/**
 * Copyright (C) 2005 LAMS Foundation (http://lamsfoundation.org)
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307
 * USA
 *
 * http://www.gnu.org/licenses/gpl.txt
 */
package org.lamsfoundation.ld.security.valve;


import java.io.IOException;
import java.net.URLDecoder;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import org.apache.catalina.authenticator.Constants;
import org.apache.catalina.valves.ValveBase;
import org.apache.catalina.Request;
import org.apache.catalina.Response;
import org.apache.catalina.Session;
import org.apache.catalina.ValveContext;
//import org.apache.catalina.Logger;
import org.apache.catalina.HttpRequest;
import org.apache.catalina.HttpResponse;
import org.apache.catalina.authenticator.SavedRequest;
import org.lamsfoundation.ld.util.MethodDispatcher;
import org.apache.log4j.Logger;


/** 
 * When j_security_check authentication is successful the user is redirected
 * to the original requested URL. The LoginRequestValve is responsible for setting 
 * the original request URL to trick j_security_check
 * 
 * @author <a href="mailto:anthony.xiao@lamsinternational.com">Anthony Xiao</a>
 */
public class LoginRequestValve extends ValveBase {
    //Declare the constants
    public static final String PARAM_USERID = "uid";
    public static final String PARAM_URL = "url";
    public static final String URLDECODER_CODING = "US-ASCII";
    public static final String LOGIN_REQUEST = "LoginRequest";
    
    private static Logger log = Logger.getLogger(LoginRequestValve.class);
        
    public void invoke(Request request, Response response, ValveContext context)
        throws IOException, ServletException
    {
        log.debug("LoginRequestValve invoked");
        
        // Skip logging for non-HTTP requests and responses
        if (!(request instanceof HttpRequest) ||
                !(response instanceof HttpResponse)) {
            context.invokeNext(request, response);
            return;
        }
        
        //get HttpServletRequest
        HttpRequest hrequest = (HttpRequest)request;
        HttpServletRequest hreq = (HttpServletRequest) request.getRequest();
        HttpResponse hresponse = (HttpResponse)response;
        HttpServletResponse hres = (HttpServletResponse) response.getResponse();        
        
        //check action
        boolean isLoginRequest = hreq.getRequestURI().endsWith(LOGIN_REQUEST);      

        //invokeNext, the context will be initialised when this call comes back
        //so we can get internal session and manager 
        context.invokeNext(request, response);
        
        //when coming back from LoginRequest save the redirect to catalina internal session
        if(isLoginRequest){
            log.debug(LOGIN_REQUEST + " requested");
            
            //Looking at response header to determine redirect location
            boolean isLoginSuccessful = false;
            String rhnames[] = hresponse.getHeaderNames();
            for (int i = 0; i < rhnames.length; i++) {
                String rhvalues[] = hresponse.getHeaderValues(rhnames[i]);
                if(rhnames[i].toLowerCase().equals("location") && 
                   rhvalues[0].matches(".*" + Constants.FORM_ACTION + ".*")){
                    
                    log.debug("header=" + rhnames[i] + "=" + rhvalues[0]);
                    isLoginSuccessful = true;
                }
            }

            //if login request is successful then it will redirected the page  
            //to j_security_check otherwise it's unsuccessful.
            if(!isLoginSuccessful){
                log.debug("LOGIN REQUEST DETECTED - BUT NO LOGIN IS CARRIED OUT");
                return;
            }
            
            HttpSession hses = hreq.getSession(false);
            String userid = hreq.getParameter(PARAM_USERID);
            
            //get the redirect url from MethodDispatcher
            //The MethodDispatcher also setup any session variable required to carryout the method 
            String method = hreq.getParameter(org.lamsfoundation.ld.Constants.PARAM_METHOD);
            String redirect = MethodDispatcher.getMethodURL(hreq);
            
            //check required parameters
            if(userid != null && redirect != null && hses != null){
                log.debug("LOGIN REQUEST DETECTED - LOGIN SUCCESSFUL");
                redirect = URLDecoder.decode(redirect, URLDECODER_CODING);
                
                
	        	//create catalina internal session
	        	Session session = hrequest.getContext().getManager().findSession(hses.getId());
	        	
	            // Create and populate a SavedRequest object for this request
	            SavedRequest saved = new SavedRequest();

	            //saved.setMethod("POST");
	            //saved.setQueryString("");
	            saved.setRequestURI(redirect);

	            //Tomcat's FormAuthenticator looks at Constants.FORM_REQUEST_NOTE
	            //for the redirect object
	            session.setNote(Constants.FORM_REQUEST_NOTE, saved);
            }
            else{
                log.debug("LOGIN REQUEST DETECTED - BUT MISSING REQUIRED PARAM");
            }
        }        
    }
}