Mercurial > dive4elements > river
annotate flys-client/src/main/java/de/intevation/flys/client/server/GGInAFilter.java @ 4284:7a94d5e7fc3d
Write the "hidden" attribute of a style into the collection's attribute when using the theme editor.
Otherwise, the next time using the theme editor, the hidden attributes that should not be changed
by the user are visible.
| author | Ingo Weinzierl <ingo.weinzierl@intevation.de> |
|---|---|
| date | Mon, 29 Oct 2012 07:18:42 +0100 |
| parents | fcdc0d2fdf8f |
| children | e96f2a6e4c3e |
| rev | line source |
|---|---|
|
2889
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
1 package de.intevation.flys.client.server; |
|
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
2 |
|
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
3 import java.io.IOException; |
|
3485
71ba3cf3ec5e
Refactor Authentication to allow to pass the Freatures to the user class
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2974
diff
changeset
|
4 import java.util.Enumeration; |
|
2889
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
5 |
|
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
6 import javax.servlet.Filter; |
|
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
7 import javax.servlet.FilterChain; |
|
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
8 import javax.servlet.FilterConfig; |
|
3485
71ba3cf3ec5e
Refactor Authentication to allow to pass the Freatures to the user class
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2974
diff
changeset
|
9 import javax.servlet.ServletContext; |
|
2889
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
10 import javax.servlet.ServletException; |
|
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
11 import javax.servlet.ServletRequest; |
|
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
12 import javax.servlet.ServletResponse; |
|
2893
6e4e4b96ca6c
Removed superfluous imports.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
2889
diff
changeset
|
13 |
|
2889
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
14 import javax.servlet.http.HttpServletRequest; |
|
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
15 import javax.servlet.http.HttpServletResponse; |
|
2952
3cacd42a0336
Filter all requests to FLYS
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2893
diff
changeset
|
16 import javax.servlet.http.HttpSession; |
|
2889
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
17 |
|
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
18 import org.apache.log4j.Logger; |
|
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
19 |
|
2974
8255247da645
Implement re-authentication if the user (ticket) has expired.
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2964
diff
changeset
|
20 import de.intevation.flys.client.server.auth.Authentication; |
|
8255247da645
Implement re-authentication if the user (ticket) has expired.
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2964
diff
changeset
|
21 import de.intevation.flys.client.server.auth.AuthenticationException; |
|
8255247da645
Implement re-authentication if the user (ticket) has expired.
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2964
diff
changeset
|
22 import de.intevation.flys.client.server.auth.AuthenticationFactory; |
|
2964
c12e29661e6a
Login: Cast session user to abstract type not WAS specific
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
2957
diff
changeset
|
23 import de.intevation.flys.client.server.auth.User; |
|
3485
71ba3cf3ec5e
Refactor Authentication to allow to pass the Freatures to the user class
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2974
diff
changeset
|
24 import de.intevation.flys.client.server.features.Features; |
|
2952
3cacd42a0336
Filter all requests to FLYS
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2893
diff
changeset
|
25 |
|
2889
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
26 |
|
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
27 /** ServletFilter used for GGInA authentification and certain authorisation. */ |
|
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
28 public class GGInAFilter implements Filter { |
|
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
29 |
|
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
30 /** Private logger. */ |
|
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
31 private static Logger logger = Logger.getLogger(GGInAFilter.class); |
|
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
32 |
|
2952
3cacd42a0336
Filter all requests to FLYS
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2893
diff
changeset
|
33 private boolean deactivate = false; |
|
2974
8255247da645
Implement re-authentication if the user (ticket) has expired.
