package at.gv.egovernment.moa.id.auth.servlet; import java.io.ByteArrayOutputStream; import java.io.IOException; import java.io.InputStream; import java.util.Enumeration; import java.util.HashMap; import java.util.List; import java.util.Map; import javax.servlet.RequestDispatcher; import javax.servlet.ServletConfig; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.commons.fileupload.FileItem; import org.apache.commons.fileupload.FileItemFactory; import org.apache.commons.fileupload.FileUploadException; import org.apache.commons.fileupload.disk.DiskFileItemFactory; import org.apache.commons.fileupload.servlet.ServletFileUpload; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.WrongParametersException; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.URLDecoder; /** * Base class for MOA-ID Auth Servlets, providing standard error handling * and constant names. * * @author Paul Ivancsics * @version $Id$ */ public class AuthServlet extends HttpServlet implements MOAIDAuthConstants { /** * Handles an error.
* * * @param errorMessage error message * @param exceptionThrown exception thrown * @param req servlet request * @param resp servlet response */ protected void handleError( String errorMessage, Throwable exceptionThrown, HttpServletRequest req, HttpServletResponse resp) { if(null != errorMessage) { Logger.error(errorMessage); req.setAttribute("ErrorMessage", errorMessage ); } if (null != exceptionThrown) { if(null == errorMessage) errorMessage = exceptionThrown.getMessage(); Logger.error(errorMessage, exceptionThrown); req.setAttribute("ExceptionThrown", exceptionThrown); } //forward this to errorpage-auth.jsp where the HTML error page is generated ServletContext context = getServletContext(); RequestDispatcher dispatcher = context.getRequestDispatcher("/errorpage-auth.jsp"); try { dispatcher.forward(req, resp); } catch (ServletException e) { Logger.error(e); } catch (IOException e) { Logger.error(e); } } /** * Handles a WrongParametersException. * @param req servlet request * @param resp servlet response */ protected void handleWrongParameters(WrongParametersException ex, HttpServletRequest req, HttpServletResponse resp) { Logger.error(ex.toString()); req.setAttribute("WrongParameters", ex.getMessage()); // forward this to errorpage-auth.jsp where the HTML error page is generated ServletContext context = getServletContext(); RequestDispatcher dispatcher = context.getRequestDispatcher("/errorpage-auth.jsp"); try { dispatcher.forward(req, resp); } catch (ServletException e) { Logger.error(e); } catch (IOException e) { Logger.error(e); } } /** * Logs all servlet parameters for debugging purposes. */ protected void logParameters(HttpServletRequest req) { for (Enumeration params = req.getParameterNames(); params.hasMoreElements(); ) { String parname = (String)params.nextElement(); Logger.debug("Parameter " + parname + req.getParameter(parname)); } } /** * Parses the request input stream for parameters, assuming parameters are encoded UTF-8 * (no standard exists how browsers should encode them). * * @param req servlet request * * @return mapping parameter name -> value * * @throws IOException if parsing request parameters fails. * * @throws FileUploadException if parsing request parameters fails. */ protected Map getParameters(HttpServletRequest req) throws IOException, FileUploadException { Map parameters = new HashMap(); if (ServletFileUpload.isMultipartContent(req)) { // request is encoded as mulitpart/form-data FileItemFactory factory = new DiskFileItemFactory(); ServletFileUpload upload = null; upload = new ServletFileUpload(factory); List items = null; items = upload.parseRequest(req); for (int i = 0; i < items.size(); i++) { FileItem item = (FileItem) items.get(i); if (item.isFormField()) { // Process only form fields - no file upload items parameters.put(item.getFieldName(), item.getString("UTF-8")); Logger.debug("Processed multipart/form-data request parameter: \nName: " + item.getFieldName() + "\nValue: " + item.getString("UTF-8")); } } } else { // request is encoded as application/x-www-urlencoded InputStream in = req.getInputStream(); String paramName; String paramValueURLEncoded; do { paramName = new String(readBytesUpTo(in, '=')); if (paramName.length() > 0) { paramValueURLEncoded = readBytesUpTo(in, '&'); String paramValue = URLDecoder.decode(paramValueURLEncoded, "UTF-8"); parameters.put(paramName, paramValue); } } while (paramName.length() > 0); in.close(); } return parameters; } /** * Reads bytes up to a delimiter, consuming the delimiter. * @param in input stream * @param delimiter delimiter character * @return String constructed from the read bytes * @throws IOException */ protected String readBytesUpTo(InputStream in, char delimiter) throws IOException { ByteArrayOutputStream bout = new ByteArrayOutputStream(); boolean done = false; int b; while (! done && (b = in.read()) >= 0) { if (b == delimiter) done = true; else bout.write(b); } return bout.toString(); } /** * Calls the web application initializer. * * @see javax.servlet.Servlet#init(ServletConfig) */ public void init(ServletConfig servletConfig) throws ServletException { super.init(servletConfig); } }