Mercurial > dive4elements > river
annotate flys-client/src/main/java/de/intevation/flys/client/server/filter/GGInAFilter.java @ 4424:6ef48927df38
Remove authentication from MapPrintServiceImpl.
Printing maps was broken because the called service
required user authentication. The /flys/mapfish-print/print.pdf URI
is now whitelisted in GGInAFilter.
TODO: Support user authentication in MapPrintServiceImpl.
| author | Christian Lins <christian.lins@intevation.de> |
|---|---|
| date | Tue, 06 Nov 2012 14:50:26 +0100 |
| parents | 687b7a6f09aa |
| children |
| rev | line source |
|---|---|
|
4423
687b7a6f09aa
Move GGInAFilter and NoCacheFilter to an own package
Björn Ricks <bjoern.ricks@intevation.de>
parents:
4419
diff
changeset
|
1 package de.intevation.flys.client.server.filter; |
|
2889
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
2 |
|
4424
6ef48927df38
Remove authentication from MapPrintServiceImpl.
Christian Lins <christian.lins@intevation.de>
parents:
4423
diff
changeset
|
3 import de.intevation.flys.client.server.auth.Authentication; |
|
6ef48927df38
Remove authentication from MapPrintServiceImpl.
Christian Lins <christian.lins@intevation.de>
parents:
4423
diff
changeset
|
4 import de.intevation.flys.client.server.auth.AuthenticationException; |
|
6ef48927df38
Remove authentication from MapPrintServiceImpl.
Christian Lins <christian.lins@intevation.de>
parents:
4423
diff
changeset
|
5 import de.intevation.flys.client.server.auth.AuthenticationFactory; |
|
6ef48927df38
Remove authentication from MapPrintServiceImpl.
Christian Lins <christian.lins@intevation.de>
parents:
4423
diff
changeset
|
6 import de.intevation.flys.client.server.auth.User; |
|
6ef48927df38
Remove authentication from MapPrintServiceImpl.
Christian Lins <christian.lins@intevation.de>
parents:
4423
diff
changeset
|
7 import de.intevation.flys.client.server.features.Features; |
|
6ef48927df38
Remove authentication from MapPrintServiceImpl.
Christian Lins <christian.lins@intevation.de>
parents:
4423
diff
changeset
|
8 |
|
2889
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
9 import java.io.IOException; |
|
3485
71ba3cf3ec5e
Refactor Authentication to allow to pass the Freatures to the user class
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2974
diff
changeset
|
10 import java.util.Enumeration; |
|
2889
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
11 |
|
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
12 import javax.servlet.Filter; |
|
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
13 import javax.servlet.FilterChain; |
|
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
14 import javax.servlet.FilterConfig; |
|
3485
71ba3cf3ec5e
Refactor Authentication to allow to pass the Freatures to the user class
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2974
diff
changeset
|
15 import javax.servlet.ServletContext; |
|
2889
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
16 import javax.servlet.ServletException; |
|
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
17 import javax.servlet.ServletRequest; |
|
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
18 import javax.servlet.ServletResponse; |
|
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
19 import javax.servlet.http.HttpServletRequest; |
|
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
20 import javax.servlet.http.HttpServletResponse; |
|
2952
3cacd42a0336
Filter all requests to FLYS
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2893
diff
changeset
|
21 import javax.servlet.http.HttpSession; |
|
2889
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
22 |
|
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
23 import org.apache.log4j.Logger; |
|
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
24 |
|
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
25 |
|
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
26 /** ServletFilter used for GGInA authentification and certain authorisation. */ |
|
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
27 public class GGInAFilter implements Filter { |
|
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
28 |
|
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
29 /** Private logger. */ |
|
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
30 private static Logger logger = Logger.getLogger(GGInAFilter.class); |
|
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
31 |
|
2952
3cacd42a0336
Filter all requests to FLYS
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2893
diff
changeset
|
32 private boolean deactivate = false; |
|
2974
8255247da645
Implement re-authentication if the user (ticket) has expired.
