Author: doogie Date: Fri Jun 28 19:08:32 2013 New Revision: 1497892 URL: http://svn.apache.org/r1497892 Log: FEATURE: Add extension points to the controller login workflow; this allows other components to automatically insert themselves, without having to modify any existing files. This can be used for integrating with Jasig CAS, or with OpenID.
Added: ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/LoginCheck.java Modified: ofbiz/trunk/framework/common/webcommon/WEB-INF/common-controller.xml ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/LoginWorker.java Modified: ofbiz/trunk/framework/common/webcommon/WEB-INF/common-controller.xml URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/common/webcommon/WEB-INF/common-controller.xml?rev=1497892&r1=1497891&r2=1497892&view=diff ============================================================================== --- ofbiz/trunk/framework/common/webcommon/WEB-INF/common-controller.xml (original) +++ ofbiz/trunk/framework/common/webcommon/WEB-INF/common-controller.xml Fri Jun 28 19:08:32 2013 @@ -32,6 +32,7 @@ under the License. <event name="checkServletRequestRemoteUserLogin" type="java" path="org.ofbiz.webapp.control.LoginWorker" invoke="checkServletRequestRemoteUserLogin"/> <event name="checkExternalLoginKey" type="java" path="org.ofbiz.webapp.control.LoginWorker" invoke="checkExternalLoginKey"/> <event name="checkProtectedView" type="java" path="org.ofbiz.webapp.control.ProtectViewWorker" invoke="checkProtectedView"/> + <event name="extensionConnectLogin" type="java" path="org.ofbiz.webapp.control.LoginWorker" invoke="extensionConnectLogin"/> </preprocessor> <postprocessor> <!-- Events to run on every request after all other processing (chains exempt) --> @@ -41,14 +42,14 @@ under the License. <request-map uri="checkLogin" edit="false"> <description>Verify a user is logged in.</description> <security https="true" auth="false"/> - <event type="java" path="org.ofbiz.webapp.control.LoginWorker" invoke="checkLogin"/> + <event type="java" path="org.ofbiz.webapp.control.LoginWorker" invoke="extensionCheckLogin"/> <response name="success" type="view" value="main"/> <response name="error" type="view" value="login"/> </request-map> <request-map uri="ajaxCheckLogin" edit="false"> <description>Verify a user is logged in.</description> <security https="true" auth="false"/> - <event type="java" path="org.ofbiz.webapp.control.LoginWorker" invoke="checkLogin"/> + <event type="java" path="org.ofbiz.webapp.control.LoginWorker" invoke="extensionCheckLogin"/> <response name="success" type="view" value="main"/> <response name="error" type="view" value="ajaxLogin"/> </request-map> Added: ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/LoginCheck.java URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/LoginCheck.java?rev=1497892&view=auto ============================================================================== --- ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/LoginCheck.java (added) +++ ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/LoginCheck.java Fri Jun 28 19:08:32 2013 @@ -0,0 +1,28 @@ +/******************************************************************************* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + *******************************************************************************/ +package org.ofbiz.webapp.control; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +public interface LoginCheck { + boolean isEnabled(); + String associate(HttpServletRequest request, HttpServletResponse response); + String check(HttpServletRequest request, HttpServletResponse response); +} Modified: ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/LoginWorker.java URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/LoginWorker.java?rev=1497892&r1=1497891&r2=1497892&view=diff ============================================================================== --- ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/LoginWorker.java (original) +++ ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/LoginWorker.java Fri Jun 28 19:08:32 2013 @@ -25,6 +25,7 @@ import java.security.cert.X509Certificat import java.sql.Timestamp; import java.util.List; import java.util.Map; +import java.util.ServiceLoader; import java.util.regex.Matcher; import java.util.regex.Pattern; @@ -246,6 +247,56 @@ public class LoginWorker { return userLogin; } + /** This WebEvent allows for java 'services' to hook into the login path. + * This method loads all instances of {@link LoginCheck}, and calls the + * {@link LoginCheck#associate} method. The first implementation to return + * a non-null value gets that value returned to the caller. Returning + * "none" will abort processing, while anything else gets looked up in + * outer view dispatch. This event is called when the current request + * needs to have a validly logged in user; it is a wrapper around {@link + * #checkLogin}. + * + * @param request The HTTP request object for the current JSP or Servlet request. + * @param response The HTTP response object for the current JSP or Servlet request. + * @return String + */ + public static String extensionCheckLogin(HttpServletRequest request, HttpServletResponse response) { + for (LoginCheck check: ServiceLoader.load(LoginCheck.class)) { + if (!check.isEnabled()) { + continue; + } + String result = check.associate(request, response); + if (result != null) { + return result; + } + } + return checkLogin(request, response); + } + + /** This WebEvent allows for java 'services' to hook into the login path. + * This method loads all instances of {@link LoginCheck}, and calls the + * {@link LoginCheck#check} method. The first implementation to return + * a non-null value gets that value returned to the caller. Returning + * "none" will abort processing, while anything else gets looked up in + * outer view dispatch; for preprocessors, only "success" makes sense. + * + * @param request The HTTP request object for the current JSP or Servlet request. + * @param response The HTTP response object for the current JSP or Servlet request. + * @return String + */ + public static String extensionConnectLogin(HttpServletRequest request, HttpServletResponse response) { + for (LoginCheck check: ServiceLoader.load(LoginCheck.class)) { + if (!check.isEnabled()) { + continue; + } + String result = check.check(request, response); + if (result != null) { + return result; + } + } + return "success"; + } + /** * An HTTP WebEvent handler that checks to see is a userLogin is logged in. * If not, the user is forwarded to the login page.