<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> <%@ page trimDirectiveWhitespaces="true" %> <%@ page import="org.crosswire.utils.Utils" %> <%@ page import="org.crosswire.community.RightsAndRoles" %> <%@ page import="org.crosswire.community.RightsAndRoles.User" %> <% String userName = request.getParameter("userName"); if (userName != null) userName = new String(userName.getBytes("iso8859-1"), "UTF-8"); else userName = request.getParameter("userID"); // re-use userName variable for local bypass to send userID String passwd = request.getParameter("passwd"); if (passwd != null) passwd = new String(passwd.getBytes("iso8859-1"), "UTF-8"); if (userName != null && passwd != null) { response.setContentType("text/xml"); User user = null; System.out.println("VMR web services auth/session/open: requested auth for user: " + userName); // if our portal is logging us in, check to be sure the request came for an authorized IP address if ("LOCALLIFERAY".equals(passwd)) { String localServers = Utils.getSysConfig(session).getProperty("AllowLocalAuthFrom"); if (localServers != null) { for (String l : localServers.split(",")) { if (l.equals(request.getRemoteAddr())) { user = RightsAndRoles.getInstance().getUser(Integer.parseInt(userName)); break; } } } if (user == null) { System.out.println("VMR web services auth/session/open: local auth attempted but not allowed from IP: " + request.getRemoteAddr() + ". check that your community/WEB-INF/sysconfig.properties has: AllowLocalAuthFrom=" + request.getRemoteAddr()); } } else { // see if our username and passwd are correct user = RightsAndRoles.getInstance().authenticateUser(userName, passwd); } if (user != null) { System.out.println("VMR web services auth/session/open: authentication succeeded for user: " + userName); String sessionHash = RightsAndRoles.getInstance().openSession(user, response); if ("sessionHashOnly".equals(request.getParameter("format"))) { response.setContentType("text/plain"); out.print(sessionHash); return; } %> <%= user %> <% } else { System.out.println("VMR web services auth/session/open: authentication failed for user: " + userName); %> <% } return; } %>

auth/session/open

Authenticate to the system and establish a session

Parameters

userName	user name
passwd	passwd
format	(user) or sessionHashOnly