/* * Copyright 2005 Andreas Schmidt * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * *     http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. *//** * Declare an object to which we can add real functions. */if (dwr == null) var dwr = {};if (dwr.auth == null) dwr.auth = {};if (DWRAuthentication == null) var DWRAuthentication = dwr.auth;//// Application-wide stuff//// enabled-status flagdwr.auth._enabled = false;// stores the original MetaDataWarningHandler of DWREngingdwr.auth._dwrHandleBatchExeption = null;// give dwr.auth the controldwr.auth.enable = function () {  if (dwr.auth._enabled) {    alert("dwr.auth already enabled");    return;  }  dwr.auth._enabled = true;  dwr.auth._dwrHandleBatchExeption = dwr.engine._handleError;  dwr.engine._handleError = dwr.auth.authWarningHandler;}// resume dwr.authdwr.auth.disable = function() {  if (!dwr.auth._enabled) {    alert("dwr.auth not enabled");    return;  }  dwr.engine._handleError = dwr.auth._dwrHandleBatchExeption;  dwr.auth._dwrHandleBatchExeption = null;  dwr.auth._enabled = false;}// define the url that is protected by servlet-securitydwr.auth._protectedURL = null;dwr.auth.setProtectedURL = function(url) {  dwr.auth._protectedURL = url;}//// setters for the various authentication-callback// and their default-implementataions.// callback-functions have to return true, if they want, that// dwr resends the resumed original request.// // authentication required: a dwr request has some authorizations-rules,// but there's no user attached to the current sessiondwr.auth.defaultAuthenticationRequiredHandler = function(batch,ex) {  alert(ex.message);  return false;}dwr.auth._authRequiredHandler = dwr.auth.defaultAuthenticationRequiredHandler;dwr.auth.setAuthenticationRequiredHandler = function(handler) {  dwr.auth._authRequiredHandler = handler;}// authentication failed: the server didn't accept the given credentialsdwr.auth.defaultAuthenticationFailedHandler = function(login_form) {  alert("Login failed");  return false;}dwr.auth._authFailedHandler = dwr.auth.defaultAuthenticationFailedHandler;dwr.auth.setAuthenticationFailedHandler = function(handler) {  dwr.auth._authFailedHandler = handler;}// access denied: the current session's user is not privileged to do// the remote calldwr.auth.defaultAccessDeniedHandler = function(batch,ex) {  alert(ex.message);  return false;}dwr.auth._accessDeniedHandler = dwr.auth.defaultAccessDeniedHandler;dwr.auth.setAccessDeniedHandler = function(handler) {  dwr.auth._accessDeniedHandler = handler;}// authenficiation success: the user was successful authenticateddwr.auth.defaultAuthenticationSuccessHandler = function (msg) {  return true;}dwr.auth._successHandler = dwr.auth.defaultAuthenticationSuccessHandler;dwr.auth.setAuthenticationSuccessHandler = function(handler) {  dwr.auth._successHandler = handler;}// stores the last dwr-request-batch that dwr didn't process because of// authenfication/authorization-issuesdwr.auth._batch = null;// makes a deep-copy of a given javascript-objectdwr.auth._deepCopy = function(source) {  var destination = {};  for (property in source) {    var value = source[property];    if (typeof value != 'object') {      //alert("simple property:"+property);      destination[property] = value;    }    else if ( value instanceof Array) {      //alert("array property:"+property+"("+value.length+")");      // since the batch-arrays never get changed after       // execution, we don't have to do a deepcopy for reexecution      // otherwise we would have to iterate by value.length, which      // could take quite long for sparsely populated batchIds-array      destination[property] = value;    }    else {      //alert("object property:"+property);      destination[property] = dwr.auth._deepCopy(value);    }  }  return destination;}// make a copy of the batch that we can replay laterdwr.auth._cloneBatch = function(batch) {  var req = batch.req;  var div = batch.div;  var form = batch.form;  var iframe = batch.iframe;  var script = batch.script;  delete batch.req;  delete batch.div;  delete batch.form;  delete batch.iframe;  delete batch.script;  var clone = dwr.auth._deepCopy(batch);  batch.req = req;  batch.div = div;  batch.form = form;  batch.iframe = iframe;  batch.script = script;    clone.completed = false;  clone.map.httpSessionId = dwr.engine._getJSessionId();  clone.map.scriptSessionId = dwr.engine._getScriptSessionId();  return clone;}dwr.auth._exceptionPackage = "org.directwebremoting.extend.";// replacement for dwr's MetaDataWarningHandlerdwr.auth.authWarningHandler = function(batch, ex) {  if (batch == null || typeof ex != "object" || ex.type == null    || ex.type.indexOf(dwr.auth._exceptionPackage) != 0) {    dwr.auth._dwrHandleBatchExeption(batch, ex);    return;  }  var errorType = ex.type.substring(dwr.auth._exceptionPackage.length);  //alert("errorCode="+errorType);  switch (errorType) {    case "LoginRequiredException":      dwr.auth._batch = dwr.auth._cloneBatch(batch);      if (dwr.auth._authRequiredHandler(batch,ex)) {        dwr.auth._replayBatch();      }      break;    case "AccessDeniedException":      dwr.auth._batch = dwr.auth._cloneBatch(batch);      if (dwr.auth._accessDeniedHandler(batch,ex)) {        dwr.auth._replayBatch();      }      break;    default:      dwr.auth._dwrHandleBatchExeption(batch, ex);  }}// resend a rejected request with dwr.enginedwr.auth._replayBatch = function() {  if (dwr.auth._batch == null) {    alert("no batch to replay!");    return;  }  else {    //alert("replay batch "+dwr.auth._batch);  }  var caller = function() {    var batch = dwr.auth._batch;    dwr.auth._batch = null;    dwr.engine._batches[dwr.engine._batches.length] = batch;    dwr.engine._sendData(batch);  };  // give dwr some time to finish the old batch processing  setTimeout( caller, 200);}// use some minimal protection with a private class// to prevent acess to credentials from other javascript codedwr.auth.ServletLoginProcessor = function() {  var login = null;  var password = null;  this.setLogin = function(aLogin) {    login = aLogin;  }  this.getLogin = function() {    return login;  }  this.setPassword = function(aPassword) {    password = aPassword;  }  this.login = function(login_form) {    login_form.j_username.value = login;    login_form.j_password.value = password;    login_form.submit();    // just because i'm paranoid: clear password    password = null;  }}dwr.auth._loginProcessor = new dwr.auth.ServletLoginProcessor();dwr.auth.authenticate = function(login, password) {  var processor = dwr.auth._loginProcessor;  processor.setLogin(login);  processor.setPassword(password);  // call login-test url in iframe  var div = document.createElement("div");  div.innerHTML = "<iframe src='"+dwr.auth._protectedURL+"' frameborder='0' width='0' height='0' id='login_frame' name='login_frame' style='width:0px; height:0px; border:0px;'></iframe>";  document.body.appendChild(div);}dwr.auth._loginCallback = function(login_form) {  dwr.auth._loginProcessor.login(login_form);}dwr.auth._loginFailedCallback = function(login_form) {  dwr.auth._authFailedHandler(login_form);}dwr.auth._loginSucceededCallback = function(msg) {  if (dwr.auth._successHandler(msg)) {    dwr.auth._replayBatch();  }}