package votorola.a.web.wic.authen; // Copyright 2012, Michael Allan. Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Votorola Software"), to deal in the Votorola Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicence, and/or sell copies of the Votorola Software, and to permit persons to whom the Votorola Software is furnished to do so, subject to the following conditions: The preceding copyright notice and this permission notice shall be included in all copies or substantial portions of the Votorola Software. THE VOTOROLA SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE VOTOROLA SOFTWARE OR THE USE OR OTHER DEALINGS IN THE VOTOROLA SOFTWARE. import java.util.logging.*; import org.apache.wicket.Page; import org.apache.wicket.request.cycle.RequestCycle; import org.apache.wicket.request.mapper.parameter.PageParameters; import votorola.a.voter.*; import votorola.a.web.wic.*; import votorola.g.lang.*; import votorola.g.logging.*; /** A basic login page. Each instantiable subclass must have a public constructor that * accepts page parameters, enabling it to be constructed by WC_LoginLink. */ @SuppressWarnings("deprecation") // of IDPair.isFromEmail(), fails placed on method (1.7.0_06) public @ThreadRestricted("wicket") abstract class LoginPage extends VPageHTML { /** Constructs a LoginPage. */ LoginPage( final PageParameters pP ) { super( pP ); } // ------------------------------------------------------------------------------------ /** The name of the cookie that stores the state of the "keep me logged in" check box. */ static final String COOKIE_PERSIST_BUTTON = "vo_loginPersistButton"; // "voLogin.persistButton" would have been more standard /** Sets the return page encoded in the page parameters as the response page. * * @see Authenticator#newLoginPage(PageParameters) */ final void respondWithReturnPage( final RequestCycle cycle ) { final PageParameters pP = getPageParameters(); final Class returnClass = Authenticator.extractReturnClass( pP ); if( VoterPage.class.isAssignableFrom( returnClass )) { final VSession.User user = VSession.get().user(); // as newly authenticated if( user != null && pP.get("u") == null && pP.get("v") == null ) { pP.set( "u", user.username() ); } } cycle.setResponsePage( returnClass, pP ); } /** Sets the newly authenticated user in the session. * * @param method the name of the authentication method for logging purposes. * @see votorola.a.web.wic.VSession.User#isPersistent() * @param toReplaceSession answers whether to replace the session in order to * defend the user from a potential fixation attack. This is currently * disabled and has no effect. * * @see Session Fixation */ static void setUserInSession( IDPair id, final String method, final boolean persistent, final boolean toReplaceSession, final VRequestCycle cycle ) { logger.fine( "logging in by " + method + ": " + id.username() ); if( id.isFromEmail() ) id = new IDPair( id.email(), id.username(), /*isFromEmail*/false ); // forcing it to appear in mailish form final VSession session = VSession.get(); if( toReplaceSession ) session.replaceSession(); try { session.setUser( id, persistent, VOWicket.get().vsRun().trustserver().getTraceNode(/*list, look it up*/null,id), cycle); } catch( java.io.IOException|java.sql.SQLException x ) { throw new RuntimeException( x ); } } //// P r i v a t e /////////////////////////////////////////////////////////////////////// private static final Logger logger = LoggerX.i( LoginPage.class ); }