OnlineGlomLoginServlet.checkAuthentication(): Require HTTPS.
[online-glom:gwt-glom.git] / src / main / java / org / glom / web / client / activity / DocumentLoginActivity.java
1 /*
2  * Copyright (C) 2011 Openismus GmbH
3  *
4  * This file is part of GWT-Glom.
5  *
6  * GWT-Glom is free software: you can redistribute it and/or modify it
7  * under the terms of the GNU Lesser General Public License as published by the
8  * Free Software Foundation, either version 3 of the License, or (at your
9  * option) any later version.
10  *
11  * GWT-Glom is distributed in the hope that it will be useful, but WITHOUT
12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License
14  * for more details.
15  *
16  * You should have received a copy of the GNU Lesser General Public License
17  * along with GWT-Glom.  If not, see <http://www.gnu.org/licenses/>.
18  */
19
20 package org.glom.web.client.activity;
21
22 import org.glom.web.client.ClientFactory;
23 import org.glom.web.client.OnlineGlomLoginServiceAsync;
24 import org.glom.web.client.PlaceControllerExt;
25 import org.glom.web.client.StringUtils;
26 import org.glom.web.client.event.TableChangeEvent;
27 import org.glom.web.client.place.HasDocumentPlace;
28 import org.glom.web.client.ui.DocumentLoginView;
29 import com.google.gwt.core.client.GWT;
30 import com.google.gwt.event.dom.client.ClickEvent;
31 import com.google.gwt.event.dom.client.ClickHandler;
32 import com.google.gwt.event.shared.EventBus;
33 import com.google.gwt.place.shared.PlaceController;
34 import com.google.gwt.user.client.rpc.AsyncCallback;
35 import com.google.gwt.user.client.rpc.StatusCodeException;
36 import com.google.gwt.user.client.ui.AcceptsOneWidget;
37
38 public class DocumentLoginActivity extends HasDocumentActivity {
39
40         private final DocumentLoginView view;
41
42         public DocumentLoginActivity(final HasDocumentPlace place, final ClientFactory clientFactory) {
43                 super(place, clientFactory);
44                 this.view = clientFactory.getDocumentLoginView();
45         }
46         
47         private void goToPrevious() {
48                 final PlaceController placeController = clientFactory.getPlaceController();
49                 if(placeController instanceof PlaceControllerExt) {
50                         final PlaceControllerExt ext = (PlaceControllerExt)placeController;
51                         ext.previous();
52                 } else {
53                         GWT.log("The PlaceController was not a PlaceControllerExt.");
54                 }
55         }
56         
57         private void goToDefault() {
58                 final PlaceController placeController = clientFactory.getPlaceController();
59                 if(placeController instanceof PlaceControllerExt) {
60                         final PlaceControllerExt ext = (PlaceControllerExt)placeController;
61                         goTo(ext.getDefaultPlace());
62                 } else {
63                         GWT.log("The PlaceController was not a PlaceControllerExt.");
64                 }
65         }
66
67         @Override
68         public void start(final AcceptsOneWidget panel, final EventBus eventBus) {
69                 if (StringUtils.isEmpty(documentID)) {
70                         goToPrevious();
71                 }
72
73                 // register this class as the presenter
74                 view.setPresenter(this);
75
76                 //Find out if there is any need for authentication,
77                 //asking for the credentials if necessary:
78                 checkAuthentication(eventBus);
79
80                 // indicate that the view is ready to be displayed
81                 panel.setWidget(view.asWidget());
82         }
83
84         @Override
85         protected void clearView() {
86                 super.clearView();
87                 view.clear();
88         }
89
90         /*
91          * (non-Javadoc)
92          * 
93          * @see com.google.gwt.activity.shared.AbstractActivity#onCancel()
94          */
95         @Override
96         public void onCancel() {
97                 clearView();
98         }
99
100         /*
101          * (non-Javadoc)
102          * 
103          * @see com.google.gwt.activity.shared.AbstractActivity#onStop()
104          */
105         @Override
106         public void onStop() {
107                 clearView();
108         }
109         
110         //TODO: Remove or modify this in the base class.
