Index

Edit BreadCrumbFilter.java

  1. Edit BreadCrumbFilter.java to get cookies and auto-login the user. This file is located in src/web/org/appfuse/webapp/filter. 
    // Get the relevant cookies for the "remember me" feature
Cookie rememberMe = RequestUtil.getCookie(request, "rememberMe");
Cookie passCookie = RequestUtil.getCookie(request, "password");
String password =
    (passCookie != null)
    ? URLDecoder.decode(passCookie.getValue(), "UTF-8") : null;

// Detect if authentication has failed - indicated by the 
// error=true parameter from the <form-error-page> in web.xml
// StringUtils.equals is a convenience method from commons-lang 
// that handlesnulls gracefully.
boolean authFailed =
    StringUtils.equals(request.getParameter("error"), "true");

// Check to see if the user is logging out, if so, remove the
// rememberMe cookie and password cookie.
if ((authFailed ||
        (request.getRequestURL().indexOf("logout") != -1)) &&
        (rememberMe != null)) {
    if (log.isDebugEnabled()) {
        log.debug("deleting rememberMe-related cookies");
    }

    response = RequestUtil.deleteCookie(response, rememberMe);
    response = RequestUtil.deleteCookie(response, passCookie);
}

// Check to see if the user is logging in.  If so, check to see
// if they have enabled rememberMe functionality.
// Only attempt to authenticate when "login" is requested
if ((request.getRequestURL().indexOf("login") != -1)) {
    // Check to see if we should automatically login the user
    // container is routing user to login page, check for  
    // rememberMe cookie
    Cookie userCookie = RequestUtil.getCookie(request, "username");
    String username =
        (passCookie != null)
        ? URLDecoder.decode(userCookie.getValue(), "UTF-8") : null;

    if ((rememberMe != null) && (password != null)) {
        // authenticate user without displaying login page
        String route =
            request.getContextPath() +
            "/j_security_check?j_username=" + username +
            "&j_password=" + StringUtil.decodeString(password);

        if (log.isDebugEnabled()) {
            log.debug("I remember you '" + username +
                      "', attempting to authenticate...");
        }

        response.sendRedirect(response.encodeRedirectURL(route));

        return;
    }
}
prev next
Slide No: 5