'[Shib-Dev] Patch to UsernamePasswordLoginServlet.java'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       shibboleth-dev
Subject:    [Shib-Dev] Patch to UsernamePasswordLoginServlet.java
From:       John Weigel <jweigel () sunflowerbroadband ! com>
Date:       2009-11-25 22:55:40
Message-ID: E3ADD5DD-16A8-4E14-87BB-3A5F406D039E () sunflowerbroadband ! com
[Download RAW message or body]

Hi All,

The company I work for recently encountered the need to be able to  
send an authentication failure response back to a service provider  
when a user is unable to successfully login at our identity provider.  
This required a small change to the UsernamePasswordLoginServlet as it  
has no provision for breaking out of the login cycle if the user is  
unable to authenticate themselves. I've included the patch in this  
email in case you wish to incorporate it. The patch is against the  
latest stable release.

Index: java-idp/src/main/java/edu/internet2/middleware/shibboleth/idp/ 
authn/provider/UsernamePasswordLoginServlet.java
===================================================================
--- java-idp/src/main/java/edu/internet2/middleware/shibboleth/idp/ 
authn/provider/UsernamePasswordLoginServlet.java	(revision 2905)
+++ java-idp/src/main/java/edu/internet2/middleware/shibboleth/idp/ 
authn/provider/UsernamePasswordLoginServlet.java	(working copy)
@@ -75,6 +75,9 @@

      /** HTTP request parameter containing the user's password. */
      private final String passwordAttribute = "j_password";
+
+    /** HTTP request parameter containing cancel login option. */
+    private final String cancelAttribute = "cancel";

      /** {@inheritDoc} */
      public void init(ServletConfig config) throws ServletException {
@@ -97,14 +100,19 @@
              IOException {
          String username = request.getParameter(usernameAttribute);
          String password = request.getParameter(passwordAttribute);
+        String cancel   = request.getParameter(cancelAttribute);

-        if (username == null || password == null) {
+        if ((username == null || password == null) && (cancel ==  
null)) {
              redirectToLoginPage(request, response, null);
              return;
          }

-        if (authenticateUser(request, username, password)) {
+        if (cancel != null) {
+            log.debug("Login canceled by user. Returning to  
authentication engine.");
+             
request.setAttribute(LoginHandler.AUTHENTICATION_ERROR_KEY, "login  
canceled");
               
AuthenticationEngine.returnToAuthenticationEngine(request, response);
+        } else if (authenticateUser(request, username, password)) {
+             
AuthenticationEngine.returnToAuthenticationEngine(request, response);
          } else {
              List<Pair<String, String>> queryParams = new  
ArrayList<Pair<String, String>>();
              queryParams.add(new Pair<String, String>(failureParam,  
"true"));


John Weigel
Software Developer, Sunflower Broadband

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic