Mercurial > dive4elements > river
comparison flys-client/src/main/java/org/dive4elements/river/client/server/filter/GGInAFilter.java @ 5834:f507086aa94b
Repaired internal references.
author | Sascha L. Teichmann <teichmann@intevation.de> |
---|---|
date | Thu, 25 Apr 2013 12:31:32 +0200 |
parents | flys-client/src/main/java/de/intevation/flys/client/server/filter/GGInAFilter.java@8af500d62098 |
children | 821a02bbfb4e |
comparison
equal
deleted
inserted
replaced
5833:a2bdc0f524e8 | 5834:f507086aa94b |
---|---|
1 package de.intevation.flys.client.server.filter; | |
2 | |
3 import de.intevation.flys.client.server.auth.Authentication; | |
4 import de.intevation.flys.client.server.auth.AuthenticationException; | |
5 import de.intevation.flys.client.server.auth.AuthenticationFactory; | |
6 import de.intevation.flys.client.server.auth.User; | |
7 import de.intevation.flys.client.server.features.Features; | |
8 | |
9 import java.io.IOException; | |
10 import java.net.InetAddress; | |
11 import java.net.UnknownHostException; | |
12 import java.util.Enumeration; | |
13 | |
14 import javax.servlet.Filter; | |
15 import javax.servlet.FilterChain; | |
16 import javax.servlet.FilterConfig; | |
17 import javax.servlet.ServletContext; | |
18 import javax.servlet.ServletException; | |
19 import javax.servlet.ServletRequest; | |
20 import javax.servlet.ServletResponse; | |
21 import javax.servlet.http.HttpServletRequest; | |
22 import javax.servlet.http.HttpServletResponse; | |
23 import javax.servlet.http.HttpSession; | |
24 | |
25 import org.apache.log4j.Logger; | |
26 | |
27 | |
28 /** ServletFilter used for GGInA authentification and certain authorisation. */ | |
29 public class GGInAFilter implements Filter { | |
30 | |
31 /** Private logger. */ | |
32 private static Logger logger = Logger.getLogger(GGInAFilter.class); | |
33 | |
34 private boolean deactivate = false; | |
35 private String authmethod; | |
36 private String redirecturl; | |
37 private ServletContext sc; | |
38 | |
39 private static final String LOGIN_JSP = "/login.jsp"; | |
40 private static final String LOGIN_SERVLET = "/flys/login"; | |
41 private static final String FLYS_CSS = "/FLYS.css"; | |
42 | |
43 | |
44 /** | |
45 * Initialize. | |
46 * | |
47 * Read FilterConfig parameter deactivate | |
48 */ | |
49 @Override | |
50 public void init(FilterConfig config) | |
51 throws ServletException | |
52 { | |
53 String deactivate = config.getInitParameter("deactivate"); | |
54 this.sc = config.getServletContext(); | |
55 logger.debug("GGInAFilter context " + this.sc.getContextPath()); | |
56 this.authmethod = sc.getInitParameter("authentication"); | |
57 this.redirecturl = sc.getInitParameter("redirect-url"); | |
58 if (deactivate != null && deactivate.equalsIgnoreCase("true")) { | |
59 this.deactivate = true; | |
60 } | |
61 | |
62 } | |
63 | |
64 | |
65 /** | |
66 * Called when filter in chain invoked. | |
67 * @param req request to servlet | |
68 * @param resp response of servlet | |
69 * @param chain the filter chain | |
70 */ | |
71 @Override | |
72 public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) | |
73 throws IOException, ServletException | |
74 { | |
75 if (this.deactivate) { | |
76 logger.debug("GGinAFilter is deactivated"); | |
77 chain.doFilter(req, resp); | |
78 return; | |
79 } | |
80 | |
81 HttpServletRequest sreq = (HttpServletRequest) req; | |
82 | |
83 String requesturi = sreq.getRequestURI(); | |
84 if (logger.isDebugEnabled()) { | |
85 for (Enumeration e = req.getAttributeNames() ; e.hasMoreElements() ;) { | |
86 logger.debug(e.nextElement()); | |
87 } | |
88 } | |
89 | |
90 logger.debug("Request for: " + requesturi); | |
91 | |
92 // Allow access to localhost | |
93 if (isLocalAddress(req)) { | |
