dive4elements/river: flys-client/src/main/java/de/intevation/flys/client/server/GGInAFilter.java comparison

comparison flys-client/src/main/java/de/intevation/flys/client/server/GGInAFilter.java @ 2952:3cacd42a0336

Filter all requests to FLYS If a user is not authenticated redirect him to the login.jsp. The GGinAFilter can be deactivated via the web.xml file. flys-client/trunk@4931 c6561f87-3c4e-4783-a992-168aeb5c3f6f

author	Bjoern Ricks <bjoern.ricks@intevation.de>
date	Wed, 11 Jul 2012 10:57:24 +0000
parents	6e4e4b96ca6c
children	f1030909eeb6

comparison

equal deleted inserted replaced

-:20ae06d2eeff
+:3cacd42a0336
 package de.intevation.flys.client.server;
 import java.io.IOException;
+import java.io.InputStream;
 import javax.servlet.Filter;
 import javax.servlet.FilterChain;
 import javax.servlet.FilterConfig;
 import javax.servlet.ServletException;
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
-/*
-import javax.servlet.http.HttpServlet;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
-*/
+import javax.servlet.http.HttpSession;
 import org.apache.log4j.Logger;
+import de.intevation.flys.client.server.was.User;
 /** ServletFilter used for GGInA authentification and certain authorisation. */
 public class GGInAFilter implements Filter {
 /** Private logger. */
 private static Logger logger = Logger.getLogger(GGInAFilter.class);
-public static final String LOG4J_PROPERTIES = "FLYS_CLIENT_LOG4J_PROPERIES";
+private boolean deactivate = false;
 /**
 * Initialize.
+*
+* Read FilterConfig parameter deactivate
 */
 @Override
 public void init(FilterConfig config)
 throws ServletException
 {
-System.out.println("GGInAFilter.init");
+String deactivate = config.getInitParameter("deactivate");
+if (deactivate != null && deactivate.equals("1")) {
+this.deactivate = true;
+}
 }
 /**
 * Called when filter in chain invoked.
 */
 @Override
 public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain)
 throws IOException, ServletException
 {
-/*
+if (this.deactivate) {
-String userAgent = ((HttpServletRequest) req).getHeader("User-Agent");
+logger.debug("GGinAFilter is deactivated");
-// Redirect
+chain.doFilter(req, resp);
-((HttpServletResponse) resp).sendRedirect(this.geh,gina);
+return;
-*/
+}
-System.out.println("GGInAFilter.doFilter");
+HttpServletRequest sreq = (HttpServletRequest) req;
+String requesturi = sreq.getRequestURI();
+logger.debug("Request for: " + requesturi);
+// Allow access to login pages
+// TODO Maybe replace with Filter <url-pattern>
+if (requesturi.equals("/login.jsp") || requesturi.equals("/flys/login")
+|| requesturi.equals("/FLYS.css")) {
+logger.debug("Request for login " + requesturi);
+chain.doFilter(req, resp);
+return;
+}
+HttpSession session = sreq.getSession();
+String uri = requesturi;
+if (sreq.getQueryString() != null) {
+uri = uri + "?" + sreq.getQueryString();
+}
+session.setAttribute("requesturi", uri);
+User user = (User)session.getAttribute("user");
+if (user == null) {
+logger.debug("No user in session: " + requesturi);
+this.redirect(resp);
+return;
+}
+if (user.hasExpired()) {
+logger.debug("User ticket has expired: " + requesturi);
+this.redirect(resp);
+return;
+}
 logger.debug("GGInAFilter.doFilter");
 chain.doFilter(req, resp);
 return;
+}
+private void redirect(ServletResponse resp) throws IOException {
+logger.debug("Redirect to login");
+((HttpServletResponse) resp).sendRedirect("/login.jsp");
 }
 /**
 * Do nothing at destruction.

Mercurial > dive4elements > river

comparison flys-client/src/main/java/de/intevation/flys/client/server/GGInAFilter.java @ 2952:3cacd42a0336