From 1cdb43bb3e432040aed18c05e129f0131ee7d20a Mon Sep 17 00:00:00 2001 From: Jesse Morgan Date: Tue, 27 Aug 2013 08:28:16 -0700 Subject: Introducing F1 Authentication and Adding Site Content. This change introduced the f1oauth and jesterpm oauth packages for interacting with Fellowship One's developer API. I have also reworked the login authentication to verify credentials through F1 and added session management to track logged in users. The Authenticator chain works as follows: on every page load we check for a session cookie, if the cookie exists, the Request is marked as authenticated and the OAuthUser object is restored in ClientInfo. If this request is going to an account page, we require authentication. The LoginFormAuthenticator checks if the user is already authenticated (via cookie) and if not redirects the user to the login page. When the login form is submitted, LoginFormAuthenticator catches the POST request and authenticates the user through F1. I'm also adding a new account page, but it is currently a work in progress. This commit also adds Allen's content to the site. --- .../p4square/grow/frontend/LoginAuthenticator.java | 52 ---------------------- 1 file changed, 52 deletions(-) delete mode 100644 src/com/p4square/grow/frontend/LoginAuthenticator.java (limited to 'src/com/p4square/grow/frontend/LoginAuthenticator.java') diff --git a/src/com/p4square/grow/frontend/LoginAuthenticator.java b/src/com/p4square/grow/frontend/LoginAuthenticator.java deleted file mode 100644 index 64f5827..0000000 --- a/src/com/p4square/grow/frontend/LoginAuthenticator.java +++ /dev/null @@ -1,52 +0,0 @@ -/* - * Copyright 2013 Jesse Morgan - */ - -package com.p4square.grow.frontend; - -import org.apache.log4j.Logger; - -import org.restlet.Context; -import org.restlet.Request; -import org.restlet.Response; -import org.restlet.security.Authenticator; -import org.restlet.security.User; - -/** - * LoginAuthenticator decrypts a cookie containing the user's session info - * and makes that information available as the ClientInfo's User object. - * - * If this Authenticator is not optional, the user will be redirected to a - * login page. - * - * @author Jesse Morgan - */ -public class LoginAuthenticator extends Authenticator { - private static Logger cLog = Logger.getLogger(LoginAuthenticator.class); - - public static final String COOKIE_NAME = "growsession"; - - private final String mLoginPage; - - public LoginAuthenticator(Context context, boolean optional, String loginPage) { - super(context, optional); - - mLoginPage = loginPage; - } - - protected boolean authenticate(Request request, Response response) { - // Check for authentication cookie - final String cookie = request.getCookies().getFirstValue(COOKIE_NAME); - if (cookie != null) { - cLog.debug("Got cookie: " + cookie); - // TODO Decrypt user info - User user = new User(cookie); - request.getClientInfo().setUser(user); - return true; - } - - // Challenge the user if not authenticated - response.redirectSeeOther(mLoginPage); - return false; - } -} -- cgit v1.2.3