com.filenet.wcm.toolkit.server.servlet
Class WcmCredentialsServlet

java.lang.Object
  extended byjavax.servlet.GenericServlet
      extended byjavax.servlet.http.HttpServlet
          extended bycom.filenet.wcm.toolkit.server.servlet.WcmCredentialsServlet
All Implemented Interfaces:
java.io.Serializable, javax.servlet.Servlet, javax.servlet.ServletConfig

public abstract class WcmCredentialsServlet
extends javax.servlet.http.HttpServlet

This servlet receives a credentials payload from the SSL server, and posts the credentials to the appropriate session.

In "setLocal" mode, the servlet compares the specified session id, originIP and originPort, with its Java™Server Pages (JSP) session's current values. If they match, credentials are set in the session.

In "setRemote" mode, the servlet makes an HTTP connection to the specified session on the specified originIP/originPort, and calls itself to set credentials locally there.

When successful, the servlet response body contains the URL that the client should re-direct to.

When the servlet is not successful, a custom header is set, and the response body contains any additional information on the error.

The servlet supports both GET and POST requests.

Servlet Parameters
WcmParameter.COMMAND Set to OP_SET_LOCAL or OP_SET_REMOTE
WcmParameter.SESSION_ID The JSP session ID to set credentials for.
WcmParameter.ORIGIN_IP The Origin IP (see notes above).
WcmParameter.ORIGIN_PORT The Origin Port (see notes above).
WcmParameter.TOKEN The tokenized credentials. Required if USER, PASSWORD are not specified. Domain and application id found in the token take precedence over DOMAIN and APPLICATION_ID parameters below when TOKEN is specified.
WcmParameter.USER The user name.
WcmParameter.PASSWORD The user's password.
WcmParameter.DOMAIN The domain to log into.
WcmParameter.APPLICATION_ID The application id.

See Also:
Serialized Form

Field Summary
static java.lang.String OP_CLOSE_WINDOW
          OP_CLOSE_WINDOW is one of the possible values for WcmParameter.COMMAND as described above.
static java.lang.String OP_GET_INTERNAL_TOKEN
          OP_GET_INTERNAL_TOKEN used for SSL authentication...
static java.lang.String OP_GET_LOGIN_ROUTING_INFO
          OP_GET_LOGIN_ROUTING_INFO used to get information on SSL signin configuration (in bootstrap.properties)...
static java.lang.String OP_GET_USER_TOKEN
          OP_GET_USER_TOKEN used for authentication...
static java.lang.String OP_HOME
          OP_HOME is one of the possible values for WcmParameter.COMMAND as described above.
static java.lang.String OP_SET_LOCAL
          OP_SET_LOCAL is one of the possible values for WcmParameter.COMMAND as described above.
static java.lang.String OP_SET_REMOTE
          OP_SET_REMOTE is one of the possible values for WcmParameter.COMMAND as described above.
static java.lang.String OP_SIGNOUT
          OP_SIGNOUT is one of the possible values for WcmParameter.COMMAND as described above.
static int RESULTXML_ERROR_GENERAL_ERROR
           
static int RESULTXML_ERROR_NO_CREDENTIALS
           
static int RESULTXML_ERROR_TOKEN_UNAVAILABLE
           
static int RESULTXML_ERROR_VERIFY_FAILED
           
static int RESULTXML_SUCCESS
          These are error codes that will be sent in the result XML...
static java.lang.String SERVLET_RESULTXML_HEADER
          SERVLET_RESULTXML_HEADER is a custom header sent in the response from this servlet, if there was an error with op=getUserToken.
static java.lang.String SERVLET_RESULTXML_MESSAGE
          This is a format string for the SERVLET_RESULTXML_HEADER.
static java.lang.String SERVLET_STATUS_HEADER
          SERVLET_STATUS_HEADER is a custom header sent in the response from this servlet, if there was an error with the credentials.
static java.lang.String STATUS_ERROR
          One of the possible values for SERVLET_STATUS_HEADER.
static java.lang.String STATUS_NOSESSION
          One of the possible values for SERVLET_STATUS_HEADER.
static java.lang.String STATUS_NOTOKEN
          One of the possible values for SERVLET_STATUS_HEADER.
protected static boolean writeTrace
           