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2964
diff
changeset
|
33 private String authmethod; |
|
4194
17fe00c09b7c
Don't redirect to request uri
Björn Ricks <bjoern.ricks@intevation.de>
parents:
3851
diff
changeset
|
34 private String redirecturl; |
|
3485
71ba3cf3ec5e
Refactor Authentication to allow to pass the Freatures to the user class
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2974
diff
changeset
|
35 private ServletContext sc; |
|
2889
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
36 |
|
3851
a4c9296f6efa
Use the Context PATH servlet variable when using URLs in the GGInAFilter
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
3485
diff
changeset
|
37 public static final String LOGIN_JSP = "/login.jsp"; |
|
a4c9296f6efa
Use the Context PATH servlet variable when using URLs in the GGInAFilter
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
3485
diff
changeset
|
38 public static final String LOGIN_SERVLET = "/flys/login"; |
|
a4c9296f6efa
Use the Context PATH servlet variable when using URLs in the GGInAFilter
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
3485
diff
changeset
|
39 public static final String FLYS_CSS = "/FLYS.css"; |
|
4424
6ef48927df38
Remove authentication from MapPrintServiceImpl.
Christian Lins <christian.lins@intevation.de>
parents:
4423
diff
changeset
|
40 public static final String MAP_PRINT = "/flys/map-print"; |
|
6ef48927df38
Remove authentication from MapPrintServiceImpl.
Christian Lins <christian.lins@intevation.de>
parents:
4423
diff
changeset
|
41 public static final String MAPFISH_PRINT = "/flys/mapfish-print/print.pdf"; |
|
3851
a4c9296f6efa
Use the Context PATH servlet variable when using URLs in the GGInAFilter
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
3485
diff
changeset
|
42 |
|
2889
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
43 |
|
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
44 /** |
|
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
45 * Initialize. |
|
2952
3cacd42a0336
Filter all requests to FLYS
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2893
diff
changeset
|
46 * |
|
3cacd42a0336
Filter all requests to FLYS
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2893
diff
changeset
|
47 * Read FilterConfig parameter deactivate |
|
2889
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
48 */ |
|
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
49 @Override |
|
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
50 public void init(FilterConfig config) |
|
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
51 throws ServletException |
|
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
52 { |
|
2952
3cacd42a0336
Filter all requests to FLYS
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2893
diff
changeset
|
53 String deactivate = config.getInitParameter("deactivate"); |
|
3485
71ba3cf3ec5e
Refactor Authentication to allow to pass the Freatures to the user class
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2974
diff
changeset
|
54 this.sc = config.getServletContext(); |
|
3851
a4c9296f6efa
Use the Context PATH servlet variable when using URLs in the GGInAFilter
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
3485
diff
changeset
|
55 logger.debug("GGInAFilter context " + this.sc.getContextPath()); |
|
3485
71ba3cf3ec5e
Refactor Authentication to allow to pass the Freatures to the user class
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2974
diff
changeset
|
56 this.authmethod = sc.getInitParameter("authentication"); |
|
4194
17fe00c09b7c
Don't redirect to request uri
Björn Ricks <bjoern.ricks@intevation.de>
parents:
3851
diff
changeset
|
57 this.redirecturl = sc.getInitParameter("redirect-url"); |
|
2955
f1030909eeb6
Check filter config in web.xml for String false to deactivate the GGInAFilter instead of "1".
