public class WebHandler
extends org.eclipse.jetty.server.handler.AbstractHandler
On GET method a web page containing an authentication form is returned to caller. The user should enter the user name and the password used to authenticate on the target client platform (Linux / Windows) and press the "Login" button to submit the form (which will submit/POST the form).
On POST method using the user submitted credentials a new web client process is spawned with the user's operating-system login environment. On web client URI notification the user's browser is redirected to this URI. If no response from the spawned client occurs within a specified amount of time, the authentication page is reloaded with an error message.
Modifier and Type | Class and Description |
---|---|
private static class |
WebHandler.SpawnerResult
Simple container for the spawn result.
|
org.eclipse.jetty.util.component.AbstractLifeCycle.AbstractLifeCycleListener
Modifier and Type | Field and Description |
---|---|
static java.lang.String |
ERROR_PREFIX
Error message prefix.
|
private java.lang.String |
errorMessage
Error message to display, if any.
|
private boolean |
isGui
Flag that denotes client type (
true for GUI, false for ChUI). |
private static java.util.logging.Logger |
LOG
Logger.
|
private static java.lang.String |
TARGET_CHUI_ROOT
The root portion of the ChUI client request name (part of the URL).
|
private static java.lang.String |
TARGET_GUI_ROOT
The root portion of the GUI client request name (part of the URL).
|
private static boolean |
virtualDesktopEnabled
Virtual desktop mode is set by this directory option, virtualDesktopEnabled
|
private static WebClientsManager |
webClientsManager
Web clients manager
|
Constructor and Description |
---|
WebHandler() |
Modifier and Type | Method and Description |
---|---|
void |
doGet(java.lang.String target,
org.eclipse.jetty.server.Request base,
javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
Handle GET requests.
|
void |
doPost(java.lang.String target,
org.eclipse.jetty.server.Request base,
javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
Handle POST request.
|
private static java.lang.String |
errorMessage(int rc,
java.lang.String user)
Build a text string containing a message error based on the exit code.
|
void |
handle(java.lang.String target,
org.eclipse.jetty.server.Request base,
javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
Handle HTTP requests.
|
protected java.lang.String |
handleReplacements(java.lang.String text)
Process the given string and make any replacements of parameter
values as needed.
|
private void |
sendError(java.lang.String error,
org.eclipse.jetty.server.Request base,
javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
Sends the error message to the client.
|
private boolean |
sendForbiddenIfVirtualDesktopDisabled(org.eclipse.jetty.server.Request base,
javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
Send 403 if the virtual desktop mode is not allowed.
|
private void |
sendRedirectPath(java.lang.String remoteUri,
org.eclipse.jetty.server.Request base,
javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
Sends the redirect to the main application site that requires users to be authorized.
|
static java.lang.String |
spawn(java.lang.String user,
java.lang.String pw,
boolean gui,
java.lang.String[] options,
java.lang.String referrer)
Spawn a new web client process, returning the redirect URL if successful.
|
private static WebHandler.SpawnerResult |
spawnWorker(java.lang.String user,
java.lang.String pw,
boolean gui,
java.lang.String[] options,
boolean trusted,
java.lang.String referrer,
WebClientsManager webClientsManager,
java.lang.String[] proxyServerParameters)
Spawn a client with the given account credentials and UI mode.
|
private static boolean |
verifySpawnOptions(java.lang.String user,
java.lang.String[] options)
Verify the spawn options passed by the remote side.
|
destroy, doStart, doStop, dumpThis, getServer, setServer
addBean, addBean, addBean, addEventListener, addManaged, contains, dump, dump, dump, dump, dump, dumpBeans, dumpObject, dumpStdErr, getBean, getBeans, getBeans, isManaged, manage, removeBean, removeBeans, removeEventListener, setBeans, setStopTimeout, start, stop, unmanage, updateBean, updateBean, updateBeans
addLifeCycleListener, getState, getState, getStopTimeout, isFailed, isRunning, isStarted, isStarting, isStopped, isStopping, removeLifeCycleListener, start, stop
public static final java.lang.String ERROR_PREFIX
private static final java.util.logging.Logger LOG
private static final java.lang.String TARGET_CHUI_ROOT
private static final java.lang.String TARGET_GUI_ROOT
private java.lang.String errorMessage
private boolean isGui
true
for GUI, false
for ChUI).private static final WebClientsManager webClientsManager
private static final boolean virtualDesktopEnabled
public static java.lang.String spawn(java.lang.String user, java.lang.String pw, boolean gui, java.lang.String[] options, java.lang.String referrer)
The following modes are possible:
Default Override Trusted Account User Password Configured Configured Configured Result --------- ------------ ---------- ---------- ---------- -------------------------------------------------- non-null non-null no n/a n/a Spawn using the given credentials. non-null non-null yes n/a no Error (override mode requires a default account). non-null non-null yes n/a yes Spawn using the default account and the given pw. non-null null n/a no n/a Error (pw can't be null unless trusted mode is allowed). non-null null no yes n/a Spawn using the given user. non-null null yes yes no Error (override mode requires a default account). non-null null yes yes yes Spawn using the default account. null non-null no n/a no Error (null user requires a default account). null non-null yes n/a no Error (override mode requires a default account). null null no n/a no Error (null user requires a default account). null null yes n/a no Error (override mode requires a default account). null null yes no yes Error (pw can't be null unless trusted mode is allowed). null null yes yes yes Spawn using the default account.
