photosharing.api.LoginServlet.java Source code

Java tutorial

  1. HOME
  2. Java
  3. photosharing.api.LoginServlet.java

Introduction

Here is the source code for photosharing.api.LoginServlet.java

Source

/**
 *  Copyright IBM Corp. 2016
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at:
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
 * implied. See the License for the specific language governing
 * permissions and limitations under the License.
 */
package photosharing.api;

import java.io.IOException;
import java.security.Principal;

import javax.servlet.Servlet;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import org.apache.commons.codec.binary.Base64;
import org.apache.http.HttpStatus;

/**
 * Servlet implementation class LoginServlet
 * 
 * @author Paul Bastide <pbastide@us.ibm.com>
 */
@WebServlet({ "/login" })
public class LoginServlet extends HttpServlet {
    private static final long serialVersionUID = 9999L;

    /**
     * constructor for the Auth Servlet 
     * @see HttpServlet#HttpServlet()
     */
    public LoginServlet() {
        super();
    }

    /**
     * Initializes the servlet
     * @see Servlet#init(ServletConfig)
     */
    public void init(ServletConfig config) throws ServletException {

    }

    /**
     * Manages the authorization for a given user, creates a session or returns session invalid
     * 
     * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
     */
    protected void doGet(HttpServletRequest request, HttpServletResponse response)
            throws ServletException, IOException {

        /*
         * Checks to see if the User is logged in forces logout for any existing user, you wouldn't actually do this in production
         */
        Principal user = request.getUserPrincipal();
        if (user != null) {
            HttpSession session = request.getSession(false);
            if (session != null) {
                session.invalidate();
            }

            request.logout();

        }

        /*
         * Authorizes the User
         */
        String auth = request.getHeader("Authorization");

        if (auth != null && !auth.isEmpty()) {
            auth = auth.replace("Basic ", "");

            String authDecoded = new String(Base64.decodeBase64(auth));

            String[] creds = authDecoded.split(":");
            String username = creds[0];
            String password = creds[1];
            try {
                request.login(username, password);
                request.getSession(true);
            } catch (Exception e) {
                response.setStatus(HttpStatus.SC_UNAUTHORIZED);
            }

        } else {
            response.setStatus(HttpStatus.SC_BAD_REQUEST);
        }

    }
}