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2964
diff
changeset
|
34 private String authmethod; |
|
4194
17fe00c09b7c
Don't redirect to request uri
Björn Ricks <bjoern.ricks@intevation.de>
parents:
3851
diff
changeset
|
35 private String redirecturl; |
|
3485
71ba3cf3ec5e
Refactor Authentication to allow to pass the Freatures to the user class
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2974
diff
changeset
|
36 private ServletContext sc; |
|
2889
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
37 |
|
3851
a4c9296f6efa
Use the Context PATH servlet variable when using URLs in the GGInAFilter
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
3485
diff
changeset
|
38 public static final String LOGIN_JSP = "/login.jsp"; |
|
a4c9296f6efa
Use the Context PATH servlet variable when using URLs in the GGInAFilter
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
3485
diff
changeset
|
39 public static final String LOGIN_SERVLET = "/flys/login"; |
|
a4c9296f6efa
Use the Context PATH servlet variable when using URLs in the GGInAFilter
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
3485
diff
changeset
|
40 public static final String FLYS_CSS = "/FLYS.css"; |
|
a4c9296f6efa
Use the Context PATH servlet variable when using URLs in the GGInAFilter
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
3485
diff
changeset
|
41 |
|
2889
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
42 |
|
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
43 /** |
|
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
44 * Initialize. |
|
2952
3cacd42a0336
Filter all requests to FLYS
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2893
diff
changeset
|
45 * |
|
3cacd42a0336
Filter all requests to FLYS
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2893
diff
changeset
|
46 * Read FilterConfig parameter deactivate |
|
2889
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
47 */ |
|
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
48 @Override |
|
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
49 public void init(FilterConfig config) |
|
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
50 throws ServletException |
|
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
51 { |
|
2952
3cacd42a0336
Filter all requests to FLYS
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2893
diff
changeset
|
52 String deactivate = config.getInitParameter("deactivate"); |
|
3485
71ba3cf3ec5e
Refactor Authentication to allow to pass the Freatures to the user class
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2974
diff
changeset
|
53 this.sc = config.getServletContext(); |
|
3851
a4c9296f6efa
Use the Context PATH servlet variable when using URLs in the GGInAFilter
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
3485
diff
changeset
|
54 logger.debug("GGInAFilter context " + this.sc.getContextPath()); |
|
3485
71ba3cf3ec5e
Refactor Authentication to allow to pass the Freatures to the user class
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2974
diff
changeset
|
55 this.authmethod = sc.getInitParameter("authentication"); |
|
4194
17fe00c09b7c
Don't redirect to request uri
Björn Ricks <bjoern.ricks@intevation.de>
parents:
3851
diff
changeset
|
56 this.redirecturl = sc.getInitParameter("redirect-url"); |
|
2955
f1030909eeb6
Check filter config in web.xml for String false to deactivate the GGInAFilter instead of "1".
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2952
diff
changeset
|
57 if (deactivate != null && deactivate.equalsIgnoreCase("true")) { |
|
2952
3cacd42a0336
Filter all requests to FLYS
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2893
diff
changeset
|
58 this.deactivate = true; |
|
3cacd42a0336
Filter all requests to FLYS
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2893
diff
changeset
|
59 } |
|
3cacd42a0336
Filter all requests to FLYS
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2893
diff
changeset
|
60 |
|
2889
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
61 } |
|
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
62 |
|
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
63 |
|
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
64 /** |
|
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
65 * Called when filter in chain invoked. |
|
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
66 * @param req request to servlet |
|
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
67 * @param resp response of servlet |
|
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
68 * @param chain the filter chain |
|
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
69 */ |
|
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
70 @Override |
|
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
71 public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) |
|
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
72 throws IOException, ServletException |
|
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
73 { |
|
2952
3cacd42a0336
Filter all requests to FLYS
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2893
diff
changeset
|
74 if (this.deactivate) { |
|
3cacd42a0336
Filter all requests to FLYS
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2893
diff
changeset
|
75 logger.debug("GGinAFilter is deactivated"); |
|
3cacd42a0336
Filter all requests to FLYS
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2893
diff
changeset
|
76 chain.doFilter(req, resp); |
|
3cacd42a0336
Filter all requests to FLYS
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2893
diff
changeset
|
77 return; |
|
3cacd42a0336
Filter all requests to FLYS
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2893
diff
changeset
|
78 } |
|
3cacd42a0336
Filter all requests to FLYS
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2893
diff
changeset
|
79 |
|
3cacd42a0336
Filter all requests to FLYS
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2893
diff
changeset
|
80 HttpServletRequest sreq = (HttpServletRequest) req; |
|
3cacd42a0336
Filter all requests to FLYS
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2893
diff
changeset
|
81 |
|
3cacd42a0336
Filter all requests to FLYS
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2893
diff
changeset
|
82 String requesturi = sreq.getRequestURI(); |
|
3485
71ba3cf3ec5e
Refactor Authentication to allow to pass the Freatures to the user class
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2974