Trusted mode is attempted when the password is passed as null
, but it will
only work if the mode is also enabled in the server's configuration.
In all cases above, the security context must have the sufficient rights to spawn a web client for the given user name. Even if all other values are configured properly, this will still cause an error to occur.
user
- The OS userid to use for the new process. If null
, the default
account will be used (if such an account has been configured). If the
default account is not configured, then a null
will cause an
error. If override mode is configured and a default account is configured,
then the default account will be used regardless of the value passed.pw
- The OS password to authenticate the user. If null
, then the
spawn will be attempted in trusted mode. Trusted mode must be allowed for the
current security context otherwise this will result in a failure.gui
- This specifies the UI mode (true
for GUI, false
for
ChUI).options
- List of caller-specified options to be passed on the client command line or
null
if no values are specified. The options will be checked to
ensure that they are allowed by the security context. If not allowed, this
will cause an error.referrer
- The referrer string to provide the web client. If the client gets disconnected
it will be redirected back to this URL.ERROR_PREFIX
and followed by
descriptive error text.public void handle(java.lang.String target, org.eclipse.jetty.server.Request base, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws java.io.IOException, javax.servlet.ServletException
target
- The target of the request - either a URI or a name.base
- The base request.request
- The object or a wrapper of the request.response
- The object or a wrapper of the response.java.io.IOException
javax.servlet.ServletException
private boolean sendForbiddenIfVirtualDesktopDisabled(org.eclipse.jetty.server.Request base, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws java.io.IOException
base
- The base request.request
- The object or a wrapper of the request.response
- The object or a wrapper of the response.java.io.IOException
- iff the output stream throws IOExceptionpublic void doGet(java.lang.String target, org.eclipse.jetty.server.Request base, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws java.io.IOException, javax.servlet.ServletException
target
- The target of the request - either a URI or a name.base
- The base request.request
- The object or a wrapper of the request.response
- The object or a wrapper of the response.java.io.IOException
javax.servlet.ServletException
public void doPost(java.lang.String target, org.eclipse.jetty.server.Request base, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws java.io.IOException, javax.servlet.ServletException
target
- The target of the request - either a URI or a name.base
- The base request.request
- The object or a wrapper of the request.response
- The object or a wrapper of the response.java.io.IOException
javax.servlet.ServletException
private void sendRedirectPath(java.lang.String remoteUri, org.eclipse.jetty.server.Request base, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
remoteUri
- The redirect url provided with the authorization parameter.base
- The base request.request
- The http request.response
- The http response.private void sendError(java.lang.String error, org.eclipse.jetty.server.Request base, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
error
- The error message to the client.base
- The base request.request
- The http request.response
- The http response.protected java.lang.String handleReplacements(java.lang.String text)
Example: ${expression}
text
- The text line that may need modifications.private static WebHandler.SpawnerResult spawnWorker(java.lang.String user, java.lang.String pw, boolean gui, java.lang.String[] options, boolean trusted, java.lang.String referrer, WebClientsManager webClientsManager, java.lang.String[] proxyServerParameters)
user
- The operating system userid.pw
- The password for authenticating the operating system account.gui
- true
for GUI mode, false
for ChUI mode.options
- List of caller-specified options to be passed on the client command line or
null
if no values are specified.trusted
- true
if trusted spawning mode should be used.referrer
- The referrer string to provide the web client. If the client gets disconnected
it will be redirected back to this URL.null
and the return code will describe the error.private static boolean verifySpawnOptions(java.lang.String user, java.lang.String[] options)
user
- The operating system userid.options
- List of caller-specified options to be passed on the client command line or
null
if no values are specified.true
if all the options are authorized for the spawning account.private static java.lang.String errorMessage(int rc, java.lang.String user)
rc
- Exit code.user
- Account user name.