// // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details.
// // To obtain a copy of the GNU General Public License write to the Free // Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
package rob.servlets ;
import java.io.* ;
import java.util.* ;
import javax.servlet.* ;
import javax.servlet.http.* ;
import mindbright.ssh.SSHPropertyHandler ;
import mindbright.ssh.SSHInteractiveClient ;
import rob.util.RStringBufferInputStream ;
/**
* SSHServlet allows the user to connect to the local host via a web
* browser. It could easily be extended to allow connection to any host. This is
* done entirely by the servlet, and demonstrates the ability that servlets have
* of keeping a process running in between browser requests. State is kept
* between sessions using cookies or URL re-writing.
* * The general outline is as follows. The user enters his id and password. An * SSH session is then started with these values, and a cookie sent to the browser. * The session is saved with the cookie, so that it can be recovered with the next * request.
* * The user enters a command and presses execute. When the servlet receives the * request it retrieves the user's session from the cookie and sends the command * to the SSH session. The output from the command is read into a string and * returned in the new HTML page.
* * The session will terminate when the users clicks on logout or when the cookie * expires (after a fixed time with no requests, usually around 30 minutes).
*
* The SSH connection was implemented in Java and is copyright by:
* Copyright (c) 1998,99 by Mindbright Technology AB, Stockholm, Sweden.
* www.mindbright.se, info@mindbright.se
* The code is kindly released under the GNU Public license. The implementation is
* very good, but it was not written to be extendedoutside of its own package. In
* order to make it usable I have patched it somewhat; the patch is included at the
* end of this file.
*
* Created: Wed Aug 16 14:36:00 2000
*
* @author Robert Judd
* @version 1.0
* @since 1.0
* @see HttpServlet
*/
public class SSHServlet extends HttpServlet {
/**
* Maintain our own list of sessions. One can get the same list using an
* HttpServletRequest object, but we use this list when the
* servlet is destroyed to close any open connections, and there is no such
* object available in that method.
*
* Add a session to the list with sessions.put(session),
* remove a session with sessions.remove(session) and enumerate
* the sessions using sessions.iterator() (see below).
*
* @see destroy()
*/
private HashSet sessions ;
/**
* Initialize the servlet. All we do is instantiate the list for the sessions.
*
* @param config a ServletConfig value
* @exception ServletException if an error occurs
*/
public void init(ServletConfig config) throws ServletException {
super.init(config);
sessions = new HashSet() ;
}
/**
* Process a GET request. This expects a parameter to be passed
* in with name "action". The value will determine what to do next. Allowed
* values are:
*
* * If no action parameter is given, then the login page is presented.
*
* @param req the HttpServletRequest object passed in by the
* server
* @param res the HttpServletResponse object passed in by the
* server
*
* @exception ServletException if anything goes wrong with the
* servlet/server communication
* @exception IOException if anything goes wrong with the io
* streams.
*/
public void doGet(HttpServletRequest req, HttpServletResponse res)
throws ServletException, IOException {
// Let the browser know we are returning an html page
res.setContentType("text/html") ;
// Get the writer to write our output on
PrintWriter out = res.getWriter() ;
// Find out what action to take
String action = req.getParameter("action") ;
// If none specified, then return the login page
if (action == null || action.equals("")) {
// Nothing to do yet. Just return the page
writeLoginPage(out) ;
// PrintWriters do not throw exceptions; the only way to detect them
// is to call their checkError() method.
if (out.checkError())
writeErrorPage(out, "There was an error returning the login page.");
} else if (action.equals("Log In"))
login(out, req, res) ;
else if (action.equals("Log Out"))
logout(out, req) ;
else if (action.equals("Execute"))
execute(out, req, res) ;
else
writeErrorPage(out, "Your command: "+action+" was not understood.") ;
}
/** Just send the request on to doGet. */
public void doPost(HttpServletRequest req, HttpServletResponse res)
throws ServletException, IOException {
doGet(req, res) ;
}
/**
* This is called by the server when it is about to dispose of the servlet.
* Any cleanup necessary should be done here. In particular any open sessions
* should be closed and any worker threads stopped. The destory
* method of the superclass should also be called for any cleaning up that it
* requires.
*/
public void destroy() {
// To loop through the sessions in the HashSet call its iterator and then
// call next() until there are no more
for (Iterator i = sessions.iterator(); i.hasNext();) {
HttpSession session = (HttpSession) i.next() ;
if (session != null) {
// Get the input stream so we can logout from the shell if the
// connection is still open.
RStringBufferInputStream stdin =
(RStringBufferInputStream) session.getValue("STDIN") ;
// Snd the exit command
if (stdin != null) {
stdin.append("exit\n") ;
try { Thread.sleep(500) ; } catch (Exception ignored) {}
}
// Stop the worker thread that keeps the SSH session running
Thread t = (Thread) session.getValue("SSHThread") ;
t.stop() ;
// Invalidate the cookie.
session.invalidate() ;
}
}
// Also stop getting random data we no longer need it.
SSHInteractiveClient.secureRandom.updater.stop() ;
super.destroy() ;
}
// ----------- The methods to handle the different requests -------------
/**
* This is called when the user tries to login; it tries to start an ssh
* session, and returns the output from this. The first step is to get the
* userid and password. Next an HttpSession object is created.
* This is used to save state (and the SSH connection in particular) between
* connections. The session object is stored in the response to the user as
* a cookie if the user's browser supports and accepts then, or else as a
* session id in the URLs in the return page.
*
* Notice how easy it is to use cookies: a session is obtained from the request
* with HttpSession session = req.getSession(true) (and created
* if it hasn't been created already). Objects may be stored in it with
* session.putValue(String key, Object value) and later
* retrieved with Object session.getValue(String key). That's it!