diff
changeset
|
83 for (Enumeration e = req.getAttributeNames() ; e.hasMoreElements() ;) { |
|
71ba3cf3ec5e
Refactor Authentication to allow to pass the Freatures to the user class
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2974
diff
changeset
|
84 logger.debug(e.nextElement()); |
|
71ba3cf3ec5e
Refactor Authentication to allow to pass the Freatures to the user class
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2974
diff
changeset
|
85 } |
|
2952
3cacd42a0336
Filter all requests to FLYS
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2893
diff
changeset
|
86 |
|
3cacd42a0336
Filter all requests to FLYS
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2893
diff
changeset
|
87 logger.debug("Request for: " + requesturi); |
|
3cacd42a0336
Filter all requests to FLYS
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2893
diff
changeset
|
88 |
|
3cacd42a0336
Filter all requests to FLYS
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2893
diff
changeset
|
89 // Allow access to login pages |
|
3cacd42a0336
Filter all requests to FLYS
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2893
diff
changeset
|
90 // TODO Maybe replace with Filter <url-pattern> |
|
3851
a4c9296f6efa
Use the Context PATH servlet variable when using URLs in the GGInAFilter
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
3485
diff
changeset
|
91 String path = this.sc.getContextPath(); |
|
a4c9296f6efa
Use the Context PATH servlet variable when using URLs in the GGInAFilter
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
3485
diff
changeset
|
92 if (requesturi.equals(path + "/login.jsp") || |
|
a4c9296f6efa
Use the Context PATH servlet variable when using URLs in the GGInAFilter
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
3485
diff
changeset
|
93 requesturi.equals(path + "/flys/login") |
|
a4c9296f6efa
Use the Context PATH servlet variable when using URLs in the GGInAFilter
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
3485
diff
changeset
|
94 || requesturi.equals(path + "/FLYS.css")) { |
|
2952
3cacd42a0336
Filter all requests to FLYS
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2893
diff
changeset
|
95 logger.debug("Request for login " + requesturi); |
|
3cacd42a0336
Filter all requests to FLYS
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2893
diff
changeset
|
96 chain.doFilter(req, resp); |
|
3cacd42a0336
Filter all requests to FLYS
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2893
diff
changeset
|
97 return; |
|
3cacd42a0336
Filter all requests to FLYS
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2893
diff
changeset
|
98 } |
|
3cacd42a0336
Filter all requests to FLYS
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2893
diff
changeset
|
99 |
|
4196
e10d60d4f35b
Don't always redirect if user isn't authenticated
Björn Ricks <bjoern.ricks@intevation.de>
parents:
4195
diff
changeset
|
100 boolean redirect = false; |
|
e10d60d4f35b
Don't always redirect if user isn't authenticated
Björn Ricks <bjoern.ricks@intevation.de>
parents:
4195
diff
changeset
|
101 |
|
2952
3cacd42a0336
Filter all requests to FLYS
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2893
diff
changeset
|
102 HttpSession session = sreq.getSession(); |
|
3cacd42a0336
Filter all requests to FLYS
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2893
diff
changeset
|
103 |
|
4195
93b53eaee401
Don't forget context path for redirect url
Björn Ricks <bjoern.ricks@intevation.de>
parents:
4194
diff
changeset
|
104 String uri = path + "/" + this.redirecturl; |
|
4194
17fe00c09b7c
Don't redirect to request uri
Björn Ricks <bjoern.ricks@intevation.de>
parents:
3851
diff
changeset
|
105 |
|
4228
fcdc0d2fdf8f
Don't send 403 if accessing the root path
Björn Ricks <bjoern.ricks@intevation.de>
parents:
4196
diff
changeset
|
106 /* Redirect if uri is root or redirecturl */ |
|
fcdc0d2fdf8f
Don't send 403 if accessing the root path
Björn Ricks <bjoern.ricks@intevation.de>
parents:
4196
diff
changeset
|
107 if (requesturi.equals(uri) || requesturi.equals(path + "/")) { |
|
4196
e10d60d4f35b
Don't always redirect if user isn't authenticated
Björn Ricks <bjoern.ricks@intevation.de>
parents:
4195
diff
changeset
|
108 redirect = true; |
|
e10d60d4f35b
Don't always redirect if user isn't authenticated
Björn Ricks <bjoern.ricks@intevation.de>
parents:
4195
diff
changeset
|
109 } |
|
e10d60d4f35b
Don't always redirect if user isn't authenticated
Björn Ricks <bjoern.ricks@intevation.de>
parents:
4195
diff
changeset
|
110 |
|
2952
3cacd42a0336
Filter all requests to FLYS
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2893
diff
changeset
|
111 if (sreq.getQueryString() != null) { |
|
3cacd42a0336
Filter all requests to FLYS
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2893
diff
changeset
|
112 uri = uri + "?" + sreq.getQueryString(); |
|
3cacd42a0336
Filter all requests to FLYS
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2893
diff
changeset
|
113 } |
|
3cacd42a0336
Filter all requests to FLYS
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2893
diff
changeset
|
114 session.setAttribute("requesturi", uri); |
|
3cacd42a0336
Filter all requests to FLYS
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2893
diff
changeset
|
115 |
|
3cacd42a0336
Filter all requests to FLYS
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2893
diff
changeset
|
116 User user = (User)session.getAttribute("user"); |
|
3cacd42a0336
Filter all requests to FLYS
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2893
diff
changeset
|
117 if (user == null) { |
|
3cacd42a0336
Filter all requests to FLYS
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2893
diff
changeset
|
118 logger.debug("No user in session: " + requesturi); |
|
4196
e10d60d4f35b
Don't always redirect if user isn't authenticated
Björn Ricks <bjoern.ricks@intevation.de>
parents:
4195
diff
changeset
|
119 this.handleResponse(resp, redirect); |
|
2952
3cacd42a0336
Filter all requests to FLYS
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2893
diff
changeset
|
120 return; |
|
3cacd42a0336
Filter all requests to FLYS
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2893
diff
changeset
|
121 } |
|
3cacd42a0336
Filter all requests to FLYS
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2893
diff
changeset
|
122 if (user.hasExpired()) { |
|
2974
8255247da645
Implement re-authentication if the user (ticket) has expired.
