Mercurial > dive4elements > river

comparison flys-client/src/main/java/de/intevation/flys/client/server/GGInAFilter.java @ 4196:e10d60d4f35b

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Don't always redirect if user isn't authenticated Only redirect a user if he is accessing the redirect url (FLYS.html by default). In other cases only send a 403 Forbidden to indicate that a user isn't allowed to access the url. Should improve flys/issue856 (Timeout in der Authentifizierung führt zu Fehlern)
author Björn Ricks <bjoern.ricks@intevation.de>
date Mon, 22 Oct 2012 10:35:49 +0200
parents 93b53eaee401
children fcdc0d2fdf8f
comparison
equal deleted inserted replaced
4195:93b53eaee401 4196:e10d60d4f35b
95 logger.debug("Request for login " + requesturi); 95 logger.debug("Request for login " + requesturi);
96 chain.doFilter(req, resp); 96 chain.doFilter(req, resp);
97 return; 97 return;
98 } 98 }
99 99
100 boolean redirect = false;
101
100 HttpSession session = sreq.getSession(); 102 HttpSession session = sreq.getSession();
101 103
102 String uri = path + "/" + this.redirecturl; 104 String uri = path + "/" + this.redirecturl;
105
106 if (requesturi.equals(uri)) {
107 redirect = true;
108 }
103 109
104 if (sreq.getQueryString() != null) { 110 if (sreq.getQueryString() != null) {
105 uri = uri + "?" + sreq.getQueryString(); 111 uri = uri + "?" + sreq.getQueryString();
106 } 112 }
107 session.setAttribute("requesturi", uri); 113 session.setAttribute("requesturi", uri);
108 114
109 User user = (User)session.getAttribute("user"); 115 User user = (User)session.getAttribute("user");
110 if (user == null) { 116 if (user == null) {
111 logger.debug("No user in session: " + requesturi); 117 logger.debug("No user in session: " + requesturi);
112 this.redirect(resp); 118 this.handleResponse(resp, redirect);
113 return; 119 return;
114 } 120 }
115 if (user.hasExpired()) { 121 if (user.hasExpired()) {
116 // try to re-authenticate the user 122 // try to re-authenticate the user
117 logger.debug("User ticket has expired: " + requesturi); 123 logger.debug("User ticket has expired: " + requesturi);
118 String encoding = sreq.getCharacterEncoding(); 124 String encoding = sreq.getCharacterEncoding();
119 try { 125 try {
120 Authentication auth = this.auth(user, encoding); 126 Authentication auth = this.auth(user, encoding);
121 if (auth == null || !auth.isSuccess()) { 127 if (auth == null || !auth.isSuccess()) {
122 logger.debug("Re-athentication not successful"); 128 logger.debug("Re-athentication not successful");
123 this.redirect(resp); 129 this.handleResponse(resp, redirect);
124 } 130 }
125 } 131 }
126 catch(AuthenticationException e) { 132 catch(AuthenticationException e) {
127 logger.error("Failure during re-authentication", e); 133 logger.error("Failure during re-authentication", e);
128 this.redirect(resp); 134 this.handleResponse(resp, redirect);
129 return; 135 return;
130 } 136 }
131 } 137 }
132 138
133 logger.debug("GGInAFilter.doFilter"); 139 logger.debug("GGInAFilter.doFilter");
137 143
138 private void redirect(ServletResponse resp) throws IOException { 144 private void redirect(ServletResponse resp) throws IOException {
139 logger.debug("Redirect to login"); 145 logger.debug("Redirect to login");
140 ((HttpServletResponse) resp).sendRedirect(this.sc.getContextPath() + 146 ((HttpServletResponse) resp).sendRedirect(this.sc.getContextPath() +
141 "/login.jsp"); 147 "/login.jsp");
148 }
149
150 private void sendNotAuthenticated(ServletResponse resp) throws IOException {
151 logger.debug("Send not authenticated");
152 ((HttpServletResponse)resp).sendError(HttpServletResponse.SC_FORBIDDEN, "User not authenticated");
153 }
154
155 private void handleResponse(ServletResponse resp, boolean redirect) throws IOException {
156 if (redirect) {
157 this.redirect(resp);
158 }
159 else {
160 this.sendNotAuthenticated(resp);
161 }
142 } 162 }
143 163
144 164
145 /** 165 /**
146 * Do nothing at destruction. 166 * Do nothing at destruction.
http://dive4elements.wald.intevation.org