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2952
diff
changeset
|
58 if (deactivate != null && deactivate.equalsIgnoreCase("true")) { |
|
2952
3cacd42a0336
Filter all requests to FLYS
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2893
diff
changeset
|
59 this.deactivate = true; |
|
3cacd42a0336
Filter all requests to FLYS
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2893
diff
changeset
|
60 } |
|
3cacd42a0336
Filter all requests to FLYS
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2893
diff
changeset
|
61 |
|
2889
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
62 } |
|
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
63 |
|
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
64 |
|
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
65 /** |
|
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
66 * Called when filter in chain invoked. |
|
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
67 * @param req request to servlet |
|
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
68 * @param resp response of servlet |
|
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
69 * @param chain the filter chain |
|
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
70 */ |
|
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
71 @Override |
|
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
72 public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) |
|
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
73 throws IOException, ServletException |
|
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
74 { |
|
2952
3cacd42a0336
Filter all requests to FLYS
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2893
diff
changeset
|
75 if (this.deactivate) { |
|
3cacd42a0336
Filter all requests to FLYS
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2893
diff
changeset
|
76 logger.debug("GGinAFilter is deactivated"); |
|
3cacd42a0336
Filter all requests to FLYS
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2893
diff
changeset
|
77 chain.doFilter(req, resp); |
|
3cacd42a0336
Filter all requests to FLYS
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2893
diff
changeset
|
78 return; |
|
3cacd42a0336
Filter all requests to FLYS
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2893
diff
changeset
|
79 } |
|
3cacd42a0336
Filter all requests to FLYS
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2893
diff
changeset
|
80 |
|
3cacd42a0336
Filter all requests to FLYS
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2893
diff
changeset
|
81 HttpServletRequest sreq = (HttpServletRequest) req; |
|
3cacd42a0336
Filter all requests to FLYS
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2893
diff
changeset
|
82 |
|
3cacd42a0336
Filter all requests to FLYS
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2893
diff
changeset
|
83 String requesturi = sreq.getRequestURI(); |
|
3485
71ba3cf3ec5e
Refactor Authentication to allow to pass the Freatures to the user class
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2974
diff
changeset
|
84 for (Enumeration e = req.getAttributeNames() ; e.hasMoreElements() ;) { |
|
71ba3cf3ec5e
Refactor Authentication to allow to pass the Freatures to the user class
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2974
diff
changeset
|
85 logger.debug(e.nextElement()); |
|
71ba3cf3ec5e
Refactor Authentication to allow to pass the Freatures to the user class
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2974
diff
changeset
|
86 } |
|
2952
3cacd42a0336
Filter all requests to FLYS
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2893
diff
changeset
|
87 |
|
3cacd42a0336
Filter all requests to FLYS
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2893
diff
changeset
|
88 logger.debug("Request for: " + requesturi); |
|
3cacd42a0336
Filter all requests to FLYS
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2893
diff
changeset
|
89 |
|
3cacd42a0336
Filter all requests to FLYS
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2893
diff
changeset
|
90 // Allow access to login pages |
|
3cacd42a0336
Filter all requests to FLYS
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2893
diff
changeset
|
91 // TODO Maybe replace with Filter <url-pattern> |
|
3851
a4c9296f6efa
Use the Context PATH servlet variable when using URLs in the GGInAFilter
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
3485
diff
changeset
|
92 String path = this.sc.getContextPath(); |
|
4424
6ef48927df38
Remove authentication from MapPrintServiceImpl.
Christian Lins <christian.lins@intevation.de>
parents:
4423
diff
changeset
|
93 if (requesturi.equals(path + LOGIN_JSP) |
|
6ef48927df38
Remove authentication from MapPrintServiceImpl.
Christian Lins <christian.lins@intevation.de>
parents:
4423
diff
changeset
|
94 || requesturi.equals(path + LOGIN_SERVLET) |
|
6ef48927df38
Remove authentication from MapPrintServiceImpl.
Christian Lins <christian.lins@intevation.de>
parents:
4423
diff
changeset
|
95 || requesturi.equals(path + FLYS_CSS) |
|
6ef48927df38
Remove authentication from MapPrintServiceImpl.
Christian Lins <christian.lins@intevation.de>
parents:
4423
diff
changeset
|
96 || requesturi.equals(path + MAP_PRINT) |
|
6ef48927df38
Remove authentication from MapPrintServiceImpl.