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2964
diff
changeset
|
123 // try to re-authenticate the user |
|
2952
3cacd42a0336
Filter all requests to FLYS
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2893
diff
changeset
|
124 logger.debug("User ticket has expired: " + requesturi); |
|
2974
8255247da645
Implement re-authentication if the user (ticket) has expired.
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2964
diff
changeset
|
125 String encoding = sreq.getCharacterEncoding(); |
|
8255247da645
Implement re-authentication if the user (ticket) has expired.
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2964
diff
changeset
|
126 try { |
|
8255247da645
Implement re-authentication if the user (ticket) has expired.
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2964
diff
changeset
|
127 Authentication auth = this.auth(user, encoding); |
|
8255247da645
Implement re-authentication if the user (ticket) has expired.
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2964
diff
changeset
|
128 if (auth == null || !auth.isSuccess()) { |
|
8255247da645
Implement re-authentication if the user (ticket) has expired.
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2964
diff
changeset
|
129 logger.debug("Re-athentication not successful"); |
|
4196
e10d60d4f35b
Don't always redirect if user isn't authenticated
Björn Ricks <bjoern.ricks@intevation.de>
parents:
4195
diff
changeset
|
130 this.handleResponse(resp, redirect); |
|
2974
8255247da645
Implement re-authentication if the user (ticket) has expired.
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2964
diff
changeset
|
131 } |
|
8255247da645
Implement re-authentication if the user (ticket) has expired.
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2964
diff
changeset
|
132 } |
|
8255247da645
Implement re-authentication if the user (ticket) has expired.
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2964
diff
changeset
|
133 catch(AuthenticationException e) { |
|
8255247da645
Implement re-authentication if the user (ticket) has expired.
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2964
diff
changeset
|
134 logger.error("Failure during re-authentication", e); |
|
4196
e10d60d4f35b
Don't always redirect if user isn't authenticated
Björn Ricks <bjoern.ricks@intevation.de>
parents:
4195
diff
changeset
|
135 this.handleResponse(resp, redirect); |
|
2974
8255247da645
Implement re-authentication if the user (ticket) has expired.
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2964
diff
changeset
|
136 return; |
|
8255247da645
Implement re-authentication if the user (ticket) has expired.
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2964
diff
changeset
|
137 } |
|
2952
3cacd42a0336
Filter all requests to FLYS
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2893
diff
changeset
|
138 } |
|
3cacd42a0336
Filter all requests to FLYS
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2893
diff
changeset
|
139 |
|
2889
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
140 logger.debug("GGInAFilter.doFilter"); |
|
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
141 chain.doFilter(req, resp); |
|
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
142 return; |
|
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
143 } |
|
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
144 |
|
2952
3cacd42a0336
Filter all requests to FLYS
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2893
diff
changeset
|
145 private void redirect(ServletResponse resp) throws IOException { |
|
3cacd42a0336
Filter all requests to FLYS
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2893
diff
changeset
|
146 logger.debug("Redirect to login"); |
|
3851
a4c9296f6efa
Use the Context PATH servlet variable when using URLs in the GGInAFilter
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
3485
diff
changeset
|
147 ((HttpServletResponse) resp).sendRedirect(this.sc.getContextPath() + |
|
a4c9296f6efa
Use the Context PATH servlet variable when using URLs in the GGInAFilter
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
3485
diff
changeset
|
148 "/login.jsp"); |
|
2952
3cacd42a0336
Filter all requests to FLYS
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2893
diff
changeset
|
149 } |
|
3cacd42a0336
Filter all requests to FLYS
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2893
diff
changeset
|
150 |
|
4196
e10d60d4f35b
Don't always redirect if user isn't authenticated
Björn Ricks <bjoern.ricks@intevation.de>