protected static java.lang.String writeTraceValue
           
protected static WcmString wsCredentialsUnavailable
           
protected static WcmString wsTokensNotEnabled
           
static java.lang.String XML_NAMESPACE_NAME
           
static java.lang.String XML_NAMESPACE_URI
           
static boolean XML_TEST_MODE
           
 
Constructor Summary
WcmCredentialsServlet()
           
 
Method Summary
protected  void doGet(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse resp)
          The doGet method of the servlet is called by the Servlet container (JSP Server) when a GET request is being made.
protected  void doPost(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse resp)
          The doPost method of the servlet is called by the Servlet container (JSP Server) when a POST request is being made.
protected abstract  WcmController getController()
          Overrideable factory method to get the controller bean.
static java.lang.String getCredentialsRequestURL(WcmDataStore ds, java.lang.String remoteHost, boolean wasBugFix, java.lang.String originScheme, java.lang.String originIP, java.lang.String originPort, java.lang.String originSessionId, java.lang.String encodedSessionId, java.lang.String userId, java.lang.String password, java.util.Map extraParameters)
          Deprecated. The parameter wasBugFix is no longer recognized. Use the new signature that does not include it.
static java.lang.String getCredentialsRequestURL(WcmDataStore ds, java.lang.String remoteHost, java.lang.String originScheme, java.lang.String originIP, java.lang.String originPort, java.lang.String originSessionId, java.lang.String encodedSessionId, java.lang.String userId, java.lang.String password, java.util.Map extraParameters)
          Static utility method that constructs a URL to access the credentials servlet.
protected  WcmController getInitializedController(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse resp)
           
static java.lang.String getInternalTokenRequestURL(WcmDataStore dataStore, java.lang.String targetBase, java.lang.String userId, java.lang.String password, WcmRequestMap extraParameters)
          Static utility method that constructs a URL to access the credentials servlet and get an internal token.
protected  void getLoginRoutingInfo(WcmController c, javax.servlet.http.HttpServletResponse resp)
           
static java.util.Map getRequestParameterMap(javax.servlet.http.HttpServletRequest req)
           
protected static java.lang.String getSessionToken(WcmDataStore ds, java.lang.String appId, java.lang.String userId, java.lang.String password)
           
protected  WcmSignInProcessor getSignInProcessor(WcmController c, java.lang.String originIP, java.lang.String originPort, java.lang.String sessionId, java.lang.String originScheme, java.lang.String encodedSessionId)
           
protected  void getSignInToken(WcmController c, java.lang.String userId, java.lang.String password, WcmRequestMap extraParameters, javax.servlet.http.HttpServletResponse resp)
           
protected  void getToken(UserTokenPolicyInterface utp, java.lang.String userId, java.lang.String password, WcmRequestMap extraParameters, javax.servlet.http.HttpServletResponse resp)
           
protected  void getToken(UserTokenPolicyInterface utp, java.lang.String userId, java.lang.String password, WcmRequestMap extraParameters, javax.servlet.http.HttpServletResponse resp, java.util.Locale locale)
           
protected  void getUserToken(WcmController c, java.lang.String userId, java.lang.String password, WcmRequestMap extraParameters, javax.servlet.http.HttpServletResponse resp)
           
static java.lang.String getUserTokenRequestURL(java.lang.String targetBase)
           
static java.lang.String getUserTokenRequestURL(WcmDataStore dataStore, java.lang.String targetBase, java.lang.String appId, java.lang.String userId, java.lang.String password, java.util.Map extraParameters)
          Static utility method that constructs a URL to access the credentials servlet and get a user token.
static java.lang.String getXInternalTokenRequestURL(java.lang.String targetBase, java.lang.String userId, java.lang.String password, java.util.Map extraParameters)
          Deprecated. - Use the call that includes WcmDataStore.
protected  java.lang.String getXMLParameter(org.w3c.dom.Document xmlDocument, java.lang.String xPath, org.w3c.dom.Element namespace)
           
