<%-- - $RCSfile$ - $Revision$ - $Date$ --%> <%@ page import="java.util.*, org.jivesoftware.openfire.auth.AuthToken, org.jivesoftware.openfire.auth.AuthFactory, org.jivesoftware.openfire.auth.UnauthorizedException, org.jivesoftware.admin.AdminConsole" errorPage="error.jsp" %> <%@ page import="org.jivesoftware.util.*"%> <%@ page import="org.jivesoftware.openfire.XMPPServer"%> <%@ page import="org.xmpp.packet.JID"%> <%@ taglib uri="http://java.sun.com/jstl/core_rt" prefix="c" %> <%@ taglib uri="http://java.sun.com/jstl/fmt_rt" prefix="fmt" %> <%-- Define Administration Bean --%> <% admin.init(request, response, session, application, out ); %> <%! // List of allowed usernames: static Map authorizedUsernames = new HashMap(); static { for (JID jid : XMPPServer.getInstance().getAdmins()) { // Only allow local users to log into the admin console if (XMPPServer.getInstance().isLocal(jid)) { authorizedUsernames.put(jid.getNode(), jid.getNode()); } } } static String go(String url) { if (url == null) { return "index.jsp"; } else { return url; } } %> <%-- Check if in setup mode --%> <% if (admin.isSetupMode()) { response.sendRedirect("setup/index.jsp"); return; } %> <% // get parameters String username = ParamUtils.getParameter(request,"username"); if(username != null){ username = JID.escapeNode(username); } // Escape HTML tags in username to prevent cross-site scripting attacks. This // is necessary because we display the username in the page below. username = org.jivesoftware.util.StringUtils.escapeHTMLTags(username); String password = ParamUtils.getParameter(request,"password"); String url = ParamUtils.getParameter(request,"url"); // The user auth token: AuthToken authToken; // Check the request/response for a login token boolean errors = false; if (ParamUtils.getBooleanParameter(request,"login")) { try { if (authorizedUsernames != null && !authorizedUsernames.isEmpty()) { if (!authorizedUsernames.containsKey(username)) { throw new UnauthorizedException("User '" + username + "' no allowed to login."); } } else { if (!"admin".equals(username)) { throw new UnauthorizedException("Only user 'admin' may login."); } } authToken = AuthFactory.authenticate(username, password); session.setAttribute("jive.admin.authToken", authToken); response.sendRedirect(go(url)); return; } catch (UnauthorizedException ue) { Log.debug(ue); errors = true; } } %> <%= AdminConsole.getAppName() %> <fmt:message key="login.title" />
<% if (url != null) { try { %> <% } catch (Exception e) { Log.error(e); } } %>
<% if (errors) { %> <% } %>
">  ">
 
<%= AdminConsole.getAppName() %>, : <%= AdminConsole.getVersionString() %>