Christian Lins <christian.lins@intevation.de>
parents:
4423
diff
changeset
|
97 || requesturi.equals(path + MAPFISH_PRINT)) { |
|
2952
3cacd42a0336
Filter all requests to FLYS
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2893
diff
changeset
|
98 logger.debug("Request for login " + requesturi); |
|
3cacd42a0336
Filter all requests to FLYS
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2893
diff
changeset
|
99 chain.doFilter(req, resp); |
|
3cacd42a0336
Filter all requests to FLYS
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2893
diff
changeset
|
100 return; |
|
3cacd42a0336
Filter all requests to FLYS
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2893
diff
changeset
|
101 } |
|
3cacd42a0336
Filter all requests to FLYS
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2893
diff
changeset
|
102 |
|
4196
e10d60d4f35b
Don't always redirect if user isn't authenticated
Björn Ricks <bjoern.ricks@intevation.de>
parents:
4195
diff
changeset
|
103 boolean redirect = false; |
|
e10d60d4f35b
Don't always redirect if user isn't authenticated
Björn Ricks <bjoern.ricks@intevation.de>
parents:
4195
diff
changeset
|
104 |
|
2952
3cacd42a0336
Filter all requests to FLYS
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2893
diff
changeset
|
105 HttpSession session = sreq.getSession(); |
|
3cacd42a0336
Filter all requests to FLYS
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2893
diff
changeset
|
106 |
|
4195
93b53eaee401
Don't forget context path for redirect url
Björn Ricks <bjoern.ricks@intevation.de>
parents:
4194
diff
changeset
|
107 String uri = path + "/" + this.redirecturl; |
|
4194
17fe00c09b7c
Don't redirect to request uri
Björn Ricks <bjoern.ricks@intevation.de>
parents:
3851
diff
changeset
|
108 |
|
4228
fcdc0d2fdf8f
Don't send 403 if accessing the root path
Björn Ricks <bjoern.ricks@intevation.de>
parents:
4196
diff
changeset
|
109 /* Redirect if uri is root or redirecturl */ |
|
fcdc0d2fdf8f
Don't send 403 if accessing the root path
Björn Ricks <bjoern.ricks@intevation.de>
parents:
4196
diff
changeset
|
110 if (requesturi.equals(uri) || requesturi.equals(path + "/")) { |
|
4196
e10d60d4f35b
Don't always redirect if user isn't authenticated
Björn Ricks <bjoern.ricks@intevation.de>
parents:
4195
diff
changeset
|
111 redirect = true; |
|
e10d60d4f35b
Don't always redirect if user isn't authenticated
Björn Ricks <bjoern.ricks@intevation.de>
parents:
4195
diff
changeset
|
112 } |
|
e10d60d4f35b
Don't always redirect if user isn't authenticated
Björn Ricks <bjoern.ricks@intevation.de>
parents:
4195
diff
changeset
|
113 |
|
2952
3cacd42a0336
Filter all requests to FLYS
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2893
diff
changeset
|
114 if (sreq.getQueryString() != null) { |
|
3cacd42a0336
Filter all requests to FLYS
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2893
diff
changeset
|
115 uri = uri + "?" + sreq.getQueryString(); |
|
3cacd42a0336
Filter all requests to FLYS
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2893
diff
changeset
|
116 } |
|
3cacd42a0336
Filter all requests to FLYS
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2893
diff
changeset
|
117 session.setAttribute("requesturi", uri); |
|
3cacd42a0336
Filter all requests to FLYS
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2893
diff
changeset
|
118 |
|
3cacd42a0336
Filter all requests to FLYS
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2893
diff
changeset
|
119 User user = (User)session.getAttribute("user"); |
|
3cacd42a0336
Filter all requests to FLYS
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2893
diff
changeset
|
120 if (user == null) { |
|
3cacd42a0336
Filter all requests to FLYS
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2893
diff
changeset
|
121 logger.debug("No user in session: " + requesturi); |
|
4196
e10d60d4f35b
Don't always redirect if user isn't authenticated
Björn Ricks <bjoern.ricks@intevation.de>
parents:
4195
diff
changeset
|
122 this.handleResponse(resp, redirect); |
|
2952
3cacd42a0336
Filter all requests to FLYS
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2893
diff
changeset
|
123 return; |
|
3cacd42a0336
Filter all requests to FLYS
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2893
diff
changeset
|
124 } |
|
3cacd42a0336
Filter all requests to FLYS
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2893
diff
changeset
|
125 if (user.hasExpired()) { |
|
2974
8255247da645
Implement re-authentication if the user (ticket) has expired.