* In case the user's browser doesn't support cookies, or has them disabled,
* any URLs back to the servlet in the return page should be encoded with
* String res.encodeUrl(String url).
*
* The main work is done in creating an SSH connection. Once it is created
* the output is read and sent on to writeProcessPage which
* actually returns the page to the browser. In between the various parts of
* the SSH connection are saved to the session object so that they may be
* used in the next request.
*
* @param out the PrintWriter to return the response to the user
* @param req The HttpServletRequest represnting the user's
* request. This is used to get the parameters and the session.
* @param res The HttpServletResponse representing the response
* to the user. This is used in case the URLs need to be re-written
* to include the session id, although here it is passed straight on
* to writeProcessPage.
*/
public void login(PrintWriter out, HttpServletRequest req,
HttpServletResponse res) {
// Get the parameters
String userid = req.getParameter("userid") ;
String password = req.getParameter("password") ;
// Create a session for the user (the argument 'true' means create it)
HttpSession session = req.getSession(true);
// Properties to pass in to SSH - the first three are obvious. The last
// 'idhost' tells SSH not to look for the host key in a known hosts file.
Properties p = new Properties() ;
p.setProperty("usrname", userid) ;
p.setProperty("password", password) ;
p.setProperty("server", "localhost") ;
p.setProperty("idhost", "false") ;
SSHPropertyHandler sshph = new SSHPropertyHandler(p) ;
// We write commands from the user to stdin, where SSH will read them
RStringBufferInputStream stdin = new RStringBufferInputStream() ;
// SSH writes its output to stdout, where we read it and return it to
// the user
StringWriter stdout = new StringWriter() ;
// This creates the client, but in order to do anything it has to be started
SSHInteractiveClient client = new SSHInteractiveClient
(true, true, sshph, stdin, new PrintWriter(stdout)) ;
// Start the SSH process
Thread thread = new Thread(client) ;
thread.start() ;
thread.setPriority(Thread.currentThread().getPriority()+2) ;
// Allow time for SSH to connect
try { Thread.sleep(1000) ; } catch (Exception ignored) {}
// Read the response
StringBuffer buf = stdout.getBuffer() ;
// Save it
String text = buf.toString() ;
// Wipe it from the stream
buf.setLength(0) ;
// Save the important parts and add the session to our list.
session.putValue("SSHClient", client) ;
session.putValue("SSHThread", thread) ;
session.putValue("STDIN", stdin) ;
session.putValue("STDOUT", stdout) ;
sessions.add(session) ;
// Finally return the response.
writeProcessPage(out, text, res) ;
}
/**
* This is called when the user enters a command and clicks on "Execute".
* The command is read, written to the input of the SSH session, and the output
* from SSH returned in an HTML page.
*
* We get the SSH session from the cookie and retrieve the stdin
* and stdout streams. Then we get the command parameter and write
* it to stdin. Wait for a second to allow the SSH process to
* run, read the response and return it to the user via
* writeProcessPage.
*
* @param out a PrintWriter value
* @param req a HttpServletRequest value
* @param res a HttpServletResponse value
*/
public void execute(PrintWriter out, HttpServletRequest req,
HttpServletResponse res) {
// Get the session - we send the 'false' parameter so that if there is no
// session one will not be created and the user is redirected to the login
// page
HttpSession session = req.getSession(false);
if (session == null)
writeLoginPage(out) ;
else {
// Retrieve stdin and stdout
RStringBufferInputStream stdin =
(RStringBufferInputStream) session.getValue("STDIN") ;
StringWriter stdout = (StringWriter) session.getValue("STDOUT") ;
if (stdin == null || stdout == null)
logout(out, req) ;
else {
// Get the command
String cmd = req.getParameter("command") ;
if (cmd == null) cmd = "" ;
// Write the command to the SSH process's input, together with a
// newline. Then wait, read the output and return it.
stdin.append(cmd+"\n") ;
try { Thread.sleep(1000) ; } catch (Exception ignored) {}
StringBuffer buf = stdout.getBuffer() ;
String text = buf.toString() ;
buf.setLength(0) ;
writeProcessPage(out, text, res) ;
}
}
}
/**
* Called when the user wants to log out. This stops the SSH process and
* deletes the session. The login page is returned.
*
* @param out a PrintWriter value
* @param req a HttpServletRequest value
*/
public void logout(PrintWriter out, HttpServletRequest req) {
HttpSession session = req.getSession(false);
if (session != null) {
// Stop the worker thread that keeps the session running
Thread t = (Thread) session.getValue("SSHThread") ;
t.stop() ;
// Invalidating a session tells the servlet engine to delete it.
session.invalidate() ;
// Remove it from our list
sessions.remove(session) ;
}
// Some bookkeeping for the SSH process.
if (sessions.size() == 0) SSHInteractiveClient.secureRandom.updater.stop() ;
writeLoginPage(out) ;
}
/**
* Returns the login page to the user using the PrintWriter
* from the servlet response. All the writeXXXXPage methods
* follow the same pattern: their data is stored in a String array which is
* written straight to the output, except for certain lines that a re-written.
* In this case one of te last lines is changed to say,
* "Generated by SSHServlet Mon 1 Jan 2000 ...."
* with the current date and time. The only interesting method is
* writeProcessPage.
*
* @param out a PrintWriter value
*/
public static void writeLoginPage(PrintWriter out) {
for (int i=0; i",
"
",
"",
"",
" SSHServlet Login
",
"",
"",
"",
"
",
"",
"
",
" ",
"
",
"",
"",
"Generated by SSHServlet Fri Mar 9 16:05:14 2001",
"",
"",
"",
"",
"