security https="true" auth="false"/>
-<event type="java" path="org.ofbiz.webapp.control.LoginWorker"
invoke="checkLogin"/>
+<event type="java" path="org.ofbiz.webapp.control.LoginWorker"
invoke="extensionCheckLogin"/>
<response name="success" type="view" value="main"/>
<response name="error" type="view" value="login"/>
</request-map>
<request-map uri="ajaxCheckLogin" edit="false">
<description>Verify a user is logged in.</description>
<security https="true" auth="false"/>
-<event type="java" path="org.ofbiz.webapp.control.LoginWorker"
invoke="checkLogin"/>
+<event type="java" path="org.ofbiz.webapp.control.LoginWorker"
invoke="extensionCheckLogin"/>
<response name="success" type="view" value="main"/>
<response name="error" type="view" value="ajaxLogin"/>
</request-map>
Added:
ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/LoginCheck.java
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/LoginCheck.java?rev=1497892&view=auto
==============================================================================
---
ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/LoginCheck.java
(added)
+++
ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/LoginCheck.java
Fri Jun 28 19:08:32 2013
@@ -0,0 +1,28 @@
+/*******************************************************************************
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+
*******************************************************************************/
+package org.ofbiz.webapp.control;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+public interface LoginCheck {
+ boolean isEnabled();
+ String associate(HttpServletRequest request, HttpServletResponse
response);
+ String check(HttpServletRequest request, HttpServletResponse
response);
+}
Modified:
ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/LoginWorker.java
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/LoginWorker.java?rev=1497892&r1=1497891&r2=1497892&view=diff
==============================================================================
---
ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/LoginWorker.java
(original)
+++
ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/LoginWorker.java
Fri Jun 28 19:08:32 2013
@@ -25,6 +25,7 @@ import java.security.cert.X509Certificat
import java.sql.Timestamp;
import java.util.List;
import java.util.Map;
+import java.util.ServiceLoader;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
@@ -246,6 +247,56 @@ public class LoginWorker {
return userLogin;
}
+ /** This WebEvent allows for java 'services' to hook into the
login path.
+ * This method loads all instances of {@link LoginCheck}, and
calls the
+ * {@link LoginCheck#associate} method. The first
implementation to return
+ * a non-null value gets that value returned to the caller.
Returning
+ * "none" will abort processing, while anything else gets looked
up in
+ * outer view dispatch. This event is called when the current
request
+ * needs to have a validly logged in user; it is a wrapper
around {@link
+ * #checkLogin}.
+ *
+ * @param request The HTTP request object for the current JSP or
Servlet request.
+ * @param response The HTTP response object for the current JSP
or Servlet request.
+ * @return String
+ */
+ public static String extensionCheckLogin(HttpServletRequest
request, HttpServletResponse response) {
+ for (LoginCheck check: ServiceLoader.load(LoginCheck.class)) {
+ if (!check.isEnabled()) {
+ continue;
+ }
+ String result = check.associate(request, response);
+ if (result != null) {
+ return result;
+ }
+ }
+ return checkLogin(request, response);
+ }
+
+ /** This WebEvent allows for java 'services' to hook into the
login path.
+ * This method loads all instances of {@link LoginCheck}, and
calls the
+ * {@link LoginCheck#check} method. The first implementation to
return
+ * a non-null value gets that value returned to the caller.
Returning
+ * "none" will abort processing, while anything else gets looked
up in
+ * outer view dispatch; for preprocessors, only "success" makes
sense.
+ *
+ * @param request The HTTP request object for the current JSP or
Servlet request.
+ * @param response The HTTP response object for the current JSP
or Servlet request.
+ * @return String
+ */
+ public static String extensionConnectLogin(HttpServletRequest
request, HttpServletResponse response) {
+ for (LoginCheck check: ServiceLoader.load(LoginCheck.class)) {
+ if (!check.isEnabled()) {
+ continue;
+ }
+ String result = check.check(request, response);
+ if (result != null) {
+ return result;
+ }
+ }
+ return "success";
+ }
+
/**
* An HTTP WebEvent handler that checks to see is a userLogin
is logged in.
* If not, the user is forwarded to the login page.