111         /**
112          * @param eventBus
113          */
114         protected void checkAuthentication(final EventBus eventBus) {
115                 if(StringUtils.isEmpty(documentID)) {
116                         //TODO: Show that no document was chosen?
117                         return;
118                 }
119
120                 // Check if the authentication info has been set for the document
121                 final AsyncCallback<Boolean> isAuthCallback = new AsyncCallback<Boolean>() {
122                         @Override
123                         public void onFailure(final Throwable caught) {
124                                 // TODO: create a way to notify users of asynchronous callback failures
125                                 if(caught instanceof StatusCodeException) {
126                                         final StatusCodeException statusException = (StatusCodeException)caught;
127                                         if(statusException.getStatusCode() == 403) {
128                                                 //Warn that login cannot work unless the login servlet is served via HTTPS.
129                                                 //And actually, the entire site must be served via HTTPS,
130                                                 //or we would violate the Same Origin Policy by mixing protocols.
131                                                 GWT.log("AsyncCallback Failed: OnlineGlomService.isAuthenticated(): with 403 status code, probably because the documentLogin servlet is not available via HTTPS. " +
132                                                                 "If you need to use login then you need to serve the entire site as HTTPS only." +
133                                                                 "\n  Full error message: " + caught.getMessage());
134                                         } else {
135                                                 GWT.log("AsyncCallback FailedOnlineGlomLoginService.isAuthenticated(): with status code=" + statusException.getStatusCode() + ": " + caught.getMessage());
136                                         }
137                                 } else {
138                                         GWT.log("AsyncCallback Failed: OnlineGlomLoginService.isAuthenticated(): " + caught.getMessage());
139                                 }
140                         }
141         
142                         @Override
143                         public void onSuccess(final Boolean result) {
144                                 if (!result) {
145                                         //If the user is not already authenticated,
146                                         //then attempt that:
147                                         setUpAuthClickHandlers(eventBus);
148                                 } else {
149                                         // The user was already authenticated, so go to the previous (or default) page:
150                                         goToPrevious();
151                                         eventBus.fireEvent(new TableChangeEvent(clientFactory.getTableSelectionView()
152                                                         .getSelectedTableName()));
153                                 }
154                         }
155                 };
156                 OnlineGlomLoginServiceAsync.Util.getInstance().isAuthenticated(documentID, isAuthCallback);
157         }
158
159         private void setUpAuthClickHandlers(final EventBus eventBus) {
160                 
161                 //The login button:
162                 view.setClickLoginHandler(new ClickHandler() {
163                         @Override
164                         public void onClick(final ClickEvent event) {
165                                 view.setTextFieldsEnabled(false);
166         
167                                 final AsyncCallback<Boolean> callback = new AsyncCallback<Boolean>() {
168                                         @Override
169                                         public void onFailure(final Throwable caught) {
170                                                 // TODO: create a way to notify users of asynchronous callback failures
171                                                 GWT.log("AsyncCallback Failed: OnlineGlomService.checkAuthentication(): " + caught.getMessage());
172                                         }
173         
174                                         @Override
175                                         public void onSuccess(final Boolean result) {
176                                                 if (result) {
177                                                         // If authentication succeeded, take us to the requested table:
178                                                         goToPrevious();
179                                                         //eventBus.fireEvent(new TableChangeEvent(clientFactory.getTableSelectionView()
180                                                         //              .getSelectedTableName()));
181                                                 } else {
182                                                         // If authentication failed, tell the user:
183                                                         view.setTextFieldsEnabled(true);
184                                                         view.setError();
185                                                 }
186                                         }
187                                 };
188                                 OnlineGlomLoginServiceAsync.Util.getInstance().checkAuthentication(documentID,
189                                                 view.getUsername(), view.getPassword(), callback);
190                         }
191                 });
192                 
193                 //The cancel button:
194                 view.setClickCancelHandler(new ClickHandler() {
195                         @Override
196                         public void onClick(final ClickEvent event) {
197                                 goToDefault();
198                         }
199                 });
200         }
201
202 }