Mercurial > dive4elements > river
comparison gwt-client/src/main/java/org/dive4elements/river/client/server/filter/GGInAFilter.java @ 8203:238fc722f87a
sed 's/logger/log/g' src/**/*.java
author | Sascha L. Teichmann <teichmann@intevation.de> |
---|---|
date | Fri, 05 Sep 2014 13:19:22 +0200 |
parents | 3bff11208d3d |
children | b1580e4d342a |
comparison
equal
deleted
inserted
replaced
8202:e4606eae8ea5 | 8203:238fc722f87a |
---|---|
34 | 34 |
35 | 35 |
36 /** ServletFilter used for GGInA authentification and certain authorisation. */ | 36 /** ServletFilter used for GGInA authentification and certain authorisation. */ |
37 public class GGInAFilter implements Filter { | 37 public class GGInAFilter implements Filter { |
38 | 38 |
39 /** Private logger. */ | 39 /** Private log. */ |
40 private static Logger logger = Logger.getLogger(GGInAFilter.class); | 40 private static Logger log = Logger.getLogger(GGInAFilter.class); |
41 | 41 |
42 private boolean deactivate = false; | 42 private boolean deactivate = false; |
43 private String authmethod; | 43 private String authmethod; |
44 private String redirecturl; | 44 private String redirecturl; |
45 private ServletContext sc; | 45 private ServletContext sc; |
59 public void init(FilterConfig config) | 59 public void init(FilterConfig config) |
60 throws ServletException | 60 throws ServletException |
61 { | 61 { |
62 String deactivate = config.getInitParameter("deactivate"); | 62 String deactivate = config.getInitParameter("deactivate"); |
63 this.sc = config.getServletContext(); | 63 this.sc = config.getServletContext(); |
64 logger.debug("GGInAFilter context " + this.sc.getContextPath()); | 64 log.debug("GGInAFilter context " + this.sc.getContextPath()); |
65 this.authmethod = sc.getInitParameter("authentication"); | 65 this.authmethod = sc.getInitParameter("authentication"); |
66 this.redirecturl = sc.getInitParameter("redirect-url"); | 66 this.redirecturl = sc.getInitParameter("redirect-url"); |
67 if (deactivate != null && deactivate.equalsIgnoreCase("true")) { | 67 if (deactivate != null && deactivate.equalsIgnoreCase("true")) { |
68 this.deactivate = true; | 68 this.deactivate = true; |
69 } | 69 } |
80 @Override | 80 @Override |
81 public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) | 81 public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) |
82 throws IOException, ServletException | 82 throws IOException, ServletException |
83 { | 83 { |
84 if (this.deactivate) { | 84 if (this.deactivate) { |
85 logger.debug("GGinAFilter is deactivated"); | 85 log.debug("GGinAFilter is deactivated"); |
86 chain.doFilter(req, resp); | 86 chain.doFilter(req, resp); |
87 return; | 87 return; |
88 } | 88 } |
89 | 89 |
90 HttpServletRequest sreq = (HttpServletRequest) req; | 90 HttpServletRequest sreq = (HttpServletRequest) req; |
91 | 91 |
92 String requesturi = sreq.getRequestURI(); | 92 String requesturi = sreq.getRequestURI(); |
93 if (logger.isDebugEnabled()) { | 93 if (log.isDebugEnabled()) { |
94 for (Enumeration e = req.getAttributeNames() ; e.hasMoreElements() ;) { | 94 for (Enumeration e = req.getAttributeNames() ; e.hasMoreElements() ;) { |
95 logger.debug(e.nextElement()); | 95 log.debug(e.nextElement()); |
96 } | 96 } |
97 } | 97 } |
98 | 98 |
99 logger.debug("Request for: " + requesturi); | 99 log.debug("Request for: " + requesturi); |
100 | 100 |
101 // Allow access to localhost | 101 // Allow access to localhost |
102 if (isLocalAddress(req)) { | 102 if (isLocalAddress(req)) { |
103 String noAuth = sreq.getHeader("X_NO_GGINA_AUTH"); | 103 String noAuth = sreq.getHeader("X_NO_GGINA_AUTH"); |
104 if (noAuth != null && noAuth.equals("TRUE")) { | 104 if (noAuth != null && noAuth.equals("TRUE")) { |
105 logger.debug("Request to localhost"); | 105 log.debug("Request to localhost"); |
106 chain.doFilter(req, resp); | 106 chain.doFilter(req, resp); |
107 return; | 107 return; |
108 } | 108 } |
109 } | 109 } |
110 | 110 |
112 String path = this.sc.getContextPath(); | 112 String path = this.sc.getContextPath(); |
113 if (requesturi.equals(path + LOGIN_JSP) | 113 if (requesturi.equals(path + LOGIN_JSP) |
114 || requesturi.equals(path + LOGIN_SERVLET) | 114 || requesturi.equals(path + LOGIN_SERVLET) |
