Mercurial > dive4elements > river
comparison flys-client/src/main/java/de/intevation/flys/client/server/filter/GGInAFilter.java @ 4436:9fca4d60fb7c
Reintroduce wrongly outbacked changes (rev 4418-4425).
author | Felix Wolfsteller <felix.wolfsteller@intevation.de> |
---|---|
date | Wed, 07 Nov 2012 13:49:32 +0100 |
parents | |
children | 9a2432485371 |
comparison
equal
deleted
inserted
replaced
4435:471baa410470 | 4436:9fca4d60fb7c |
---|---|
1 package de.intevation.flys.client.server.filter; | |
2 | |
3 import de.intevation.flys.client.server.auth.Authentication; | |
4 import de.intevation.flys.client.server.auth.AuthenticationException; | |
5 import de.intevation.flys.client.server.auth.AuthenticationFactory; | |
6 import de.intevation.flys.client.server.auth.User; | |
7 import de.intevation.flys.client.server.features.Features; | |
8 | |
9 import java.io.IOException; | |
10 import java.util.Enumeration; | |
11 | |
12 import javax.servlet.Filter; | |
13 import javax.servlet.FilterChain; | |
14 import javax.servlet.FilterConfig; | |
15 import javax.servlet.ServletContext; | |
16 import javax.servlet.ServletException; | |
17 import javax.servlet.ServletRequest; | |
18 import javax.servlet.ServletResponse; | |
19 import javax.servlet.http.HttpServletRequest; | |
20 import javax.servlet.http.HttpServletResponse; | |
21 import javax.servlet.http.HttpSession; | |
22 | |
23 import org.apache.log4j.Logger; | |
24 | |
25 | |
26 /** ServletFilter used for GGInA authentification and certain authorisation. */ | |
27 public class GGInAFilter implements Filter { | |
28 | |
29 /** Private logger. */ | |
30 private static Logger logger = Logger.getLogger(GGInAFilter.class); | |
31 | |
32 private boolean deactivate = false; | |
33 private String authmethod; | |
34 private String redirecturl; | |
35 private ServletContext sc; | |
36 | |
37 public static final String LOGIN_JSP = "/login.jsp"; | |
38 public static final String LOGIN_SERVLET = "/flys/login"; | |
39 public static final String FLYS_CSS = "/FLYS.css"; | |
40 public static final String MAP_PRINT = "/flys/map-print"; | |
41 public static final String MAPFISH_PRINT = "/flys/mapfish-print/print.pdf"; | |
42 | |
43 | |
44 /** | |
45 * Initialize. | |
46 * | |
47 * Read FilterConfig parameter deactivate | |
48 */ | |
49 @Override | |
50 public void init(FilterConfig config) | |
51 throws ServletException | |
52 { | |
53 String deactivate = config.getInitParameter("deactivate"); | |
54 this.sc = config.getServletContext(); | |
55 logger.debug("GGInAFilter context " + this.sc.getContextPath()); | |
56 this.authmethod = sc.getInitParameter("authentication"); | |
57 this.redirecturl = sc.getInitParameter("redirect-url"); | |
58 if (deactivate != null && deactivate.equalsIgnoreCase("true")) { | |
59 this.deactivate = true; | |
60 } | |
61 | |
62 } | |
63 | |
64 | |
65 /** | |
66 * Called when filter in chain invoked. | |
67 * @param req request to servlet | |
68 * @param resp response of servlet | |
69 * @param chain the filter chain | |
70 */ | |
71 @Override | |
72 public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) | |
73 throws IOException, ServletException | |
74 { | |
75 if (this.deactivate) { | |
76 logger.debug("GGinAFilter is deactivated"); | |
77 chain.doFilter(req, resp); | |
78 return; | |
79 } | |
80 | |
81 HttpServletRequest sreq = (HttpServletRequest) req; | |
82 | |
