http://snippets.dzone.com/posts Thu, 28 Aug 2008 13:10:34 GMT DZone Snippets: java code http://snippets.dzone.com/posts/show/3715 See <a href="http://shadegrowncode.blogspot.com/2007/03/returning-login-failure-reason-in.html">Shade Grown Code</a> for more information. <br /> <br />ExtendedStatusSetter.java <br /><code> <br />package com.ofc.tomcat; <br /> <br />import javax.servlet.http.HttpServletRequest; <br />import javax.servlet.http.HttpServletResponse; <br /> <br />/** <br /> * Interface flagging that the implementing Realm can set request <br /> * headers providing additional information about an authentication <br /> * failure. <br /> * <br /> * @author Nicholas Sushkin <br /> */ <br />public interface ExtendedStatusSetter <br />{ <br /> <br /> /** <br /> * The request attribute under which we forward an extended failure status message <br /> * (as an object of type String) to a login error page. <br /> */ <br /> public static String LOGIN_FAILURE_MESSAGE_ATTR = <br /> "com.ofc.tomcat.LOGIN_FAILURE_MESSAGE"; <br /> <br /> public void setExtendedStatus(String username, HttpServletRequest request, HttpServletResponse response); <br />} <br /></code> <br /> <br />ExtendedStatusFormAuthenticator.java <br /><code> <br />package com.ofc.tomcat; <br /> <br />import org.apache.catalina.authenticator.Constants; <br />import org.apache.catalina.authenticator.FormAuthenticator; <br />import org.apache.catalina.Realm; <br />import org.apache.catalina.connector.Request; <br />import org.apache.catalina.connector.Response; <br />import org.apache.catalina.deploy.LoginConfig; <br />import org.apache.commons.logging.Log; <br />import org.apache.commons.logging.LogFactory; <br />import javax.servlet.RequestDispatcher; <br /> <br />/** <br /> * Adds extended authentication failure status to tomcat FormAuthenticator. <br /> * <br /> * @author Nicholas Sushkin <br /> */ <br />public class ExtendedStatusFormAuthenticator extends FormAuthenticator <br />{ <br /> /** <br /> * Descriptive information about this implementation. <br /> */ <br /> protected static final String info = <br /> "com.ofc.tomcat.ExtendedStatusFormAuthenticator/1.0"; <br /> <br /> private static Log log = LogFactory.getLog(ExtendedStatusFormAuthenticator.class); <br /> <br /> // ------------------------------------------------------------- Properties <br /> /** <br /> * Return descriptive information about this Valve implementation. <br /> */ <br /> @Override <br /> public String getInfo() <br /> { <br /> return info; <br /> } <br /> <br /> // ------------------------------------------------------------- Overridden behavior <br /> /** <br /> * Called to forward to the error page <br /> * <br /> * @param request Request we are processing <br /> * @param response Response we are creating <br /> * @param config Login configuration describing how authentication <br /> * should be performed <br /> */ <br /> @Override <br /> protected void forwardToErrorPage(Request request, Response response, LoginConfig config) <br /> { <br /> Realm realm = context.getRealm(); <br /> <br /> if (realm instanceof ExtendedStatusSetter) <br /> { <br /> log.debug("realm implements ExtendedStatusSetter, setting extended status for error page"); <br /> String username = request.getParameter(Constants.FORM_USERNAME); <br /> ((ExtendedStatusSetter) realm).setExtendedStatus(username, request.getRequest(), response.getResponse()); <br /> } <br /> else <br /> { <br /> log.debug("realm does not implement ExtendedStatusSetter, NOT setting extended status for error page"); <br /> } <br /> <br /> RequestDispatcher disp = <br /> context.getServletContext().getRequestDispatcher <br /> (config.getErrorPage()); <br /> try { <br /> disp.forward(request.getRequest(), response.getResponse()); <br /> response.finishResponse(); <br /> } catch (Throwable t) { <br /> log.warn("Unexpected error forwarding to error page", t); <br /> } <br /> } <br />} <br /></code> <br /> <br />Realm implementation will include the following <br /><code> <br />public class AccountLockoutDatasourceRealm extends DataSourceRealm implements ExtendedStatusSetter <br />{ <br /> // ... <br /> <br /> public void setExtendedStatus(String username, HttpServletRequest request, HttpServletResponse response) <br /> { <br /> setMessage(request, "Account locked"); <br /> } <br /> <br /> protected void setMessage(HttpServletRequest request, String message) <br /> { <br /> request.setAttribute(ExtendedStatusSetter.LOGIN_FAILURE_MESSAGE_ATTR, message); <br /> } <br />} <br /></code> Thu, 22 Mar 2007 22:25:21 GMT http://snippets.dzone.com/posts/show/3715 NicholasSushkin (Nicholas Sushkin)