Mercurial > dive4elements > river
comparison flys-client/src/main/java/de/intevation/flys/client/server/GGInAFilter.java @ 4196:e10d60d4f35b
Don't always redirect if user isn't authenticated
Only redirect a user if he is accessing the redirect url (FLYS.html by default).
In other cases only send a 403 Forbidden to indicate that a user isn't allowed
to access the url.
Should improve flys/issue856 (Timeout in der Authentifizierung führt zu Fehlern)
author | Björn Ricks <bjoern.ricks@intevation.de> |
---|---|
date | Mon, 22 Oct 2012 10:35:49 +0200 |
parents | 93b53eaee401 |
children | fcdc0d2fdf8f |
comparison
equal
deleted
inserted
replaced
4195:93b53eaee401 | 4196:e10d60d4f35b |
---|---|
95 logger.debug("Request for login " + requesturi); | 95 logger.debug("Request for login " + requesturi); |
96 chain.doFilter(req, resp); | 96 chain.doFilter(req, resp); |
97 return; | 97 return; |
98 } | 98 } |
99 | 99 |
100 boolean redirect = false; | |
101 | |
100 HttpSession session = sreq.getSession(); | 102 HttpSession session = sreq.getSession(); |
101 | 103 |
102 String uri = path + "/" + this.redirecturl; | 104 String uri = path + "/" + this.redirecturl; |
105 | |
106 if (requesturi.equals(uri)) { | |
107 redirect = true; | |
108 } | |
103 | 109 |
104 if (sreq.getQueryString() != null) { | 110 if (sreq.getQueryString() != null) { |
105 uri = uri + "?" + sreq.getQueryString(); | 111 uri = uri + "?" + sreq.getQueryString(); |
106 } | 112 } |
107 session.setAttribute("requesturi", uri); | 113 session.setAttribute("requesturi", uri); |
108 | 114 |
109 User user = (User)session.getAttribute("user"); | 115 User user = (User)session.getAttribute("user"); |
110 if (user == null) { | 116 if (user == null) { |
111 logger.debug("No user in session: " + requesturi); | 117 logger.debug("No user in session: " + requesturi); |
112 this.redirect(resp); | 118 this.handleResponse(resp, redirect); |
113 return; | 119 return; |
114 } | 120 } |
115 if (user.hasExpired()) { | 121 if (user.hasExpired()) { |
116 // try to re-authenticate the user | 122 // try to re-authenticate the user |
117 logger.debug("User ticket has expired: " + requesturi); | 123 logger.debug("User ticket has expired: " + requesturi); |
118 String encoding = sreq.getCharacterEncoding(); | 124 String encoding = sreq.getCharacterEncoding(); |
119 try { | 125 try { |
120 Authentication auth = this.auth(user, encoding); | 126 Authentication auth = this.auth(user, encoding); |
121 if (auth == null || !auth.isSuccess()) { | 127 if (auth == null || !auth.isSuccess()) { |
122 logger.debug("Re-athentication not successful"); | 128 logger.debug("Re-athentication not successful"); |
123 this.redirect(resp); | 129 this.handleResponse(resp, redirect); |
124 } | 130 } |
125 } | 131 } |
126 catch(AuthenticationException e) { | 132 catch(AuthenticationException e) { |
127 logger.error("Failure during re-authentication", e); | 133 logger.error("Failure during re-authentication", e); |
128 this.redirect(resp); | 134 this.handleResponse(resp, redirect); |
129 return; | 135 return; |
130 } | 136 } |
131 } | 137 } |
132 | 138 |
133 logger.debug("GGInAFilter.doFilter"); | 139 logger.debug("GGInAFilter.doFilter"); |
137 | 143 |
138 private void redirect(ServletResponse resp) throws IOException { | 144 private void redirect(ServletResponse resp) throws IOException { |
139 logger.debug("Redirect to login"); | 145 logger.debug("Redirect to login"); |
140 ((HttpServletResponse) resp).sendRedirect(this.sc.getContextPath() + | 146 ((HttpServletResponse) resp).sendRedirect(this.sc.getContextPath() + |
141 "/login.jsp"); | 147 "/login.jsp"); |
148 } | |
149 | |
150 private void sendNotAuthenticated(ServletResponse resp) throws IOException { | |
151 logger.debug("Send not authenticated"); | |
152 ((HttpServletResponse)resp).sendError(HttpServletResponse.SC_FORBIDDEN, "User not authenticated"); | |
153 } | |
154 | |
155 private void handleResponse(ServletResponse resp, boolean redirect) throws IOException { | |
156 if (redirect) { | |
157 this.redirect(resp); | |
158 } | |
159 else { | |
160 this.sendNotAuthenticated(resp); | |
161 } | |
142 } | 162 } |
143 | 163 |
144 | 164 |
145 /** | 165 /** |
146 * Do nothing at destruction. | 166 * Do nothing at destruction. |