static java.lang.String getXUserTokenRequestURL(java.lang.String targetBase, java.lang.String userId, java.lang.String password, java.util.Map extraParameters)
          Deprecated. - Use the call that includes WcmDataStore.
protected  void initializeWriteTrace()
           
protected  void setFromXML(WcmSignInProcessor signInProcessor, java.lang.String appId, java.lang.String userId, java.lang.String password, java.lang.String domain, javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse resp)
           
protected  void setLocal(WcmSignInProcessor signInProcessor, java.lang.String userId, java.lang.String password, WcmRequestMap extraParameters, javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse resp, java.lang.String wasMode)
           
protected  void setRemote(WcmSignInProcessor signInProcessor, java.lang.String userId, java.lang.String password, WcmRequestMap extraParameters, javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse resp)
           
 void trace(java.lang.String message)
           
 void traceRequest(java.lang.String lineno, javax.servlet.http.HttpServletRequest req)
           
protected  void writeXMLResponse(javax.servlet.http.HttpServletResponse resp, long status, java.lang.Exception e)
           
 
Methods inherited from class javax.servlet.http.HttpServlet
doDelete, doHead, doOptions, doPut, doTrace, getLastModified, service, service
 
Methods inherited from class javax.servlet.GenericServlet
destroy, getInitParameter, getInitParameterNames, getServletConfig, getServletContext, getServletInfo, getServletName, init, init, log, log
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

OP_SET_LOCAL

public static final java.lang.String OP_SET_LOCAL
OP_SET_LOCAL is one of the possible values for WcmParameter.COMMAND as described above.

See Also:
Constant Field Values

OP_SET_REMOTE

public static final java.lang.String OP_SET_REMOTE
OP_SET_REMOTE is one of the possible values for WcmParameter.COMMAND as described above.

See Also:
Constant Field Values

OP_GET_INTERNAL_TOKEN

public static final java.lang.String OP_GET_INTERNAL_TOKEN
OP_GET_INTERNAL_TOKEN used for SSL authentication...

See Also:
Constant Field Values

OP_GET_USER_TOKEN

public static final java.lang.String OP_GET_USER_TOKEN
OP_GET_USER_TOKEN used for authentication...

See Also:
Constant Field Values

OP_GET_LOGIN_ROUTING_INFO

public static final java.lang.String OP_GET_LOGIN_ROUTING_INFO
OP_GET_LOGIN_ROUTING_INFO used to get information on SSL signin configuration (in bootstrap.properties)...

See Also:
Constant Field Values

OP_SIGNOUT

public static final java.lang.String OP_SIGNOUT
OP_SIGNOUT is one of the possible values for WcmParameter.COMMAND as described above.

See Also:
Constant Field Values

OP_HOME

public static final java.lang.String OP_HOME
OP_HOME is one of the possible values for WcmParameter.COMMAND as described above.

See Also:
Constant Field Values

OP_CLOSE_WINDOW

public static final java.lang.String OP_CLOSE_WINDOW
OP_CLOSE_WINDOW is one of the possible values for WcmParameter.COMMAND as described above.

See Also:
Constant Field Values

XML_TEST_MODE

public static final boolean XML_TEST_MODE
See Also:
Constant Field Values

XML_NAMESPACE_NAME

public static final java.lang.String XML_NAMESPACE_NAME
See Also:
Constant Field Values

XML_NAMESPACE_URI

public static final java.lang.String XML_NAMESPACE_URI
See Also:
Constant Field Values

SERVLET_STATUS_HEADER

public static final java.lang.String SERVLET_STATUS_HEADER
SERVLET_STATUS_HEADER is a custom header sent in the response from this servlet, if there was an error with the credentials. The value can be either STATUS_ERROR or STATUS_NOSESSION.

