Mercurial > dive4elements > river

comparison flys-client/src/main/java/de/intevation/flys/client/server/filter/GGInAFilter.java @ 4423:687b7a6f09aa

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Move GGInAFilter and NoCacheFilter to an own package
author Björn Ricks <bjoern.ricks@intevation.de>
date Tue, 06 Nov 2012 13:39:00 +0100
parents flys-client/src/main/java/de/intevation/flys/client/server/GGInAFilter.java@e96f2a6e4c3e
children 6ef48927df38
comparison
equal deleted inserted replaced
4422:95ffae40c8f2 4423:687b7a6f09aa
1 package de.intevation.flys.client.server.filter;
2
3 import java.io.IOException;
4 import java.util.Enumeration;
5
6 import javax.servlet.Filter;
7 import javax.servlet.FilterChain;
8 import javax.servlet.FilterConfig;
9 import javax.servlet.ServletContext;
10 import javax.servlet.ServletException;
11 import javax.servlet.ServletRequest;
12 import javax.servlet.ServletResponse;
13
14 import javax.servlet.http.HttpServletRequest;
15 import javax.servlet.http.HttpServletResponse;
16 import javax.servlet.http.HttpSession;
17
18 import org.apache.log4j.Logger;
19
20 import de.intevation.flys.client.server.auth.Authentication;
21 import de.intevation.flys.client.server.auth.AuthenticationException;
22 import de.intevation.flys.client.server.auth.AuthenticationFactory;
23 import de.intevation.flys.client.server.auth.User;
24 import de.intevation.flys.client.server.features.Features;
25
26
27 /** ServletFilter used for GGInA authentification and certain authorisation. */
28 public class GGInAFilter implements Filter {
29
30 /** Private logger. */
31 private static Logger logger = Logger.getLogger(GGInAFilter.class);
32
33 private boolean deactivate = false;
34 private String authmethod;
35 private String redirecturl;
36 private ServletContext sc;
37
38 public static final String LOGIN_JSP = "/login.jsp";
39 public static final String LOGIN_SERVLET = "/flys/login";
40 public static final String FLYS_CSS = "/FLYS.css";
41
42
43 /**
44 * Initialize.
45 *
46 * Read FilterConfig parameter deactivate
47 */
48 @Override
49 public void init(FilterConfig config)
50 throws ServletException
51 {
52 String deactivate = config.getInitParameter("deactivate");
53 this.sc = config.getServletContext();
54 logger.debug("GGInAFilter context " + this.sc.getContextPath());
55 this.authmethod = sc.getInitParameter("authentication");
56 this.redirecturl = sc.getInitParameter("redirect-url");
57 if (deactivate != null && deactivate.equalsIgnoreCase("true")) {
58 this.deactivate = true;
59 }
60
61 }
62
63
64 /**
65 * Called when filter in chain invoked.
66 * @param req request to servlet
67 * @param resp response of servlet
68 * @param chain the filter chain
69 */
70 @Override
71 public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain)
72 throws IOException, ServletException
73 {
74 if (this.deactivate) {
75 logger.debug("GGinAFilter is deactivated");
76 chain.doFilter(req, resp);
77 return;
78 }
79
80 HttpServletRequest sreq = (HttpServletRequest) req;
81
82 String requesturi = sreq.getRequestURI();
83 for (Enumeration e = req.getAttributeNames() ; e.hasMoreElements() ;) {
84 logger.debug(e.nextElement());
85 }
86
87 logger.debug("Request for: " + requesturi);
88
89 // Allow access to login pages
90 // TODO Maybe replace with Filter <url-pattern>
91 String path = this.sc.getContextPath();
92 if (requesturi.equals(path + "/login.jsp") ||
93 requesturi.equals(path + "/flys/login")
94 || requesturi.equals(path + "/FLYS.css")) {
95 logger.debug("Request for login " + requesturi);
96 chain.doFilter(req, resp);
97 return;
98 }
99
100 boolean redirect = false;
101
102 HttpSession session = sreq.getSession();
103
104 String uri = path + "/" + this.redirecturl;
105
106 /* Redirect if uri is root or redirecturl */
107 if (requesturi.equals(uri) || requesturi.equals(path + "/")) {
108 redirect = true;
109 }
110
111 if (sreq.getQueryString() != null) {
112 uri = uri + "?" + sreq.getQueryString();
113 }
114 session.setAttribute("requesturi", uri);
115
116 User user = (User)session.getAttribute("user");
117 if (user == null) {
118 logger.debug("No user in session: " + requesturi);
119 this.handleResponse(resp, redirect);
120 return;
121 }
122 if (user.hasExpired()) {
123 // try to re-authenticate the user
124 logger.debug("User ticket has expired: " + requesturi);
125 String encoding = sreq.getCharacterEncoding();
126 try {
127 Authentication auth = this.auth(user, encoding);
128 if (auth == null || !auth.isSuccess()) {
129 logger.debug("Re-athentication not successful");
130 this.handleResponse(resp, redirect);
131 }
132 }
133 catch(AuthenticationException e) {
134 logger.error("Failure during re-authentication", e);
135 this.handleResponse(resp, redirect);
136 return;
137 }
138 }
139
140 chain.doFilter(req, resp);
141 return;
142 }
143
144 private void redirect(ServletResponse resp) throws IOException {
145 logger.debug("Redirect to login");
146 ((HttpServletResponse) resp).sendRedirect(this.sc.getContextPath() +
147 "/login.jsp");
148 }
149
150 private void sendNotAuthenticated(ServletResponse resp) throws IOException {
151 logger.debug("Send not authenticated");
152 ((HttpServletResponse)resp).sendError(HttpServletResponse.SC_FORBIDDEN, "User not authenticated");
153 }
154
155 private void handleResponse(ServletResponse resp, boolean redirect) throws IOException {
156 if (redirect) {
157 this.redirect(resp);
158 }
159 else {
160 this.sendNotAuthenticated(resp);
161 }
162 }
163
164
165 /**
166 * Do nothing at destruction.
167 */
168 @Override
169 public void destroy() {
170 }
171
172 private Authentication auth(User user, String encoding)
173 throws AuthenticationException, IOException {
174 Features features = (Features)sc.getAttribute(Features.CONTEXT_ATTRIBUTE);
175 return AuthenticationFactory.getInstance(this.authmethod).auth(
176 user.getName(), user.getPassword(), encoding, features);
177 }
178 }
179 // vim:set ts=4 sw=4 si et sta sts=4 fenc=utf8 :
http://dive4elements.wald.intevation.org