94 logger.debug("Request to localhost"); | |
95 chain.doFilter(req, resp); | |
96 return; | |
97 } | |
98 | |
99 // Allow access to login pages | |
100 String path = this.sc.getContextPath(); | |
101 if (requesturi.equals(path + LOGIN_JSP) | |
102 || requesturi.equals(path + LOGIN_SERVLET) | |
103 || requesturi.equals(path + FLYS_CSS)) { | |
104 logger.debug("Request for login " + requesturi); | |
105 chain.doFilter(req, resp); | |
106 return; | |
107 } | |
108 | |
109 boolean redirect = false; | |
110 | |
111 HttpSession session = sreq.getSession(); | |
112 | |
113 String uri = path + "/" + this.redirecturl; | |
114 | |
115 /* Redirect if uri is root or redirecturl */ | |
116 if (requesturi.equals(uri) || requesturi.equals(path + "/")) { | |
117 redirect = true; | |
118 } | |
119 | |
120 String queryString = sreq.getQueryString(); | |
121 | |
122 if (queryString != null) { | |
123 uri += "?" + queryString; | |
124 } | |
125 session.setAttribute("requesturi", uri); | |
126 | |
127 User user = (User)session.getAttribute("user"); | |
128 if (user == null) { | |
129 logger.debug("No user in session: " + requesturi); | |
130 this.handleResponse(resp, redirect); | |
131 return; | |
132 } | |
133 if (user.hasExpired()) { | |
134 // try to re-authenticate the user | |
135 logger.debug("User ticket has expired: " + requesturi); | |
136 String encoding = sreq.getCharacterEncoding(); | |
137 try { | |
138 Authentication auth = this.auth(user, encoding); | |
139 if (auth == null || !auth.isSuccess()) { | |
140 logger.debug("Re-athentication not successful"); | |
141 this.handleResponse(resp, redirect); | |
142 } | |
143 } | |
144 catch(AuthenticationException e) { | |
145 logger.error("Failure during re-authentication", e); | |
146 this.handleResponse(resp, redirect); | |
147 return; | |
148 } | |
149 } | |
150 | |
151 chain.doFilter(req, resp); | |
152 return; | |
153 } | |
154 | |
155 private void redirect(ServletResponse resp) throws IOException { | |
156 logger.debug("Redirect to login"); | |
157 ((HttpServletResponse) resp).sendRedirect(this.sc.getContextPath() + | |
158 "/login.jsp"); | |
159 } | |
160 | |
161 private void sendNotAuthenticated(ServletResponse resp) throws IOException { | |
162 logger.debug("Send not authenticated"); | |
163 ((HttpServletResponse)resp).sendError(HttpServletResponse.SC_FORBIDDEN, "User not authenticated"); | |
164 } | |
165 | |
166 private void handleResponse(ServletResponse resp, boolean redirect) throws IOException { | |
167 if (redirect) { | |
168 this.redirect(resp); | |
169 } | |
170 else { | |
171 this.sendNotAuthenticated(resp); | |
172 } | |
173 } | |
174 | |
175 | |
176 /** | |
177 * Do nothing at destruction. | |
178 */ | |
179 @Override | |
180 public void destroy() { | |
181 } | |
182 | |
183 private Authentication auth(User user, String encoding) | |
184 throws AuthenticationException, IOException { | |
185 Features features = (Features)sc.getAttribute(Features.CONTEXT_ATTRIBUTE); | |
186 return AuthenticationFactory.getInstance(this.authmethod).auth( | |
187 user.getName(), user.getPassword(), encoding, features); | |
188 } | |
189 | |
190 /** | |
191 * Returns true if the request is from our machine | |
192 * @param req The ServletRequest | |
193 * @return true if the request is from a loopback interface or from one of | |
194 * the interface addresses of the machine | |
195 */ | |
196 private boolean isLocalAddress(ServletRequest req) { | |
197 try { | |
198 InetAddress addr = InetAddress.getByName(req.getRemoteAddr()); | |
199 return addr.isAnyLocalAddress() || addr.isLoopbackAddress(); | |
200 } catch (UnknownHostException e) { | |
201 logger.error(e, e); | |
202 return false; | |
203 } | |
204 } | |
205 } | |
206 // vim:set ts=4 sw=4 si et sta sts=4 fenc=utf8 : |