From 621d9e5c413e561293d7484b93882d985b3fe15f Mon Sep 17 00:00:00 2001
From: Endi Sukma Dewata <edewata@redhat.com>
Date: Sat, 24 Mar 2012 02:27:47 -0500
Subject: Removed unnecessary pki folder.

Previously the source code was located inside a pki folder.
This folder was created during svn migration and is no longer
needed. This folder has now been removed and the contents have
been moved up one level.

Ticket #131
---
 .../netscape/cms/servlet/csadmin/BaseServlet.java  | 121 +++++++++++++++++++++
 1 file changed, 121 insertions(+)
 create mode 100644 base/common/src/com/netscape/cms/servlet/csadmin/BaseServlet.java

(limited to 'base/common/src/com/netscape/cms/servlet/csadmin/BaseServlet.java')

diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/BaseServlet.java b/base/common/src/com/netscape/cms/servlet/csadmin/BaseServlet.java
new file mode 100644
index 000000000..9e800b9cc
--- /dev/null
+++ b/base/common/src/com/netscape/cms/servlet/csadmin/BaseServlet.java
@@ -0,0 +1,121 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+package com.netscape.cms.servlet.csadmin;
+
+import java.io.IOException;
+import java.util.Enumeration;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.velocity.Template;
+import org.apache.velocity.context.Context;
+import org.apache.velocity.servlet.VelocityServlet;
+
+import com.netscape.certsrv.apps.CMS;
+
+public class BaseServlet extends VelocityServlet {
+
+    /**
+     *
+     */
+    private static final long serialVersionUID = 3169697149104780149L;
+
+    /**
+     * Returns usage of this servlet.
+     */
+    public String getUsage() {
+        return null;
+    }
+
+    public boolean authenticate(HttpServletRequest request,
+            HttpServletResponse response,
+            Context context) {
+        String pin = (String) request.getSession().getAttribute("pin");
+
+        if (pin == null) {
+            try {
+                response.sendRedirect("login");
+            } catch (IOException e) {
+            }
+            return false;
+        }
+        return true;
+    }
+
+    public void outputHttpParameters(HttpServletRequest httpReq) {
+        CMS.debug("BaseServlet:service() uri = " + httpReq.getRequestURI());
+        @SuppressWarnings("unchecked")
+        Enumeration<String> paramNames = httpReq.getParameterNames();
+
+        while (paramNames.hasMoreElements()) {
+            String pn = paramNames.nextElement();
+            // added this facility so that password can be hidden,
+            // all sensitive parameters should be prefixed with 
+            // __ (double underscores); however, in the event that
+            // a security parameter slips through, we perform multiple
+            // additional checks to insure that it is NOT displayed
+            if (pn.startsWith("__") ||
+                    pn.endsWith("password") ||
+                    pn.endsWith("passwd") ||
+                    pn.endsWith("pwd") ||
+                    pn.equalsIgnoreCase("admin_password_again") ||
+                    pn.equalsIgnoreCase("directoryManagerPwd") ||
+                    pn.equalsIgnoreCase("bindpassword") ||
+                    pn.equalsIgnoreCase("bindpwd") ||
+                    pn.equalsIgnoreCase("passwd") ||
+                    pn.equalsIgnoreCase("password") ||
+                    pn.equalsIgnoreCase("pin") ||
+                    pn.equalsIgnoreCase("pwd") ||
+                    pn.equalsIgnoreCase("pwdagain") ||
+                    pn.equalsIgnoreCase("uPasswd")) {
+                CMS.debug("BaseServlet::service() param name='" + pn +
+                         "' value='(sensitive)'");
+            } else {
+                CMS.debug("BaseServlet::service() param name='" + pn +
+                         "' value='" + httpReq.getParameter(pn) + "'");
+            }
+        }
+    }
+
+    /**
+     * Processes request.
+     */
+    public Template process(HttpServletRequest request,
+            HttpServletResponse response,
+            Context context) {
+        return null;
+    }
+
+    public Template handleRequest(HttpServletRequest request,
+            HttpServletResponse response,
+            Context context) {
+        if (CMS.debugOn()) {
+            outputHttpParameters(request);
+        }
+
+        /* XXX - authentication */
+        if (!authenticate(request, response, context)) {
+            return null;
+        }
+
+        /* XXX - authorization */
+
+        return process(request, response, context);
+    }
+}
-- 
cgit