Mercurial > dive4elements > river

comparison flys-client/src/main/java/de/intevation/flys/client/server/GGInAFilter.java @ 4433:5b8919ef601d

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Backed out changeset e8a4d2fd25cc
author Felix Wolfsteller <felix.wolfsteller@intevation.de>
date Wed, 07 Nov 2012 12:23:41 +0100
parents
children
comparison
equal deleted inserted replaced
4432:e8a4d2fd25cc 4433:5b8919ef601d
1 package de.intevation.flys.client.server;
2
3 import java.io.IOException;
4 import java.util.Enumeration;
5
6 import javax.servlet.Filter;
7 import javax.servlet.FilterChain;
8 import javax.servlet.FilterConfig;
9 import javax.servlet.ServletContext;
10 import javax.servlet.ServletException;
11 import javax.servlet.ServletRequest;
12 import javax.servlet.ServletResponse;
13
14 import javax.servlet.http.HttpServletRequest;
15 import javax.servlet.http.HttpServletResponse;
16 import javax.servlet.http.HttpSession;
17
18 import org.apache.log4j.Logger;
19
20 import de.intevation.flys.client.server.auth.Authentication;
21 import de.intevation.flys.client.server.auth.AuthenticationException;
22 import de.intevation.flys.client.server.auth.AuthenticationFactory;
23 import de.intevation.flys.client.server.auth.User;
24 import de.intevation.flys.client.server.features.Features;
25
26
27 /** ServletFilter used for GGInA authentification and certain authorisation. */
28 public class GGInAFilter implements Filter {
29
30 /** Private logger. */
31 private static Logger logger = Logger.getLogger(GGInAFilter.class);
32
33 private boolean deactivate = false;
34 private String authmethod;
35 private String redirecturl;
36 private ServletContext sc;
37
38 public static final String LOGIN_JSP = "/login.jsp";
39 public static final String LOGIN_SERVLET = "/flys/login";
40 public static final String FLYS_CSS = "/FLYS.css";
41
42
43 /**
44 * Initialize.
45 *
46 * Read FilterConfig parameter deactivate
47 */
48 @Override
49 public void init(FilterConfig config)
50 throws ServletException
51 {
52 String deactivate = config.getInitParameter("deactivate");
53 this.sc = config.getServletContext();
54 logger.debug("GGInAFilter context " + this.sc.getContextPath());
55 this.authmethod = sc.getInitParameter("authentication");
56 this.redirecturl = sc.getInitParameter("redirect-url");
57 if (deactivate != null && deactivate.equalsIgnoreCase("true")) {
58 this.deactivate = true;
59 }
60
61 }
62
63
64 /**
65 * Called when filter in chain invoked.
66 * @param req request to servlet
67 * @param resp response of servlet
68 * @param chain the filter chain
69 */
70 @Override
71 public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain)
72 throws IOException, ServletException
73 {
74 if (this.deactivate) {
75 logger.debug("GGinAFilter is deactivated");
76 chain.doFilter(req, resp);
77 return;
78 }
79
80 HttpServletRequest sreq = (HttpServletRequest) req;
81
82 String requesturi = sreq.getRequestURI();
83 for (Enumeration e = req.getAttributeNames() ; e.hasMoreElements() ;) {
84 logger.debug(e.nextElement());
85 }
86
87 logger.debug("Request for: " + requesturi);
88
89 // Allow access to login pages
90 // TODO Maybe replace with Filter <url-pattern>
91 String path = this.sc.getContextPath();
92 if (requesturi.equals(path + "/login.jsp") ||
93 requesturi.equals(path + "/flys/login")
94 || requesturi.equals(path + "/FLYS.css")) {
95 logger.debug("Request for login " + requesturi);
96 chain.doFilter(req, resp);
97 return;
98 }
99
100 boolean redirect = false;
101
102 HttpSession session = sreq.getSession();
103
104 String uri = path + "/" + this.redirecturl;
105
106 /* Redirect if uri is root or redirecturl */
107 if (requesturi.equals(uri) || requesturi.equals(path + "/")) {
108 redirect = true;
109 }
110
111 if (sreq.getQueryString() != null) {
112 uri = uri + "?" + sreq.getQueryString();
113 }
114 session.setAttribute("requesturi", uri);
115
116 User user = (User)session.getAttribute("user");
117 if (user == null) {
118 logger.debug("No user in session: " + requesturi);
119 this.handleResponse(resp, redirect);
120 return;
121 }
122 if (user.hasExpired()) {
123 // try to re-authenticate the user
124 logger.debug("User ticket has expired: " + requesturi);
125 String encoding = sreq.getCharacterEncoding();
126 try {
127 Authentication auth = this.auth(user, encoding);
128 if (auth == null || !auth.isSuccess()) {
129 logger.debug("Re-athentication not successful");
130 this.handleResponse(resp, redirect);
131 }
132 }
133 catch(AuthenticationException e) {
134 logger.error("Failure during re-authentication", e);
135 this.handleResponse(resp, redirect);
136 return;
137 }
138 }
139
140 logger.debug("GGInAFilter.doFilter");
141 chain.doFilter(req, resp);
142 return;
143 }
144
145 private void redirect(ServletResponse resp) throws IOException {
146 logger.debug("Redirect to login");
147 ((HttpServletResponse) resp).sendRedirect(this.sc.getContextPath() +
148 "/login.jsp");
149 }
150
151 private void sendNotAuthenticated(ServletResponse resp) throws IOException {
152 logger.debug("Send not authenticated");
153 ((HttpServletResponse)resp).sendError(HttpServletResponse.SC_FORBIDDEN, "User not authenticated");
154 }
155
156 private void handleResponse(ServletResponse resp, boolean redirect) throws IOException {
157 if (redirect) {
158 this.redirect(resp);
159 }
160 else {
161 this.sendNotAuthenticated(resp);
162 }
163 }
164
165
166 /**
167 * Do nothing at destruction.
168 */
169 @Override
170 public void destroy() {
171 }
172
173 private Authentication auth(User user, String encoding)
174 throws AuthenticationException, IOException {
175 Features features = (Features)sc.getAttribute(Features.CONTEXT_ATTRIBUTE);
176 return AuthenticationFactory.getInstance(this.authmethod).auth(
177 user.getName(), user.getPassword(), encoding, features);
178 }
179 }
180 // vim:set ts=4 sw=4 si et sta sts=4 fenc=utf8 :
http://dive4elements.wald.intevation.org