Mercurial > dive4elements > river
comparison flys-client/src/main/java/de/intevation/flys/client/server/filter/GGInAFilter.java @ 4423:687b7a6f09aa
Move GGInAFilter and NoCacheFilter to an own package
author | Björn Ricks <bjoern.ricks@intevation.de> |
---|---|
date | Tue, 06 Nov 2012 13:39:00 +0100 |
parents | flys-client/src/main/java/de/intevation/flys/client/server/GGInAFilter.java@e96f2a6e4c3e |
children | 6ef48927df38 |
comparison
equal
deleted
inserted
replaced
4422:95ffae40c8f2 | 4423:687b7a6f09aa |
---|---|
1 package de.intevation.flys.client.server.filter; | |
2 | |
3 import java.io.IOException; | |
4 import java.util.Enumeration; | |
5 | |
6 import javax.servlet.Filter; | |
7 import javax.servlet.FilterChain; | |
8 import javax.servlet.FilterConfig; | |
9 import javax.servlet.ServletContext; | |
10 import javax.servlet.ServletException; | |
11 import javax.servlet.ServletRequest; | |
12 import javax.servlet.ServletResponse; | |
13 | |
14 import javax.servlet.http.HttpServletRequest; | |
15 import javax.servlet.http.HttpServletResponse; | |
16 import javax.servlet.http.HttpSession; | |
17 | |
18 import org.apache.log4j.Logger; | |
19 | |
20 import de.intevation.flys.client.server.auth.Authentication; | |
21 import de.intevation.flys.client.server.auth.AuthenticationException; | |
22 import de.intevation.flys.client.server.auth.AuthenticationFactory; | |
23 import de.intevation.flys.client.server.auth.User; | |
24 import de.intevation.flys.client.server.features.Features; | |
25 | |
26 | |
27 /** ServletFilter used for GGInA authentification and certain authorisation. */ | |
28 public class GGInAFilter implements Filter { | |
29 | |
30 /** Private logger. */ | |
31 private static Logger logger = Logger.getLogger(GGInAFilter.class); | |
32 | |
33 private boolean deactivate = false; | |
34 private String authmethod; | |
35 private String redirecturl; | |
36 private ServletContext sc; | |
37 | |
38 public static final String LOGIN_JSP = "/login.jsp"; | |
39 public static final String LOGIN_SERVLET = "/flys/login"; | |
40 public static final String FLYS_CSS = "/FLYS.css"; | |
41 | |
42 | |
43 /** | |
44 * Initialize. | |
45 * | |
46 * Read FilterConfig parameter deactivate | |
47 */ | |
48 @Override | |
49 public void init(FilterConfig config) | |
50 throws ServletException | |
51 { | |
52 String deactivate = config.getInitParameter("deactivate"); | |
53 this.sc = config.getServletContext(); | |
54 logger.debug("GGInAFilter context " + this.sc.getContextPath()); | |
55 this.authmethod = sc.getInitParameter("authentication"); | |
56 this.redirecturl = sc.getInitParameter("redirect-url"); | |
57 if (deactivate != null && deactivate.equalsIgnoreCase("true")) { | |
58 this.deactivate = true; | |
59 } | |
60 | |
61 } | |
62 | |
63 | |
64 /** | |
65 * Called when filter in chain invoked. | |
66 * @param req request to servlet | |
67 * @param resp response of servlet | |
68 * @param chain the filter chain | |
69 */ | |
70 @Override | |
71 public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) | |
72 throws IOException, ServletException | |
73 { | |
74 if (this.deactivate) { | |
75 logger.debug("GGinAFilter is deactivated"); | |
76 chain.doFilter(req, resp); | |
77 return; | |
78 } | |
79 | |
80 HttpServletRequest sreq = (HttpServletRequest) req; | |
81 | |
82 String requesturi = sreq.getRequestURI(); | |
83 for (Enumeration e = req.getAttributeNames() ; e.hasMoreElements() ;) { | |
84 logger.debug(e.nextElement()); | |
85 } | |
86 | |
87 logger.debug("Request for: " + requesturi); | |
88 | |
89 // Allow access to login pages | |
90 // TODO Maybe replace with Filter <url-pattern> | |
91 String path = this.sc.getContextPath(); | |
92 if (requesturi.equals(path + "/login.jsp") || | |
93 requesturi.equals(path + "/flys/login") | |
94 || requesturi.equals(path + "/FLYS.css")) { | |
95 logger.debug("Request for login " + requesturi); | |
96 chain.doFilter(req, resp); | |
97 return; | |
98 } | |
99 | |
100 boolean redirect = false; | |
101 | |
102 HttpSession session = sreq.getSession(); | |
103 | |
104 String uri = path + "/" + this.redirecturl; | |
105 | |
106 /* Redirect if uri is root or redirecturl */ | |
107 if (requesturi.equals(uri) || requesturi.equals(path + "/")) { | |
108 redirect = true; | |
109 } | |
110 | |
111 if (sreq.getQueryString() != null) { | |
112 uri = uri + "?" + sreq.getQueryString(); | |
113 } | |
114 session.setAttribute("requesturi", uri); | |
115 | |
116 User user = (User)session.getAttribute("user"); | |
117 if (user == null) { | |
118 logger.debug("No user in session: " + requesturi); | |
119 this.handleResponse(resp, redirect); | |
120 return; | |
121 } | |
122 if (user.hasExpired()) { | |
123 // try to re-authenticate the user | |
124 logger.debug("User ticket has expired: " + requesturi); | |
125 String encoding = sreq.getCharacterEncoding(); | |
126 try { | |
127 Authentication auth = this.auth(user, encoding); | |
128 if (auth == null || !auth.isSuccess()) { | |
129 logger.debug("Re-athentication not successful"); | |
130 this.handleResponse(resp, redirect); | |
131 } | |
132 } | |
133 catch(AuthenticationException e) { | |
134 logger.error("Failure during re-authentication", e); | |
135 this.handleResponse(resp, redirect); | |
136 return; | |
137 } | |
138 } | |
139 | |
140 chain.doFilter(req, resp); | |
141 return; | |
142 } | |
143 | |
144 private void redirect(ServletResponse resp) throws IOException { | |
145 logger.debug("Redirect to login"); | |
146 ((HttpServletResponse) resp).sendRedirect(this.sc.getContextPath() + | |
147 "/login.jsp"); | |
148 } | |
149 | |
150 private void sendNotAuthenticated(ServletResponse resp) throws IOException { | |
151 logger.debug("Send not authenticated"); | |
152 ((HttpServletResponse)resp).sendError(HttpServletResponse.SC_FORBIDDEN, "User not authenticated"); | |
153 } | |
154 | |
155 private void handleResponse(ServletResponse resp, boolean redirect) throws IOException { | |
156 if (redirect) { | |
157 this.redirect(resp); | |
158 } | |
159 else { | |
160 this.sendNotAuthenticated(resp); | |
161 } | |
162 } | |
163 | |
164 | |
165 /** | |
166 * Do nothing at destruction. | |
167 */ | |
168 @Override | |
169 public void destroy() { | |
170 } | |
171 | |
172 private Authentication auth(User user, String encoding) | |
173 throws AuthenticationException, IOException { | |
174 Features features = (Features)sc.getAttribute(Features.CONTEXT_ATTRIBUTE); | |
175 return AuthenticationFactory.getInstance(this.authmethod).auth( | |
176 user.getName(), user.getPassword(), encoding, features); | |
177 } | |
178 } | |
179 // vim:set ts=4 sw=4 si et sta sts=4 fenc=utf8 : |