dive4elements/river: flys-client/src/main/java/de/intevation/flys/client/server/filter/GGInAFilter.java comparison

comparison flys-client/src/main/java/de/intevation/flys/client/server/filter/GGInAFilter.java @ 4436:9fca4d60fb7c

Reintroduce wrongly outbacked changes (rev 4418-4425).

author	Felix Wolfsteller <felix.wolfsteller@intevation.de>
date	Wed, 07 Nov 2012 13:49:32 +0100
parents
children	9a2432485371

comparison

equal deleted inserted replaced

-:471baa410470
+:9fca4d60fb7c
+package de.intevation.flys.client.server.filter;
+import de.intevation.flys.client.server.auth.Authentication;
+import de.intevation.flys.client.server.auth.AuthenticationException;
+import de.intevation.flys.client.server.auth.AuthenticationFactory;
+import de.intevation.flys.client.server.auth.User;
+import de.intevation.flys.client.server.features.Features;
+import java.io.IOException;
+import java.util.Enumeration;
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletContext;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+import org.apache.log4j.Logger;
+/** ServletFilter used for GGInA authentification and certain authorisation. */
+public class GGInAFilter implements Filter {
+/** Private logger. */
+private static Logger logger = Logger.getLogger(GGInAFilter.class);
+private boolean deactivate = false;
+private String authmethod;
+private String redirecturl;
+private ServletContext sc;
+public static final String LOGIN_JSP     = "/login.jsp";
+public static final String LOGIN_SERVLET = "/flys/login";
+public static final String FLYS_CSS      = "/FLYS.css";
+public static final String MAP_PRINT     = "/flys/map-print";
+public static final String MAPFISH_PRINT = "/flys/mapfish-print/print.pdf";
+/**
+* Initialize.
+*
+* Read FilterConfig parameter deactivate
+*/
+@Override
+public void init(FilterConfig config)
+throws ServletException
+{
+String deactivate = config.getInitParameter("deactivate");
+this.sc = config.getServletContext();
+logger.debug("GGInAFilter context " + this.sc.getContextPath());
+this.authmethod = sc.getInitParameter("authentication");
+this.redirecturl = sc.getInitParameter("redirect-url");
+if (deactivate != null && deactivate.equalsIgnoreCase("true")) {
+this.deactivate = true;
+}
+}
+/**
+* Called when filter in chain invoked.
+* @param req request to servlet
+* @param resp response of servlet
+* @param chain the filter chain
+*/
+@Override
+public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain)
+throws IOException, ServletException
+{
+if (this.deactivate) {
+logger.debug("GGinAFilter is deactivated");
+chain.doFilter(req, resp);
+return;
+}
+HttpServletRequest sreq = (HttpServletRequest) req;
+String requesturi = sreq.getRequestURI();
+for (Enumeration e = req.getAttributeNames() ; e.hasMoreElements() ;) {
+logger.debug(e.nextElement());
+}
+logger.debug("Request for: " + requesturi);
+// Allow access to login pages
+// TODO Maybe replace with Filter <url-pattern>
+String path = this.sc.getContextPath();
+if (requesturi.equals(path + LOGIN_JSP)
+|| requesturi.equals(path + LOGIN_SERVLET)
+|| requesturi.equals(path + FLYS_CSS)
+|| requesturi.equals(path + MAP_PRINT)
+|| requesturi.equals(path + MAPFISH_PRINT)) {
+logger.debug("Request for login " + requesturi);
+chain.doFilter(req, resp);
+return;
+}
+boolean redirect = false;
+HttpSession session = sreq.getSession();
+String uri = path + "/" + this.redirecturl;
+/* Redirect if uri is root or redirecturl */
+if (requesturi.equals(uri) || requesturi.equals(path + "/")) {
+redirect = true;
+}
+if (sreq.getQueryString() != null) {
+uri = uri + "?" + sreq.getQueryString();
+}
+session.setAttribute("requesturi", uri);
+User user = (User)session.getAttribute("user");
+if (user == null) {
+logger.debug("No user in session: " + requesturi);
+this.handleResponse(resp, redirect);
+return;
+}
+if (user.hasExpired()) {
+// try to re-authenticate the user
+logger.debug("User ticket has expired: " + requesturi);
+String encoding = sreq.getCharacterEncoding();
+try {
+Authentication auth = this.auth(user, encoding);
+if (auth == null || !auth.isSuccess()) {
+logger.debug("Re-athentication not successful");
+this.handleResponse(resp, redirect);
+}
+}
+catch(AuthenticationException e) {
+logger.error("Failure during re-authentication", e);
+this.handleResponse(resp, redirect);
+return;
+}
+}
+chain.doFilter(req, resp);
+return;
+}
+private void redirect(ServletResponse resp) throws IOException {
+logger.debug("Redirect to login");
+((HttpServletResponse) resp).sendRedirect(this.sc.getContextPath() +
+"/login.jsp");
+}
+private void sendNotAuthenticated(ServletResponse resp) throws IOException {
+logger.debug("Send not authenticated");
+((HttpServletResponse)resp).sendError(HttpServletResponse.SC_FORBIDDEN, "User not authenticated");
+}
+private void handleResponse(ServletResponse resp, boolean redirect) throws IOException {
+if (redirect) {
+this.redirect(resp);
+}
+else {
+this.sendNotAuthenticated(resp);
+}
+}
+/**
+* Do nothing at destruction.
+*/
+@Override
+public void destroy() {
+}
+private Authentication auth(User user, String encoding)
+throws AuthenticationException, IOException {
+Features features = (Features)sc.getAttribute(Features.CONTEXT_ATTRIBUTE);
+return AuthenticationFactory.getInstance(this.authmethod).auth(
+user.getName(), user.getPassword(), encoding, features);
+}
+}
+// vim:set ts=4 sw=4 si et sta sts=4 fenc=utf8 :

Mercurial > dive4elements > river

comparison flys-client/src/main/java/de/intevation/flys/client/server/filter/GGInAFilter.java @ 4436:9fca4d60fb7c