Added support for SSO between cluster nodes.

git-svn-id: http://svn.igniterealtime.org/svn/repos/openfire/trunk@9319 b35dd754-fafc-0310-a699-88a17e54d16e

Added support for SSO between cluster nodes.
git-svn-id: http://svn.igniterealtime.org/svn/repos/openfire/trunk@9319 b35dd754-fafc-0310-a699-88a17e54d16e
1ed0983f · Gaston Dombiak · gato · 30e9bb67 · 1ed0983f
Commit 1ed0983f authored Oct 16, 2007 by Gaston Dombiak Committed by gato Oct 16, 2007
Show whitespace changes
Inline Side-by-side

Showing with 29 additions and 13 deletions

login.jsp src/web/login.jsp +29 -13

No files found.
--- a/src/web/login.jsp
+++ b/src/web/login.jsp
@@ -14,6 +14,8 @@
 <%@ page import="org.jivesoftware.util.*"%>
 <%@ page import="org.jivesoftware.openfire.XMPPServer"%>
 <%@ page import="org.xmpp.packet.JID"%>
+<%@ page import="org.jivesoftware.openfire.container.AdminConsolePlugin" %>
+<%@ page import="org.jivesoftware.openfire.cluster.ClusterManager" %>

 <%@ taglib uri="http://java.sun.com/jstl/core_rt" prefix="c" %>
 <%@ taglib uri="http://java.sun.com/jstl/fmt_rt" prefix="fmt" %>
@@ -51,16 +53,20 @@
 %>

 <% // get parameters
-    String username = ParamUtils.getParameter(request,"username");
-    if(username != null){
+    String username = ParamUtils.getParameter(request, "username");
+    if (username != null) {
        username = JID.escapeNode(username);
    }
    // Escape HTML tags in username to prevent cross-site scripting attacks. This
    // is necessary because we display the username in the page below.
    username = org.jivesoftware.util.StringUtils.escapeHTMLTags(username);

-    String password = ParamUtils.getParameter(request,"password");
-    String url = ParamUtils.getParameter(request,"url");
+    String password = ParamUtils.getParameter(request, "password");
+    String url = ParamUtils.getParameter(request, "url");
+
+    // SSO between cluster nodes
+    String secret = ParamUtils.getParameter(request, "secret");
+    String nodeID = ParamUtils.getParameter(request, "nodeID");

    // The user auth token:
    AuthToken authToken;
@@ -69,7 +75,7 @@

    boolean errors = false;

-	if (ParamUtils.getBooleanParameter(request,"login")) {
+    if (ParamUtils.getBooleanParameter(request, "login")) {
        try {
            if (authorizedUsernames != null && !authorizedUsernames.isEmpty()) {
                if (!authorizedUsernames.containsKey(username)) {
@@ -81,7 +87,17 @@
                    throw new UnauthorizedException("Only user 'admin' may login.");
                }
            }
+            if (secret != null && nodeID != null) {
+                if (StringUtils.hash(AdminConsolePlugin.secret).equals(secret) && ClusterManager.isClusterMember(Base64.decode(nodeID, Base64.URL_SAFE))) {
+                    authToken = new AuthToken(username);
+                }
+                else {
+                    throw new UnauthorizedException("SSO failed. Invalid secret or node ID was provided");
+                }
+            }
+            else {
                authToken = AuthFactory.authenticate(username, password);
+            }
            session.setAttribute("jive.admin.authToken", authToken);
            response.sendRedirect(go(url));
            return;