Mercurial > dive4elements > river

comparison gwt-client/src/main/java/org/dive4elements/river/client/server/filter/GGInAFilter.java @ 8203:238fc722f87a

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
sed 's/logger/log/g' src/**/*.java
author Sascha L. Teichmann <teichmann@intevation.de>
date Fri, 05 Sep 2014 13:19:22 +0200
parents 3bff11208d3d
children b1580e4d342a
comparison
equal deleted inserted replaced
8202:e4606eae8ea5 8203:238fc722f87a
34 34
35 35
36 /** ServletFilter used for GGInA authentification and certain authorisation. */ 36 /** ServletFilter used for GGInA authentification and certain authorisation. */
37 public class GGInAFilter implements Filter { 37 public class GGInAFilter implements Filter {
38 38
39 /** Private logger. */ 39 /** Private log. */
40 private static Logger logger = Logger.getLogger(GGInAFilter.class); 40 private static Logger log = Logger.getLogger(GGInAFilter.class);
41 41
42 private boolean deactivate = false; 42 private boolean deactivate = false;
43 private String authmethod; 43 private String authmethod;
44 private String redirecturl; 44 private String redirecturl;
45 private ServletContext sc; 45 private ServletContext sc;
59 public void init(FilterConfig config) 59 public void init(FilterConfig config)
60 throws ServletException 60 throws ServletException
61 { 61 {
62 String deactivate = config.getInitParameter("deactivate"); 62 String deactivate = config.getInitParameter("deactivate");
63 this.sc = config.getServletContext(); 63 this.sc = config.getServletContext();
64 logger.debug("GGInAFilter context " + this.sc.getContextPath()); 64 log.debug("GGInAFilter context " + this.sc.getContextPath());
65 this.authmethod = sc.getInitParameter("authentication"); 65 this.authmethod = sc.getInitParameter("authentication");
66 this.redirecturl = sc.getInitParameter("redirect-url"); 66 this.redirecturl = sc.getInitParameter("redirect-url");
67 if (deactivate != null && deactivate.equalsIgnoreCase("true")) { 67 if (deactivate != null && deactivate.equalsIgnoreCase("true")) {
68 this.deactivate = true; 68 this.deactivate = true;
69 } 69 }
80 @Override 80 @Override
81 public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) 81 public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain)
82 throws IOException, ServletException 82 throws IOException, ServletException
83 { 83 {
84 if (this.deactivate) { 84 if (this.deactivate) {
85 logger.debug("GGinAFilter is deactivated"); 85 log.debug("GGinAFilter is deactivated");
86 chain.doFilter(req, resp); 86 chain.doFilter(req, resp);
87 return; 87 return;
88 } 88 }
89 89
90 HttpServletRequest sreq = (HttpServletRequest) req; 90 HttpServletRequest sreq = (HttpServletRequest) req;
91 91
92 String requesturi = sreq.getRequestURI(); 92 String requesturi = sreq.getRequestURI();
93 if (logger.isDebugEnabled()) { 93 if (log.isDebugEnabled()) {
94 for (Enumeration e = req.getAttributeNames() ; e.hasMoreElements() ;) { 94 for (Enumeration e = req.getAttributeNames() ; e.hasMoreElements() ;) {
95 logger.debug(e.nextElement()); 95 log.debug(e.nextElement());
96 } 96 }
97 } 97 }
98 98
99 logger.debug("Request for: " + requesturi); 99 log.debug("Request for: " + requesturi);
100 100
101 // Allow access to localhost 101 // Allow access to localhost
102 if (isLocalAddress(req)) { 102 if (isLocalAddress(req)) {
103 String noAuth = sreq.getHeader("X_NO_GGINA_AUTH"); 103 String noAuth = sreq.getHeader("X_NO_GGINA_AUTH");
104 if (noAuth != null && noAuth.equals("TRUE")) { 104 if (noAuth != null && noAuth.equals("TRUE")) {
105 logger.debug("Request to localhost"); 105 log.debug("Request to localhost");
106 chain.doFilter(req, resp); 106 chain.doFilter(req, resp);
107 return; 107 return;
108 } 108 }
109 } 109 }
110 110
112 String path = this.sc.getContextPath(); 112 String path = this.sc.getContextPath();
113 if (requesturi.equals(path + LOGIN_JSP) 113 if (requesturi.equals(path + LOGIN_JSP)
114 || requesturi.equals(path + LOGIN_SERVLET) 114 || requesturi.equals(path + LOGIN_SERVLET)