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2964
diff
changeset
|
126 // try to re-authenticate the user |
|
2952
3cacd42a0336
Filter all requests to FLYS
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2893
diff
changeset
|
127 logger.debug("User ticket has expired: " + requesturi); |
|
2974
8255247da645
Implement re-authentication if the user (ticket) has expired.
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2964
diff
changeset
|
128 String encoding = sreq.getCharacterEncoding(); |
|
8255247da645
Implement re-authentication if the user (ticket) has expired.
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2964
diff
changeset
|
129 try { |
|
8255247da645
Implement re-authentication if the user (ticket) has expired.
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2964
diff
changeset
|
130 Authentication auth = this.auth(user, encoding); |
|
8255247da645
Implement re-authentication if the user (ticket) has expired.
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2964
diff
changeset
|
131 if (auth == null || !auth.isSuccess()) { |
|
8255247da645
Implement re-authentication if the user (ticket) has expired.
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2964
diff
changeset
|
132 logger.debug("Re-athentication not successful"); |
|
4196
e10d60d4f35b
Don't always redirect if user isn't authenticated
Björn Ricks <bjoern.ricks@intevation.de>
parents:
4195
diff
changeset
|
133 this.handleResponse(resp, redirect); |
|
2974
8255247da645
Implement re-authentication if the user (ticket) has expired.
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2964
diff
changeset
|
134 } |
|
8255247da645
Implement re-authentication if the user (ticket) has expired.
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2964
diff
changeset
|
135 } |
|
8255247da645
Implement re-authentication if the user (ticket) has expired.
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2964
diff
changeset
|
136 catch(AuthenticationException e) { |
|
8255247da645
Implement re-authentication if the user (ticket) has expired.
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2964
diff
changeset
|
137 logger.error("Failure during re-authentication", e); |
|
4196
e10d60d4f35b
Don't always redirect if user isn't authenticated
Björn Ricks <bjoern.ricks@intevation.de>
parents:
4195
diff
changeset
|
138 this.handleResponse(resp, redirect); |
|
2974
8255247da645
Implement re-authentication if the user (ticket) has expired.
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2964
diff
changeset
|
139 return; |
|
8255247da645
Implement re-authentication if the user (ticket) has expired.
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2964
diff
changeset
|
140 } |
|
2952
3cacd42a0336
Filter all requests to FLYS
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2893
diff
changeset
|
141 } |
|
3cacd42a0336
Filter all requests to FLYS
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2893
diff
changeset
|
142 |
|
2889
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
143 chain.doFilter(req, resp); |
|
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
144 return; |
|
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
145 } |
|
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
146 |
|
2952
3cacd42a0336
Filter all requests to FLYS
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2893
diff
changeset
|
147 private void redirect(ServletResponse resp) throws IOException { |
|
3cacd42a0336
Filter all requests to FLYS
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2893
diff
changeset
|
148 logger.debug("Redirect to login"); |
|
3851
a4c9296f6efa
Use the Context PATH servlet variable when using URLs in the GGInAFilter
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
3485
diff
changeset
|
149 ((HttpServletResponse) resp).sendRedirect(this.sc.getContextPath() + |
|
a4c9296f6efa
Use the Context PATH servlet variable when using URLs in the GGInAFilter
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
3485
diff
changeset
|
150 "/login.jsp"); |
|
2952
3cacd42a0336
Filter all requests to FLYS
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2893
diff
changeset
|
151 } |
|
3cacd42a0336
Filter all requests to FLYS
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2893
diff
changeset
|
152 |
|
4196
e10d60d4f35b
Don't always redirect if user isn't authenticated
Björn Ricks <bjoern.ricks@intevation.de>
parents:
4195
diff
changeset
|
153 private void sendNotAuthenticated(ServletResponse resp) throws IOException { |
|
e10d60d4f35b
Don't always redirect if user isn't authenticated
Björn Ricks <bjoern.ricks@intevation.de>
parents:
4195
diff
changeset
|
154 logger.debug("Send not authenticated"); |
|
e10d60d4f35b
Don't always redirect if user isn't authenticated
Björn Ricks <bjoern.ricks@intevation.de>
parents:
4195
diff
changeset
|
155 ((HttpServletResponse)resp).sendError(HttpServletResponse.SC_FORBIDDEN, "User not authenticated"); |
|
e10d60d4f35b
Don't always redirect if user isn't authenticated
Björn Ricks <bjoern.ricks@intevation.de>
parents:
4195
diff
changeset
|
156 } |
|
e10d60d4f35b
Don't always redirect if user isn't authenticated
Björn Ricks <bjoern.ricks@intevation.de>
parents:
4195
diff
changeset
|
157 |
|
e10d60d4f35b
Don't always redirect if user isn't authenticated
Björn Ricks <bjoern.ricks@intevation.de>
parents:
4195
diff
changeset
|
158 private void handleResponse(ServletResponse resp, boolean redirect) throws IOException { |
|
e10d60d4f35b
Don't always redirect if user isn't authenticated
Björn Ricks <bjoern.ricks@intevation.de>
parents:
4195
diff
changeset
|
159 if (redirect) { |
|
e10d60d4f35b
Don't always redirect if user isn't authenticated
Björn Ricks <bjoern.ricks@intevation.de>
parents:
4195
diff
changeset
|
160 this.redirect(resp); |
|
e10d60d4f35b
Don't always redirect if user isn't authenticated
Björn Ricks <bjoern.ricks@intevation.de>
parents:
4195
diff
changeset
|
161 } |
|
e10d60d4f35b
Don't always redirect if user isn't authenticated
Björn Ricks <bjoern.ricks@intevation.de>
parents:
4195
diff
changeset
|
162 else { |
|
e10d60d4f35b
Don't always redirect if user isn't authenticated
Björn Ricks <bjoern.ricks@intevation.de>
parents:
4195
diff
changeset
|
163 this.sendNotAuthenticated(resp); |
|
e10d60d4f35b
Don't always redirect if user isn't authenticated
Björn Ricks <bjoern.ricks@intevation.de>
parents:
4195
diff
changeset
|
164 } |
|
e10d60d4f35b
Don't always redirect if user isn't authenticated
Björn Ricks <bjoern.ricks@intevation.de>
parents:
4195
diff
changeset
|
165 } |
|
e10d60d4f35b
Don't always redirect if user isn't authenticated
Björn Ricks <bjoern.ricks@intevation.de>
parents:
4195
diff
changeset
|
166 |
|
2889
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
167 |
|
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
168 /** |
|
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
169 * Do nothing at destruction. |
|
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
170 */ |
|
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
171 @Override |
|
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
172 public void destroy() { |
|
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
173 } |
|
2974
8255247da645
Implement re-authentication if the user (ticket) has expired.
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2964
diff
changeset
|
174 |
|
8255247da645
Implement re-authentication if the user (ticket) has expired.
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2964
diff
changeset
|
175 private Authentication auth(User user, String encoding) |
|
8255247da645
Implement re-authentication if the user (ticket) has expired.
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2964
diff
changeset
|
176 throws AuthenticationException, IOException { |
|
3485
71ba3cf3ec5e
Refactor Authentication to allow to pass the Freatures to the user class
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2974
diff
changeset
|
177 Features features = (Features)sc.getAttribute(Features.CONTEXT_ATTRIBUTE); |
|
2974
8255247da645
Implement re-authentication if the user (ticket) has expired.
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2964
diff
changeset
|
178 return AuthenticationFactory.getInstance(this.authmethod).auth( |
|
3485
71ba3cf3ec5e
Refactor Authentication to allow to pass the Freatures to the user class
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2974
diff
changeset
|
179 user.getName(), user.getPassword(), encoding, features); |
|
2974
8255247da645
Implement re-authentication if the user (ticket) has expired.
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2964
diff
changeset
|
180 } |
|
2889
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
181 } |
|
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
182 // vim:set ts=4 sw=4 si et sta sts=4 fenc=utf8 : |