parents:
4195
diff
changeset
|
151 private void sendNotAuthenticated(ServletResponse resp) throws IOException { |
|
e10d60d4f35b
Don't always redirect if user isn't authenticated
Björn Ricks <bjoern.ricks@intevation.de>
parents:
4195
diff
changeset
|
152 logger.debug("Send not authenticated"); |
|
e10d60d4f35b
Don't always redirect if user isn't authenticated
Björn Ricks <bjoern.ricks@intevation.de>
parents:
4195
diff
changeset
|
153 ((HttpServletResponse)resp).sendError(HttpServletResponse.SC_FORBIDDEN, "User not authenticated"); |
|
e10d60d4f35b
Don't always redirect if user isn't authenticated
Björn Ricks <bjoern.ricks@intevation.de>
parents:
4195
diff
changeset
|
154 } |
|
e10d60d4f35b
Don't always redirect if user isn't authenticated
Björn Ricks <bjoern.ricks@intevation.de>
parents:
4195
diff
changeset
|
155 |
|
e10d60d4f35b
Don't always redirect if user isn't authenticated
Björn Ricks <bjoern.ricks@intevation.de>
parents:
4195
diff
changeset
|
156 private void handleResponse(ServletResponse resp, boolean redirect) throws IOException { |
|
e10d60d4f35b
Don't always redirect if user isn't authenticated
Björn Ricks <bjoern.ricks@intevation.de>
parents:
4195
diff
changeset
|
157 if (redirect) { |
|
e10d60d4f35b
Don't always redirect if user isn't authenticated
Björn Ricks <bjoern.ricks@intevation.de>
parents:
4195
diff
changeset
|
158 this.redirect(resp); |
|
e10d60d4f35b
Don't always redirect if user isn't authenticated
Björn Ricks <bjoern.ricks@intevation.de>
parents:
4195
diff
changeset
|
159 } |
|
e10d60d4f35b
Don't always redirect if user isn't authenticated
Björn Ricks <bjoern.ricks@intevation.de>
parents:
4195
diff
changeset
|
160 else { |
|
e10d60d4f35b
Don't always redirect if user isn't authenticated
Björn Ricks <bjoern.ricks@intevation.de>
parents:
4195
diff
changeset
|
161 this.sendNotAuthenticated(resp); |
|
e10d60d4f35b
Don't always redirect if user isn't authenticated
Björn Ricks <bjoern.ricks@intevation.de>
parents:
4195
diff
changeset
|
162 } |
|
e10d60d4f35b
Don't always redirect if user isn't authenticated
Björn Ricks <bjoern.ricks@intevation.de>
parents:
4195
diff
changeset
|
163 } |
|
e10d60d4f35b
Don't always redirect if user isn't authenticated
Björn Ricks <bjoern.ricks@intevation.de>
parents:
4195
diff
changeset
|
164 |
|
2889
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
165 |
|
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
166 /** |
|
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
167 * Do nothing at destruction. |
|
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
168 */ |
|
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
169 @Override |
|
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
170 public void destroy() { |
|
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
171 } |
|
2974
8255247da645
Implement re-authentication if the user (ticket) has expired.
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2964
diff
changeset
|
172 |
|
8255247da645
Implement re-authentication if the user (ticket) has expired.
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2964
diff
changeset
|
173 private Authentication auth(User user, String encoding) |
|
8255247da645
Implement re-authentication if the user (ticket) has expired.
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2964
diff
changeset
|
174 throws AuthenticationException, IOException { |
|
3485
71ba3cf3ec5e
Refactor Authentication to allow to pass the Freatures to the user class
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2974
diff
changeset
|
175 Features features = (Features)sc.getAttribute(Features.CONTEXT_ATTRIBUTE); |
|
2974
8255247da645
Implement re-authentication if the user (ticket) has expired.
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2964
diff
changeset
|
176 return AuthenticationFactory.getInstance(this.authmethod).auth( |
|
3485
71ba3cf3ec5e
Refactor Authentication to allow to pass the Freatures to the user class
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2974
diff
changeset
|
177 user.getName(), user.getPassword(), encoding, features); |
|
2974
8255247da645
Implement re-authentication if the user (ticket) has expired.
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2964
diff
changeset
|
178 } |
|
2889
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
179 } |
|
6c613c9f3a51
Stub for A&A Servlet Filter.
Felix Wolfsteller <felix.wolfsteller@intevation.de>
parents:
diff
changeset
|
180 // vim:set ts=4 sw=4 si et sta sts=4 fenc=utf8 : |