See Also:
Constant Field Values

STATUS_ERROR

public static final java.lang.String STATUS_ERROR
One of the possible values for SERVLET_STATUS_HEADER. When set, the response body contains the error message, and any additional information on the error.

See Also:
Constant Field Values

STATUS_NOSESSION

public static final java.lang.String STATUS_NOSESSION
One of the possible values for SERVLET_STATUS_HEADER. Indicates that the specified JSP session ID is no longer valid.

See Also:
Constant Field Values

STATUS_NOTOKEN

public static final java.lang.String STATUS_NOTOKEN
One of the possible values for SERVLET_STATUS_HEADER. Indicates that the specified JSP session ID is no longer valid.

See Also:
Constant Field Values

SERVLET_RESULTXML_HEADER

public static final java.lang.String SERVLET_RESULTXML_HEADER
SERVLET_RESULTXML_HEADER is a custom header sent in the response from this servlet, if there was an error with op=getUserToken. It is set to XML in the form: "<response><errorcode>0</errorcode><description /></response>"

See Also:
Constant Field Values

SERVLET_RESULTXML_MESSAGE

public static final java.lang.String SERVLET_RESULTXML_MESSAGE
This is a format string for the SERVLET_RESULTXML_HEADER.

See Also:
Constant Field Values

RESULTXML_SUCCESS

public static final int RESULTXML_SUCCESS
These are error codes that will be sent in the result XML...

See Also:
Constant Field Values

RESULTXML_ERROR_NO_CREDENTIALS

public static final int RESULTXML_ERROR_NO_CREDENTIALS
See Also:
Constant Field Values

RESULTXML_ERROR_TOKEN_UNAVAILABLE

public static final int RESULTXML_ERROR_TOKEN_UNAVAILABLE
See Also:
Constant Field Values

RESULTXML_ERROR_VERIFY_FAILED

public static final int RESULTXML_ERROR_VERIFY_FAILED
See Also:
Constant Field Values

RESULTXML_ERROR_GENERAL_ERROR

public static final int RESULTXML_ERROR_GENERAL_ERROR
See Also:
Constant Field Values

writeTraceValue

protected static java.lang.String writeTraceValue

writeTrace

protected static boolean writeTrace

wsTokensNotEnabled

protected static WcmString wsTokensNotEnabled

wsCredentialsUnavailable

protected static WcmString wsCredentialsUnavailable
Constructor Detail

WcmCredentialsServlet

public WcmCredentialsServlet()
Method Detail

trace

public void trace(java.lang.String message)

traceRequest

public void traceRequest(java.lang.String lineno,
                         javax.servlet.http.HttpServletRequest req)

getCredentialsRequestURL

public static java.lang.String getCredentialsRequestURL(WcmDataStore ds,
                                                        java.lang.String remoteHost,
                                                        boolean wasBugFix,
                                                        java.lang.String originScheme,
                                                        java.lang.String originIP,
                                                        java.lang.String originPort,
                                                        java.lang.String originSessionId,
                                                        java.lang.String encodedSessionId,
                                                        java.lang.String userId,
                                                        java.lang.String password,
                                                        java.util.Map extraParameters)
                                                 throws java.lang.Exception
Deprecated. The parameter wasBugFix is no longer recognized. Use the new signature that does not include it.

Throws:
java.lang.Exception

getSessionToken

protected static java.lang.String getSessionToken(WcmDataStore ds,
                                                  java.lang.String appId,
                                                  java.lang.String userId,
                                                  java.lang.String password)
                                           throws java.lang.Exception
Throws:
java.lang.Exception

getCredentialsRequestURL

public static java.lang.String getCredentialsRequestURL(WcmDataStore ds,
                                                        java.lang.String remoteHost,
                                                        java.lang.String originScheme,
                                                        java.lang.String originIP,
                                                        java.lang.String originPort,
                                                        java.lang.String originSessionId,
                                                        java.lang.String encodedSessionId,
                                                        java.lang.String userId,
                                                        java.lang.String password,
                                                        java.util.Map extraParameters)
                                                 throws java.lang.Exception
Static utility method that constructs a URL to access the credentials servlet. For use by clients that need to access the credentials servlet.