115 || requesturi.equals(path + SAML_SERVLET) 115 || requesturi.equals(path + SAML_SERVLET)
116 || requesturi.equals(path + FLYS_CSS)) { 116 || requesturi.equals(path + FLYS_CSS)) {
117 logger.debug("Request for login " + requesturi); 117 log.debug("Request for login " + requesturi);
118 chain.doFilter(req, resp); 118 chain.doFilter(req, resp);
119 return; 119 return;
120 } 120 }
121 121
122 boolean redirect = false; 122 boolean redirect = false;
137 } 137 }
138 session.setAttribute("requesturi", uri); 138 session.setAttribute("requesturi", uri);
139 139
140 User user = (User)session.getAttribute("user"); 140 User user = (User)session.getAttribute("user");
141 if (user == null) { 141 if (user == null) {
142 logger.debug("No user in session: " + requesturi); 142 log.debug("No user in session: " + requesturi);
143 this.handleResponse(resp, redirect); 143 this.handleResponse(resp, redirect);
144 return; 144 return;
145 } 145 }
146 if (user.hasExpired()) { 146 if (user.hasExpired()) {
147 // try to re-authenticate the user 147 // try to re-authenticate the user
148 logger.debug("User ticket has expired: " + requesturi); 148 log.debug("User ticket has expired: " + requesturi);
149 String encoding = sreq.getCharacterEncoding(); 149 String encoding = sreq.getCharacterEncoding();
150 try { 150 try {
151 Authentication auth = this.auth(user, encoding); 151 Authentication auth = this.auth(user, encoding);
152 if (auth == null || !auth.isSuccess()) { 152 if (auth == null || !auth.isSuccess()) {
153 logger.debug("Re-athentication not successful"); 153 log.debug("Re-athentication not successful");
154 this.handleResponse(resp, redirect); 154 this.handleResponse(resp, redirect);
155 } 155 }
156 } 156 }
157 catch(AuthenticationException e) { 157 catch(AuthenticationException e) {
158 logger.error("Failure during re-authentication", e); 158 log.error("Failure during re-authentication", e);
159 this.handleResponse(resp, redirect); 159 this.handleResponse(resp, redirect);
160 return; 160 return;
161 } 161 }
162 } 162 }
163 163
164 chain.doFilter(req, resp); 164 chain.doFilter(req, resp);
165 return; 165 return;
166 } 166 }
167 167
168 private void redirect(ServletResponse resp) throws IOException { 168 private void redirect(ServletResponse resp) throws IOException {
169 logger.debug("Redirect to login"); 169 log.debug("Redirect to login");
170 ((HttpServletResponse) resp).sendRedirect(this.sc.getContextPath() + 170 ((HttpServletResponse) resp).sendRedirect(this.sc.getContextPath() +
171 "/login.jsp"); 171 "/login.jsp");
172 } 172 }
173 173
174 private void sendNotAuthenticated(ServletResponse resp) throws IOException { 174 private void sendNotAuthenticated(ServletResponse resp) throws IOException {
175 logger.debug("Send not authenticated"); 175 log.debug("Send not authenticated");
176 ((HttpServletResponse)resp).sendError(HttpServletResponse.SC_FORBIDDEN, "User not authenticated"); 176 ((HttpServletResponse)resp).sendError(HttpServletResponse.SC_FORBIDDEN, "User not authenticated");
177 } 177 }
178 178
179 private void handleResponse(ServletResponse resp, boolean redirect) throws IOException { 179 private void handleResponse(ServletResponse resp, boolean redirect) throws IOException {
180 if (redirect) { 180 if (redirect) {
209 private boolean isLocalAddress(ServletRequest req) { 209 private boolean isLocalAddress(ServletRequest req) {
210 try { 210 try {
211 InetAddress addr = InetAddress.getByName(req.getRemoteAddr()); 211 InetAddress addr = InetAddress.getByName(req.getRemoteAddr());
212 return addr.isAnyLocalAddress() || addr.isLoopbackAddress(); 212 return addr.isAnyLocalAddress() || addr.isLoopbackAddress();
213 } catch (UnknownHostException e) { 213 } catch (UnknownHostException e) {
214 logger.error(e, e); 214 log.error(e, e);
215 return false; 215 return false;
216 } 216 }
217 } 217 }
218 } 218 }
219 // vim:set ts=4 sw=4 si et sta sts=4 fenc=utf8 : 219 // vim:set ts=4 sw=4 si et sta sts=4 fenc=utf8 :
http://dive4elements.wald.intevation.org