Java tutorial
/* * Licensed to the Apache Software Foundation (ASF) under one or more * contributor license agreements. See the NOTICE file distributed with * this work for additional information regarding copyright ownership. * The ASF licenses this file to You under the Apache License, Version 2.0 * (the "License"); you may not use this file except in compliance with * the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.apache.wicket.authentication.strategy; import org.apache.wicket.Application; import org.apache.wicket.authentication.IAuthenticationStrategy; import org.apache.wicket.util.cookies.CookieDefaults; import org.apache.wicket.util.cookies.CookieUtils; import org.apache.wicket.util.crypt.CachingSunJceCryptFactory; import org.apache.wicket.util.crypt.ICrypt; import org.apache.wicket.util.lang.Args; import org.apache.wicket.util.string.Strings; import org.slf4j.Logger; import org.slf4j.LoggerFactory; /** * Wicket's default implementation of an authentication strategy. It'll concatenate username and * password, encrypt it and put it into one Cookie. * * @author Juergen Donnerstag */ public class DefaultAuthenticationStrategy implements IAuthenticationStrategy { private static final Logger logger = LoggerFactory.getLogger(DefaultAuthenticationStrategy.class); /** The cookie name to store the username and password */ protected final String cookieKey; /** The key to use for encrypting/decrypting the cookie value */ protected final String encryptionKey; /** The separator used to concatenate the username and password */ protected final String VALUE_SEPARATOR = "-sep-"; /** Cookie utils with default settings */ private CookieUtils cookieUtils; /** Use to encrypt cookie values for username and password. */ private ICrypt crypt; /** * Constructor * * @param cookieKey * The name of the cookie */ public DefaultAuthenticationStrategy(final String cookieKey) { this(cookieKey, defaultEncryptionKey(cookieKey)); } private static String defaultEncryptionKey(String cookieKey) { if (Application.exists()) { return Application.get().getName(); } return cookieKey; } public DefaultAuthenticationStrategy(final String cookieKey, final String encryptionKey) { this.cookieKey = Args.notEmpty(cookieKey, "cookieKey"); this.encryptionKey = Args.notEmpty(encryptionKey, "encryptionKey"); } /** * Make sure you always return a valid CookieUtils * * @return CookieUtils */ protected CookieUtils getCookieUtils() { if (cookieUtils == null) { CookieDefaults settings = new CookieDefaults(); settings.setHttpOnly(true); cookieUtils = new CookieUtils(settings); } return cookieUtils; } /** * @return The crypt engine to be used */ protected ICrypt getCrypt() { if (crypt == null) { CachingSunJceCryptFactory cryptFactory = new CachingSunJceCryptFactory(encryptionKey); crypt = cryptFactory.newCrypt(); } return crypt; } @Override public String[] load() { String value = getCookieUtils().load(cookieKey); if (Strings.isEmpty(value) == false) { try { value = getCrypt().decryptUrlSafe(value); } catch (RuntimeException e) { logger.info( "Error decrypting login cookie: {}. The cookie will be deleted. Possible cause is that a session-relative encryption key was used to encrypt this cookie while this decryption attempt is happening in a different session, eg user coming back to the application after session expiration", cookieKey); getCookieUtils().remove(cookieKey); value = null; } return decode(value); } return null; } /** * This method will decode decrypted cookie value based on application needs * * @param value decrypted cookie value * @return decomposed values array, or null in case cookie value was empty. */ protected String[] decode(String value) { if (Strings.isEmpty(value) == false) { String username = null; String password = null; String[] values = value.split(VALUE_SEPARATOR); if ((values.length > 0) && (Strings.isEmpty(values[0]) == false)) { username = values[0]; } if ((values.length > 1) && (Strings.isEmpty(values[1]) == false)) { password = values[1]; } return new String[] { username, password }; } return null; } @Override public void save(final String credential, final String... extraCredentials) { String encryptedValue = getCrypt().encryptUrlSafe(encode(credential, extraCredentials)); getCookieUtils().save(cookieKey, encryptedValue); } /** * This method can be overridden to provide different encoding mechanism * * @param credential * @param extraCredentials * @return String representation of the parameters given */ protected String encode(final String credential, final String... extraCredentials) { StringBuilder value = new StringBuilder(credential); if (extraCredentials != null) { for (String extraCredential : extraCredentials) { value.append(VALUE_SEPARATOR).append(extraCredential); } } return value.toString(); } @Override public void remove() { getCookieUtils().remove(cookieKey); } }