Parameters:
ds - A reference to WcmDataStore.
remoteHost - Set to true to set remote credentials; otherwise, credentials are set locally to the servlet.
originIP - The origin IP where credentials should be set.
originPort - The origin port where credentials should be set.
originSessionId - The origin JSP session ID for which credentials should be set.
userId - The user's user ID.
password - The user's password.
extraParameters - Any additional credentials info (i.e. appId, domain, etc.).
Returns:
A URL properly formatted to do a GET request to the credentials servlet.
Throws:
java.lang.Exception

getXUserTokenRequestURL

public static java.lang.String getXUserTokenRequestURL(java.lang.String targetBase,
                                                       java.lang.String userId,
                                                       java.lang.String password,
                                                       java.util.Map extraParameters)
                                                throws java.lang.Exception
Deprecated. - Use the call that includes WcmDataStore.

Throws:
java.lang.Exception

getUserTokenRequestURL

public static java.lang.String getUserTokenRequestURL(WcmDataStore dataStore,
                                                      java.lang.String targetBase,
                                                      java.lang.String appId,
                                                      java.lang.String userId,
                                                      java.lang.String password,
                                                      java.util.Map extraParameters)
                                               throws java.lang.Exception
Static utility method that constructs a URL to access the credentials servlet and get a user token. For use by clients that need to access the credentials servlet.

Parameters:
dataStore - The dataStore.
targetBase - The base URL for redirection if successful.
userId - The user's user ID.
password - The user's password.
extraParameters - Any additional credentials info (i.e. appId, domain, etc.).
Returns:
A URL properly formatted to do a GET request to the credentials servlet.
Throws:
java.lang.Exception

getUserTokenRequestURL

public static java.lang.String getUserTokenRequestURL(java.lang.String targetBase)
                                               throws java.lang.Exception
Throws:
java.lang.Exception

getXInternalTokenRequestURL

public static java.lang.String getXInternalTokenRequestURL(java.lang.String targetBase,
                                                           java.lang.String userId,
                                                           java.lang.String password,
                                                           java.util.Map extraParameters)
                                                    throws java.lang.Exception
Deprecated. - Use the call that includes WcmDataStore.

Throws:
java.lang.Exception

getInternalTokenRequestURL

public static java.lang.String getInternalTokenRequestURL(WcmDataStore dataStore,
                                                          java.lang.String targetBase,
                                                          java.lang.String userId,
                                                          java.lang.String password,
                                                          WcmRequestMap extraParameters)
                                                   throws java.lang.Exception
Static utility method that constructs a URL to access the credentials servlet and get an internal token. For use by clients that need to access the credentials servlet.

Parameters:
dataStore - The dataStore.
targetBase - The base URL for redirection if successful.
userId - The user's user ID.
password - The user's password.
extraParameters - Any additional credentials info (i.e. appId, domain, etc.).
Returns:
A URL properly formatted to do a GET request to the credentials servlet.
Throws:
java.lang.Exception

getController

protected abstract WcmController getController()
Overrideable factory method to get the controller bean.

Returns:
a new instance of WcmController

getInitializedController

protected WcmController getInitializedController(javax.servlet.http.HttpServletRequest req,
                                                 javax.servlet.http.HttpServletResponse resp)
                                          throws java.lang.Exception
Throws:
java.lang.Exception

getSignInProcessor

protected WcmSignInProcessor getSignInProcessor(WcmController c,
                                                java.lang.String originIP,
                                                java.lang.String originPort,
                                                java.lang.String sessionId,
                                                java.lang.String originScheme,
                                                java.lang.String encodedSessionId)

getRequestParameterMap

public static java.util.Map getRequestParameterMap(javax.servlet.http.HttpServletRequest req)

initializeWriteTrace

protected void initializeWriteTrace()

doGet

protected void doGet(javax.servlet.http.HttpServletRequest req,
                     javax.servlet.http.HttpServletResponse resp)
              throws javax.servlet.ServletException,
                     java.io.IOException
The doGet method of the servlet is called by the Servlet container (JSP Server) when a GET request is being made.

