[prev in list] [next in list] [prev in thread] [next in thread]
List: shibboleth-dev
Subject: [Shib-Dev] Patch to UsernamePasswordLoginServlet.java
From: John Weigel <jweigel () sunflowerbroadband ! com>
Date: 2009-11-25 22:55:40
Message-ID: E3ADD5DD-16A8-4E14-87BB-3A5F406D039E () sunflowerbroadband ! com
[Download RAW message or body]
Hi All,
The company I work for recently encountered the need to be able to
send an authentication failure response back to a service provider
when a user is unable to successfully login at our identity provider.
This required a small change to the UsernamePasswordLoginServlet as it
has no provision for breaking out of the login cycle if the user is
unable to authenticate themselves. I've included the patch in this
email in case you wish to incorporate it. The patch is against the
latest stable release.
Index: java-idp/src/main/java/edu/internet2/middleware/shibboleth/idp/
authn/provider/UsernamePasswordLoginServlet.java
===================================================================
--- java-idp/src/main/java/edu/internet2/middleware/shibboleth/idp/
authn/provider/UsernamePasswordLoginServlet.java (revision 2905)
+++ java-idp/src/main/java/edu/internet2/middleware/shibboleth/idp/
authn/provider/UsernamePasswordLoginServlet.java (working copy)
@@ -75,6 +75,9 @@
/** HTTP request parameter containing the user's password. */
private final String passwordAttribute = "j_password";
+
+ /** HTTP request parameter containing cancel login option. */
+ private final String cancelAttribute = "cancel";
/** {@inheritDoc} */
public void init(ServletConfig config) throws ServletException {
@@ -97,14 +100,19 @@
IOException {
String username = request.getParameter(usernameAttribute);
String password = request.getParameter(passwordAttribute);
+ String cancel = request.getParameter(cancelAttribute);
- if (username == null || password == null) {
+ if ((username == null || password == null) && (cancel ==
null)) {
redirectToLoginPage(request, response, null);
return;
}
- if (authenticateUser(request, username, password)) {
+ if (cancel != null) {
+ log.debug("Login canceled by user. Returning to
authentication engine.");
+
request.setAttribute(LoginHandler.AUTHENTICATION_ERROR_KEY, "login
canceled");
AuthenticationEngine.returnToAuthenticationEngine(request, response);
+ } else if (authenticateUser(request, username, password)) {
+
AuthenticationEngine.returnToAuthenticationEngine(request, response);
} else {
List<Pair<String, String>> queryParams = new
ArrayList<Pair<String, String>>();
queryParams.add(new Pair<String, String>(failureParam,
"true"));
John Weigel
Software Developer, Sunflower Broadband
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic