import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class verifyssl extends HttpServlet
{
private static final long serialVersionUID = 1L;
private static final String PASSWORD = "password";
public verifyssl()
{ super();
}
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException
{
response.setContentType( "text/html" ); // MIME type
PrintWriter servletresponse = null;
try{
servletresponse = response.getWriter();
}
catch( Exception e )
{
System.err.println( "Unable to create a PrintWriter" );
e.printStackTrace();
System.exit( 1 );
}
outputXHTMLHeader( "verifyssl", servletresponse );
servletresponse.println( "<body>" );
String logout = request.getParameter( "logout" );
String servicePassword = request.getParameter( "servicePassword" );
try
{
UserSession current = new UserSession( request );
UserInput command = new UserInput( request );
if( logout != null && !logout.isEmpty() && logout.equals( "logout" ) )
{
current.setSessionInvalid();
servicePassword = "";
logout = "";
servletresponse.println( "Successfully Logged Out." );
}
/* if( current.isSessionExpired() ) { } */
if( isPasswordValid( servicePassword ) )
{ current.setSessionValid();
servicePassword = ""; //don't remember the password, just the session
logout = "";
}
if( current.isSessionValid() )
{
current.displaySessionInfo( servletresponse );
displayInputForm( request , servletresponse );
if( command.isInputValid() )
{ command.displayInput( servletresponse );
}
}
if( !(current.isSessionValid()) )
{
servicePassword = "";
logout = "";
servletresponse.println( "Please log in: ");
displayPasswordForm( request , servletresponse );
}
servletresponse.println( "</body></html>" );
servletresponse.close();
}catch( Exception e )
{
e.printStackTrace();
}
} //end doGet()
private void displayInputForm( HttpServletRequest request , PrintWriter servletresponse )
{
String contextPath = request.getContextPath();
String servletName = getServletName();
String submitTarget = contextPath + "/" + servletName;
servletresponse.println( "<form id='submitbutton' action='" + submitTarget + "' method='post' >" );
servletresponse.println( "<span><label><input type='radio' name='userinput' value='ls' checked /> ls </label></span>" );
servletresponse.println( "<span><label><input type='radio' name='userinput' value='date'/> date </label></span>" );
servletresponse.println( "<div><input type='submit' name='submit' value='submit'/></div>" );
servletresponse.println( "<div><input type='submit' name='logout' value='logout'/></div>" );
servletresponse.println( "</form>" );
}
private void displayPasswordForm( HttpServletRequest request , PrintWriter servletresponse )
{
String contextPath = request.getContextPath();
String servletName = getServletName();
String submitTarget = contextPath + "/" + servletName;
servletresponse.println( "<form id='getpassword' action='" + submitTarget + "' method=\"post\" >" );
servletresponse.println( "<input type='password' name='servicePassword'/>" );
servletresponse.println( "<span><input type='submit' value='login'/></span>" );
servletresponse.println( "</form>" );
javascriptFormFocus( "getpassword" , "servicePassword" , servletresponse );
}
private static void javascriptFormFocus( String formname , String inputname , PrintWriter servletresponse )
{
servletresponse.println( "<script type='text/javascript' language='JavaScript'>" );
servletresponse.println( "document.forms['" + formname + "'].elements['" + inputname + "'].focus(); </script>" );
}
private static boolean isPasswordValid( String input )
{
boolean result = false;
if( input != null && !input.isEmpty() && input.equals( PASSWORD ) ) // injection protection for <html/javascript>?
{
result = true;
}
return result;
}
private static void outputXHTMLHeader( String title , PrintWriter servletresponse )
{
servletresponse.println( "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.1//EN\" \"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd\">");
servletresponse.println( "<html xmlns=\"http://www.w3.org/1999/xhtml\">" );
servletresponse.println( "<head><title>" + title + "</title>" );
servletresponse.println( "<meta http-equiv=\"Content-Type\" content=\"text/html;charset=utf-8\" />" );
servletresponse.println( "</head>" );
} //end outputXHTMLHeader
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException
{
doGet( request, response);
}
} //end class
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
import java.io.PrintWriter;
import javax.servlet.http.HttpServletRequest;
class UserInput
{
private String input;
UserInput( HttpServletRequest request )
{ input = request.getParameter( "userinput" );
}
protected boolean isInputValid( )
{
boolean result = false;
if( input != null && !input.isEmpty() ) // needs code injection protection against <html/javascript>
{
result = true;
}
return result;
}
protected void displayInput( PrintWriter servletresponse )
{
String lessthanresult = input.replaceAll( "<", "<" );
String sanitizedResult = lessthanresult.replaceAll( ">", ">" );
servletresponse.println( "received: <pre>" + sanitizedResult + "</pre><br />");
}
} //end class
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
import java.io.PrintWriter;
import java.util.Date;
import javax.servlet.http.HttpSession;
import javax.servlet.http.HttpServletRequest;
class UserSession
{
private HttpSession session;
UserSession( HttpServletRequest request )
{
session = request.getSession( );
setExpirationMinutes( 1 );
}
protected void displaySessionInfo( PrintWriter servletresponse )
{
servletresponse.println( "<pre>" );
servletresponse.println( "New session: " + session.isNew() );
servletresponse.println( "sessionid: " + session.getId() + " created " + new Date( session.getCreationTime()) );
servletresponse.println( "Last access: " + new Date( session.getLastAccessedTime()) );
servletresponse.println( "MaxInactive: " + session.getMaxInactiveInterval() );
servletresponse.println("</pre>");
}
protected boolean isSessionValid( )
{
boolean result = false;
if( session != null )
{
Object sessionToken = session.getAttribute( "isSessionValid" );
if( sessionToken != null )
{
String sessionTokenString = sessionToken.toString();
if( !sessionTokenString.isEmpty() && sessionTokenString.equals( "1" ) ) //todo: complex cryptographic token
{
result = true;
}
}
}
return result;
}
protected long sessionExpiration()
{ return ( session.getMaxInactiveInterval() );
}
protected long sessionLastAccess()
{ return (session.getLastAccessedTime() );
}
protected boolean isSessionExpired()
{
boolean result = false;
long lastaccesstimemilliseconds = session.getLastAccessedTime();
long currenttimemilliseconds = System.currentTimeMillis();
long maxinactiveseconds = session.getMaxInactiveInterval();
if( currenttimemilliseconds - lastaccesstimemilliseconds > maxinactiveseconds * 1000)
{
result = true;
}
return result;
}
protected boolean setSessionValid( )
{
boolean result = false;
if( session != null )
{
session.setAttribute( "isSessionValid" , "1" ); //todo: complex cryptographic token
result = true;
}
return result;
}
protected boolean setSessionInvalid( )
{
boolean result = false;
try{
if( session != null )
{
session.setAttribute( "isSessionValid" , "0" );
// session.invalidate(); // not sure why
result = true;
}
}catch( Exception e )
{ e.printStackTrace();
}
return result;
}
private void setExpirationMinutes( int minutes )
{
if( session != null )
{ session.setMaxInactiveInterval( minutes * 60 );
}
}
} // end UserSession class