115 || requesturi.equals(path + SAML_SERVLET) | 115 || requesturi.equals(path + SAML_SERVLET) |
116 || requesturi.equals(path + FLYS_CSS)) { | 116 || requesturi.equals(path + FLYS_CSS)) { |
117 logger.debug("Request for login " + requesturi); | 117 log.debug("Request for login " + requesturi); |
118 chain.doFilter(req, resp); | 118 chain.doFilter(req, resp); |
119 return; | 119 return; |
120 } | 120 } |
121 | 121 |
122 boolean redirect = false; | 122 boolean redirect = false; |
137 } | 137 } |
138 session.setAttribute("requesturi", uri); | 138 session.setAttribute("requesturi", uri); |
139 | 139 |
140 User user = (User)session.getAttribute("user"); | 140 User user = (User)session.getAttribute("user"); |
141 if (user == null) { | 141 if (user == null) { |
142 logger.debug("No user in session: " + requesturi); | 142 log.debug("No user in session: " + requesturi); |
143 this.handleResponse(resp, redirect); | 143 this.handleResponse(resp, redirect); |
144 return; | 144 return; |
145 } | 145 } |
146 if (user.hasExpired()) { | 146 if (user.hasExpired()) { |
147 // try to re-authenticate the user | 147 // try to re-authenticate the user |
148 logger.debug("User ticket has expired: " + requesturi); | 148 log.debug("User ticket has expired: " + requesturi); |
149 String encoding = sreq.getCharacterEncoding(); | 149 String encoding = sreq.getCharacterEncoding(); |
150 try { | 150 try { |
151 Authentication auth = this.auth(user, encoding); | 151 Authentication auth = this.auth(user, encoding); |
152 if (auth == null || !auth.isSuccess()) { | 152 if (auth == null || !auth.isSuccess()) { |
153 logger.debug("Re-athentication not successful"); | 153 log.debug("Re-athentication not successful"); |
154 this.handleResponse(resp, redirect); | 154 this.handleResponse(resp, redirect); |
155 } | 155 } |
156 } | 156 } |
157 catch(AuthenticationException e) { | 157 catch(AuthenticationException e) { |
158 logger.error("Failure during re-authentication", e); | 158 log.error("Failure during re-authentication", e); |
159 this.handleResponse(resp, redirect); | 159 this.handleResponse(resp, redirect); |
160 return; | 160 return; |
161 } | 161 } |
162 } | 162 } |
163 | 163 |
164 chain.doFilter(req, resp); | 164 chain.doFilter(req, resp); |
165 return; | 165 return; |
166 } | 166 } |
167 | 167 |
168 private void redirect(ServletResponse resp) throws IOException { | 168 private void redirect(ServletResponse resp) throws IOException { |
169 logger.debug("Redirect to login"); | 169 log.debug("Redirect to login"); |
170 ((HttpServletResponse) resp).sendRedirect(this.sc.getContextPath() + | 170 ((HttpServletResponse) resp).sendRedirect(this.sc.getContextPath() + |
171 "/login.jsp"); | 171 "/login.jsp"); |
172 } | 172 } |
173 | 173 |
174 private void sendNotAuthenticated(ServletResponse resp) throws IOException { | 174 private void sendNotAuthenticated(ServletResponse resp) throws IOException { |
175 logger.debug("Send not authenticated"); | 175 log.debug("Send not authenticated"); |
176 ((HttpServletResponse)resp).sendError(HttpServletResponse.SC_FORBIDDEN, "User not authenticated"); | 176 ((HttpServletResponse)resp).sendError(HttpServletResponse.SC_FORBIDDEN, "User not authenticated"); |
177 } | 177 } |
178 | 178 |
179 private void handleResponse(ServletResponse resp, boolean redirect) throws IOException { | 179 private void handleResponse(ServletResponse resp, boolean redirect) throws IOException { |
180 if (redirect) { | 180 if (redirect) { |
209 private boolean isLocalAddress(ServletRequest req) { | 209 private boolean isLocalAddress(ServletRequest req) { |
210 try { | 210 try { |
211 InetAddress addr = InetAddress.getByName(req.getRemoteAddr()); | 211 InetAddress addr = InetAddress.getByName(req.getRemoteAddr()); |
212 return addr.isAnyLocalAddress() || addr.isLoopbackAddress(); | 212 return addr.isAnyLocalAddress() || addr.isLoopbackAddress(); |
213 } catch (UnknownHostException e) { | 213 } catch (UnknownHostException e) { |
214 logger.error(e, e); | 214 log.error(e, e); |
215 return false; | 215 return false; |
216 } | 216 } |
217 } | 217 } |
218 } | 218 } |
219 // vim:set ts=4 sw=4 si et sta sts=4 fenc=utf8 : | 219 // vim:set ts=4 sw=4 si et sta sts=4 fenc=utf8 : |