83 String requesturi = sreq.getRequestURI(); | |
84 for (Enumeration e = req.getAttributeNames() ; e.hasMoreElements() ;) { | |
85 logger.debug(e.nextElement()); | |
86 } | |
87 | |
88 logger.debug("Request for: " + requesturi); | |
89 | |
90 // Allow access to login pages | |
91 // TODO Maybe replace with Filter <url-pattern> | |
92 String path = this.sc.getContextPath(); | |
93 if (requesturi.equals(path + LOGIN_JSP) | |
94 || requesturi.equals(path + LOGIN_SERVLET) | |
95 || requesturi.equals(path + FLYS_CSS) | |
96 || requesturi.equals(path + MAP_PRINT) | |
97 || requesturi.equals(path + MAPFISH_PRINT)) { | |
98 logger.debug("Request for login " + requesturi); | |
99 chain.doFilter(req, resp); | |
100 return; | |
101 } | |
102 | |
103 boolean redirect = false; | |
104 | |
105 HttpSession session = sreq.getSession(); | |
106 | |
107 String uri = path + "/" + this.redirecturl; | |
108 | |
109 /* Redirect if uri is root or redirecturl */ | |
110 if (requesturi.equals(uri) || requesturi.equals(path + "/")) { | |
111 redirect = true; | |
112 } | |
113 | |
114 if (sreq.getQueryString() != null) { | |
115 uri = uri + "?" + sreq.getQueryString(); | |
116 } | |
117 session.setAttribute("requesturi", uri); | |
118 | |
119 User user = (User)session.getAttribute("user"); | |
120 if (user == null) { | |
121 logger.debug("No user in session: " + requesturi); | |
122 this.handleResponse(resp, redirect); | |
123 return; | |
124 } | |
125 if (user.hasExpired()) { | |
126 // try to re-authenticate the user | |
127 logger.debug("User ticket has expired: " + requesturi); | |
128 String encoding = sreq.getCharacterEncoding(); | |
129 try { | |
130 Authentication auth = this.auth(user, encoding); | |
131 if (auth == null || !auth.isSuccess()) { | |
132 logger.debug("Re-athentication not successful"); | |
133 this.handleResponse(resp, redirect); | |
134 } | |
135 } | |
136 catch(AuthenticationException e) { | |
137 logger.error("Failure during re-authentication", e); | |
138 this.handleResponse(resp, redirect); | |
139 return; | |
140 } | |
141 } | |
142 | |
143 chain.doFilter(req, resp); | |
144 return; | |
145 } | |
146 | |
147 private void redirect(ServletResponse resp) throws IOException { | |
148 logger.debug("Redirect to login"); | |
149 ((HttpServletResponse) resp).sendRedirect(this.sc.getContextPath() + | |
150 "/login.jsp"); | |
151 } | |
152 | |
153 private void sendNotAuthenticated(ServletResponse resp) throws IOException { | |
154 logger.debug("Send not authenticated"); | |
155 ((HttpServletResponse)resp).sendError(HttpServletResponse.SC_FORBIDDEN, "User not authenticated"); | |
156 } | |
157 | |
158 private void handleResponse(ServletResponse resp, boolean redirect) throws IOException { | |
159 if (redirect) { | |
160 this.redirect(resp); | |
161 } | |
162 else { | |
163 this.sendNotAuthenticated(resp); | |
164 } | |
165 } | |
166 | |
167 | |
168 /** | |
169 * Do nothing at destruction. | |
170 */ | |
171 @Override | |
172 public void destroy() { | |
173 } | |
174 | |
175 private Authentication auth(User user, String encoding) | |
176 throws AuthenticationException, IOException { | |
177 Features features = (Features)sc.getAttribute(Features.CONTEXT_ATTRIBUTE); | |
178 return AuthenticationFactory.getInstance(this.authmethod).auth( | |
179 user.getName(), user.getPassword(), encoding, features); | |
180 } | |
181 } | |
182 // vim:set ts=4 sw=4 si et sta sts=4 fenc=utf8 : |