package pt.ist.renderers.servlets.ajax; import java.io.IOException; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.util.concurrent.ConcurrentHashMap; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.joda.time.DateTime; import pt.ist.bennu.core.security.Authenticate.SessionUserWrapper; import pt.ist.bennu.core.security.UserView; import pt.ist.renderers.servlets.json.JsonObject; public class JsonServlet extends HttpServlet { public static final String PURGE_METHOD = "purge"; public static final String REQUEST_OBJECT_METHOD = "request"; public static final String TOKEN_PARAMETER_NAME = "token"; public static final String ACTION_PARAMETER_NAME = "action"; private static ConcurrentHashMap tokenMap = new ConcurrentHashMap(); @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { process(req, resp); } @Override protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { process(req, resp); } private void process(HttpServletRequest req, HttpServletResponse resp) { String actionToPerform = req.getParameter(ACTION_PARAMETER_NAME); if (actionToPerform.equals(PURGE_METHOD)) { purge(req, resp); } else if (actionToPerform.equals(REQUEST_OBJECT_METHOD)) { serve(req, resp); } } private void serve(HttpServletRequest req, HttpServletResponse resp) { resp.setContentType("text/html"); String token = req.getParameter(TOKEN_PARAMETER_NAME); if (token != null) { JsonObject object = tokenMap.get(token); try { if (object != null) { resp.getWriter().write(object.getJsonString()); } } catch (IOException e) { e.printStackTrace(); } } } private void purge(HttpServletRequest req, HttpServletResponse resp) { String token = req.getParameter(TOKEN_PARAMETER_NAME); if (token != null) { tokenMap.remove(token); } } public static String getTokenFor(JsonObject jsonObject) { SessionUserWrapper user = UserView.getSessionUserWrapper(); if (user == null) { throw new RuntimeException("access.control.error.only.authenticated.users.can.request.tokens"); } StringBuilder hash = new StringBuilder(user.getPrivateConstantForDigestCalculation()); hash.append(user.getUser().getUsername()); hash.append(user.getUserCreationDateTime().toString()); hash.append(new DateTime()); String digest; try { MessageDigest algorithm = MessageDigest.getInstance("MD5"); algorithm.reset(); algorithm.update(hash.toString().getBytes()); byte messageDigest[] = algorithm.digest(); StringBuffer hexString = new StringBuffer(); for (int i = 0; i < messageDigest.length; i++) { hexString.append(Integer.toHexString(0xFF & messageDigest[i])); } digest = hexString.toString(); } catch (NoSuchAlgorithmException e) { throw new RuntimeException(e); } tokenMap.put(digest, jsonObject); return digest; } }