Throws:
javax.servlet.ServletException
java.io.IOException

getLoginRoutingInfo

protected void getLoginRoutingInfo(WcmController c,
                                   javax.servlet.http.HttpServletResponse resp)
                            throws java.io.IOException,
                                   java.lang.Exception
Throws:
java.io.IOException
java.lang.Exception

getXMLParameter

protected java.lang.String getXMLParameter(org.w3c.dom.Document xmlDocument,
                                           java.lang.String xPath,
                                           org.w3c.dom.Element namespace)

doPost

protected void doPost(javax.servlet.http.HttpServletRequest req,
                      javax.servlet.http.HttpServletResponse resp)
               throws javax.servlet.ServletException,
                      java.io.IOException
The doPost method of the servlet is called by the Servlet container (JSP Server) when a POST request is being made.

Throws:
javax.servlet.ServletException
java.io.IOException

setFromXML

protected void setFromXML(WcmSignInProcessor signInProcessor,
                          java.lang.String appId,
                          java.lang.String userId,
                          java.lang.String password,
                          java.lang.String domain,
                          javax.servlet.http.HttpServletRequest req,
                          javax.servlet.http.HttpServletResponse resp)
                   throws java.lang.Exception
Throws:
java.lang.Exception

writeXMLResponse

protected void writeXMLResponse(javax.servlet.http.HttpServletResponse resp,
                                long status,
                                java.lang.Exception e)

setRemote

protected void setRemote(WcmSignInProcessor signInProcessor,
                         java.lang.String userId,
                         java.lang.String password,
                         WcmRequestMap extraParameters,
                         javax.servlet.http.HttpServletRequest req,
                         javax.servlet.http.HttpServletResponse resp)
                  throws java.lang.Exception
Throws:
java.lang.Exception

getSignInToken

protected void getSignInToken(WcmController c,
                              java.lang.String userId,
                              java.lang.String password,
                              WcmRequestMap extraParameters,
                              javax.servlet.http.HttpServletResponse resp)
                       throws java.lang.Exception
Throws:
java.lang.Exception

getUserToken

protected void getUserToken(WcmController c,
                            java.lang.String userId,
                            java.lang.String password,
                            WcmRequestMap extraParameters,
                            javax.servlet.http.HttpServletResponse resp)
                     throws java.lang.Exception
Throws:
java.lang.Exception

getToken

protected void getToken(UserTokenPolicyInterface utp,
                        java.lang.String userId,
                        java.lang.String password,
                        WcmRequestMap extraParameters,
                        javax.servlet.http.HttpServletResponse resp)
                 throws java.lang.Exception
Throws:
java.lang.Exception

getToken

protected void getToken(UserTokenPolicyInterface utp,
                        java.lang.String userId,
                        java.lang.String password,
                        WcmRequestMap extraParameters,
                        javax.servlet.http.HttpServletResponse resp,
                        java.util.Locale locale)
                 throws java.lang.Exception
Throws:
java.lang.Exception

setLocal

protected void setLocal(WcmSignInProcessor signInProcessor,
                        java.lang.String userId,
                        java.lang.String password,
                        WcmRequestMap extraParameters,
                        javax.servlet.http.HttpServletRequest req,
                        javax.servlet.http.HttpServletResponse resp,
                        java.lang.String wasMode)
                 throws java.lang.Exception
Throws:
java.lang.Exception


© Copyright IBM Corp. 2002, 2007. All Rights Reserved.