1 package org.cacert.gigi;
3 import java.io.IOException;
4 import java.security.cert.X509Certificate;
5 import java.util.HashMap;
7 import javax.servlet.ServletException;
8 import javax.servlet.http.HttpServlet;
9 import javax.servlet.http.HttpServletRequest;
10 import javax.servlet.http.HttpServletResponse;
11 import javax.servlet.http.HttpSession;
13 public class Gigi extends HttpServlet {
14 private HashMap<String, Page> pages = new HashMap<String, Page>();
17 public void init() throws ServletException {
18 pages.put("/login", new LoginPage());
19 pages.put("/", new MainPage());
24 protected void service(HttpServletRequest req, HttpServletResponse resp)
25 throws ServletException, IOException {
26 X509Certificate[] cert = (X509Certificate[]) req
27 .getAttribute("javax.servlet.request.X509Certificate");
28 HttpSession hs = req.getSession(false);
29 if (hs == null || !((Boolean) hs.getAttribute("loggedin"))) {
31 tryAuthWithCertificate(req, cert[0]);
32 hs = req.getSession(false);
35 if (hs != null && ((Boolean) hs.getAttribute("loggedin"))
36 && req.getPathInfo().equals("/login")) {
37 resp.sendRedirect("/");
40 if (req.getMethod().equals("POST") && req.getPathInfo() != null
41 && req.getPathInfo().equals("/login")) {
43 resp.sendRedirect("/");
46 if (req.getPathInfo() != null && req.getPathInfo().equals("/logout")) {
48 hs.setAttribute("loggedin", false);
51 resp.sendRedirect("/");
55 if ((hs == null || !((Boolean) hs.getAttribute("loggedin")))
56 && !"/login".equals(req.getPathInfo())) {
57 System.out.println(req.getPathInfo());
58 resp.sendRedirect("/login");
61 System.out.println(req.getPathInfo());
62 if (pages.containsKey(req.getPathInfo())) {
63 Page p = pages.get(req.getPathInfo());
66 resp.sendError(404, "Page not found.");
71 private void authWithUnpw(HttpServletRequest req) {
72 String un = req.getParameter("username");
73 String pw = req.getParameter("password");
74 // TODO dummy password check if (un.equals(pw)) {
75 HttpSession hs = req.getSession();
76 hs.setAttribute("loggedin", true);
79 private void tryAuthWithCertificate(HttpServletRequest req,
80 X509Certificate x509Certificate) {
81 // TODO ckeck if certificate is valid
82 HttpSession hs = req.getSession();
83 hs.setAttribute("loggedin", true);