diff options
Diffstat (limited to 'base/common/src/com/netscape/cms/servlet/csadmin/BaseServlet.java')
| -rw-r--r-- | base/common/src/com/netscape/cms/servlet/csadmin/BaseServlet.java | 121 |
1 files changed, 121 insertions, 0 deletions
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/BaseServlet.java b/base/common/src/com/netscape/cms/servlet/csadmin/BaseServlet.java new file mode 100644 index 000000000..9e800b9cc --- /dev/null +++ b/base/common/src/com/netscape/cms/servlet/csadmin/BaseServlet.java @@ -0,0 +1,121 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.cms.servlet.csadmin; + +import java.io.IOException; +import java.util.Enumeration; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.velocity.Template; +import org.apache.velocity.context.Context; +import org.apache.velocity.servlet.VelocityServlet; + +import com.netscape.certsrv.apps.CMS; + +public class BaseServlet extends VelocityServlet { + + /** + * + */ + private static final long serialVersionUID = 3169697149104780149L; + + /** + * Returns usage of this servlet. + */ + public String getUsage() { + return null; + } + + public boolean authenticate(HttpServletRequest request, + HttpServletResponse response, + Context context) { + String pin = (String) request.getSession().getAttribute("pin"); + + if (pin == null) { + try { + response.sendRedirect("login"); + } catch (IOException e) { + } + return false; + } + return true; + } + + public void outputHttpParameters(HttpServletRequest httpReq) { + CMS.debug("BaseServlet:service() uri = " + httpReq.getRequestURI()); + @SuppressWarnings("unchecked") + Enumeration<String> paramNames = httpReq.getParameterNames(); + + while (paramNames.hasMoreElements()) { + String pn = paramNames.nextElement(); + // added this facility so that password can be hidden, + // all sensitive parameters should be prefixed with + // __ (double underscores); however, in the event that + // a security parameter slips through, we perform multiple + // additional checks to insure that it is NOT displayed + if (pn.startsWith("__") || + pn.endsWith("password") || + pn.endsWith("passwd") || + pn.endsWith("pwd") || + pn.equalsIgnoreCase("admin_password_again") || + pn.equalsIgnoreCase("directoryManagerPwd") || + pn.equalsIgnoreCase("bindpassword") || + pn.equalsIgnoreCase("bindpwd") || + pn.equalsIgnoreCase("passwd") || + pn.equalsIgnoreCase("password") || + pn.equalsIgnoreCase("pin") || + pn.equalsIgnoreCase("pwd") || + pn.equalsIgnoreCase("pwdagain") || + pn.equalsIgnoreCase("uPasswd")) { + CMS.debug("BaseServlet::service() param name='" + pn + + "' value='(sensitive)'"); + } else { + CMS.debug("BaseServlet::service() param name='" + pn + + "' value='" + httpReq.getParameter(pn) + "'"); + } + } + } + + /** + * Processes request. + */ + public Template process(HttpServletRequest request, + HttpServletResponse response, + Context context) { + return null; + } + + public Template handleRequest(HttpServletRequest request, + HttpServletResponse response, + Context context) { + if (CMS.debugOn()) { + outputHttpParameters(request); + } + + /* XXX - authentication */ + if (!authenticate(request, response, context)) { + return null; + } + + /* XXX - authorization */ + + return process(request, response, context); + } +} |