Examples of org.exoplatform.web.security.Credentials

• org.exoplatform.web.security.Credentials
  An immutable object that contains a username and a password. @author Julien Viet @version $Revision$

   {
      if (ExoContainer.getProfiles().contains("cluster"))
      {
         HttpServletRequest httpRequest = (HttpServletRequest)request;

         Credentials credentials  = (Credentials)httpRequest.getSession().getAttribute(PortalLoginModule.AUTHENTICATED_CREDENTIALS);

         // Make programatic login if authenticated credentials are present in session - they were set in another cluster node
         if (credentials != null && httpRequest.getRemoteUser() == null)
         {
            WebAuthentication pwl = new WebAuthentication();
            pwl.login(credentials.getUsername(), credentials.getPassword());

         }

         chain.doFilter(request, response);

   {
      resp.setContentType("text/html; charset=UTF-8");
      HttpSession session = req.getSession();

      // Looking for credentials stored in the session
      Credentials credentials = (Credentials)session.getAttribute(InitiateLoginServlet.CREDENTIALS);

      //
      if (credentials == null)
      {
         PortalContainer pContainer = PortalContainer.getInstance();
         ServletContext context = pContainer.getPortalContext();

         //
         String token = getRememberMeTokenCookie(req);
         if (token != null)
         {
            AbstractTokenService tokenService = AbstractTokenService.getInstance(CookieTokenService.class);
            credentials = tokenService.validateToken(token, false);
            if (credentials == null)
            {
               log.debug("Login initiated with no credentials in session but found token an invalid " + token + " " +
                  "that will be cleared in next response");

               // We clear the cookie in the next response as it was not valid
               Cookie cookie = new Cookie(InitiateLoginServlet.COOKIE_NAME, "");
               cookie.setPath(req.getContextPath());
               cookie.setMaxAge(0);
               resp.addCookie(cookie);

               // This allows the customer to define another login page without
               // changing the portal
               showLoginForm(req, resp);
            }
            else
            {
               // Send authentication request
               log.debug("Login initiated with no credentials in session but found token " + token + " with existing credentials, " +
                  "performing authentication");
               sendAuth(resp, credentials.getUsername(), token);
            }
         }
         else
         {
            // This allows the customer to define another login page without
            // changing the portal
            log.debug("Login initiated with no credentials in session and no token cookie, redirecting to login page");
            showLoginForm(req, resp);
         }
      }
      else
      {
         // We create a temporary token just for the login time
         TransientTokenService tokenService = AbstractTokenService.getInstance(TransientTokenService.class);
         String token = tokenService.createToken(credentials);
         req.getSession().removeAttribute(InitiateLoginServlet.CREDENTIALS);

         // Send authentication request
         log.debug("Login initiated with credentials in session, performing authentication");
         sendAuth(resp, credentials.getUsername(), token);
      }
   }

   public GateInToken getToken()
   {
      return new GateInToken(
         getExpirationTime().getTime(),
         new Credentials(getUserName(), getPassword()));
   }

         return;
      }

      //
      log.debug("Found username and password and set credentials in http session");
      Credentials credentials = new Credentials(username, password);
      req.getSession().setAttribute(InitiateLoginServlet.CREDENTIALS, credentials);

      // Obtain initial URI
      String uri = req.getParameter("initialURI");

         email = user.getEmail();

         // Create token
         RemindPasswordTokenService tokenService = uiForm.getApplicationComponent(RemindPasswordTokenService.class);
         Credentials credentials = new Credentials(user.getUserName(), "");
         tokenId = tokenService.createToken(credentials);

         String portalName = URLEncoder.encode(Util.getUIPortal().getName(), "UTF-8");

         ResourceBundle res = requestContext.getApplicationResourceBundle();

    //Use empty password....it shouldn't be needed...this is a SSO login. The password has
    //already been presented with the SSO server. It should not be passed around for
    //better security
    Credentials credentials = new Credentials(assertion.getPrincipal().getName(), "");
    httpRequest.getSession().setAttribute(GenericSSOAgent.CREDENTIALS, credentials);
  }

            .validateToken(password, false);

      String username = null;
      if (o instanceof Credentials)
      {
        Credentials wc = (Credentials)o;
        username = wc.getUsername();
      }

      if (username == null)
      {
          //SSO token could not be validated...hence a user id cannot be found

      }

      String subject = this.getSubject(token);
      if(subject != null)
      {
        Credentials credentials = new Credentials(subject, "");
        httpRequest.getSession().setAttribute(GenericSSOAgent.CREDENTIALS, credentials);
      }
    }
  }

      log.debug("SessionId: "+sessionId);
      log.debug("AssertionId: "+assertionId);
      log.debug("Principal: "+principal);
      log.debug("-----------------------------------------------------------");

      Credentials credentials = new Credentials(principal, "");
      httpRequest.getSession().setAttribute(GenericSSOAgent.CREDENTIALS, credentials);
    }
  }