Java tutorial
/* USE THIS FILE ACCORDING TO THE COPYRIGHT RULES IN LICENSE.TXT WHICH IS PART OF THE SOURCE CODE PACKAGE */ package your.app; import java.io.IOException; import java.math.BigInteger; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.security.SecureRandom; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; /** * This servlet generates the tokens used to connect the browser with JSFS Agent. * The web.xml constrains access to the servlet by an authentication mechanism. */ public class AuthenticationServlet extends HttpServlet { private static final long serialVersionUID = -3891364599072873699L; private static Log log = LogFactory.getLog(AuthenticationServlet.class); /** * A secret value used to compute the token. */ private long secret = new SecureRandom().nextLong(); /** * @see HttpServlet#HttpServlet() */ public AuthenticationServlet() { super(); } @Override public void destroy() { super.destroy(); } /** * Create JSFS token. * @param userName User name * @param remoteAddr Remote address * @return MD5 hash of user + address + secret */ private String createToken(String userName, String remoteAddr) { if (log.isDebugEnabled()) log.debug("createToken(userName=" + userName + ", remoteAddr=" + remoteAddr); String token = null; if (userName != null && userName.length() != 0) { String plaintext = userName + "*" + remoteAddr + "*" + secret; try { MessageDigest m = MessageDigest.getInstance("MD5"); m.reset(); m.update(plaintext.getBytes()); byte[] digest = m.digest(); BigInteger bigInt = new BigInteger(1, digest); token = bigInt.toString(16); } catch (NoSuchAlgorithmException e) { log.error("Create token failed", e); } } if (log.isDebugEnabled()) log.debug(")createToken=" + token); return token; } /** * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse * response) */ protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { if (log.isDebugEnabled()) log.debug("doGet("); // Create a JSFS Token? if (request.getParameter("jsfstoken") != null) { String token = createToken(request.getRemoteUser(), ""); // should use request.getRemoteAddr(), "" makes testing easier if (token != null) { // JSFS does not require a HttpSession. // If a session is created here, the browser and JSFS agent will // receive different sessions, unless you use your own session manager. // http://tomcat.apache.org/tomcat-7.0-doc/config/manager.html response.setContentType("text/plain"); response.getWriter().print(token); } else { response.sendError(HttpServletResponse.SC_UNAUTHORIZED); } } else { // Your servlet implementation. // Maybe create a HttpSession... super.doGet(request, response); } if (log.isDebugEnabled()) log.debug(")doGet"); } }