Mercurial > dive4elements > river

comparison flys-client/src/main/java/org/dive4elements/river/client/server/filter/GGInAFilter.java @ 5834:f507086aa94b

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Repaired internal references.
author Sascha L. Teichmann <teichmann@intevation.de>
date Thu, 25 Apr 2013 12:31:32 +0200
parents flys-client/src/main/java/de/intevation/flys/client/server/filter/GGInAFilter.java@8af500d62098
children 821a02bbfb4e
comparison
equal deleted inserted replaced
5833:a2bdc0f524e8 5834:f507086aa94b
1 package de.intevation.flys.client.server.filter;
2
3 import de.intevation.flys.client.server.auth.Authentication;
4 import de.intevation.flys.client.server.auth.AuthenticationException;
5 import de.intevation.flys.client.server.auth.AuthenticationFactory;
6 import de.intevation.flys.client.server.auth.User;
7 import de.intevation.flys.client.server.features.Features;
8
9 import java.io.IOException;
10 import java.net.InetAddress;
11 import java.net.UnknownHostException;
12 import java.util.Enumeration;
13
14 import javax.servlet.Filter;
15 import javax.servlet.FilterChain;
16 import javax.servlet.FilterConfig;
17 import javax.servlet.ServletContext;
18 import javax.servlet.ServletException;
19 import javax.servlet.ServletRequest;
20 import javax.servlet.ServletResponse;
21 import javax.servlet.http.HttpServletRequest;
22 import javax.servlet.http.HttpServletResponse;
23 import javax.servlet.http.HttpSession;
24
25 import org.apache.log4j.Logger;
26
27
28 /** ServletFilter used for GGInA authentification and certain authorisation. */
29 public class GGInAFilter implements Filter {
30
31 /** Private logger. */
32 private static Logger logger = Logger.getLogger(GGInAFilter.class);
33
34 private boolean deactivate = false;
35 private String authmethod;
36 private String redirecturl;
37 private ServletContext sc;
38
39 private static final String LOGIN_JSP = "/login.jsp";
40 private static final String LOGIN_SERVLET = "/flys/login";
41 private static final String FLYS_CSS = "/FLYS.css";
42
43
44 /**
45 * Initialize.
46 *
47 * Read FilterConfig parameter deactivate
48 */
49 @Override
50 public void init(FilterConfig config)
51 throws ServletException
52 {
53 String deactivate = config.getInitParameter("deactivate");
54 this.sc = config.getServletContext();
55 logger.debug("GGInAFilter context " + this.sc.getContextPath());
56 this.authmethod = sc.getInitParameter("authentication");
57 this.redirecturl = sc.getInitParameter("redirect-url");
58 if (deactivate != null && deactivate.equalsIgnoreCase("true")) {
59 this.deactivate = true;
60 }
61
62 }
63
64
65 /**
66 * Called when filter in chain invoked.
67 * @param req request to servlet
68 * @param resp response of servlet
69 * @param chain the filter chain
70 */
71 @Override
72 public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain)
73 throws IOException, ServletException
74 {
75 if (this.deactivate) {
76 logger.debug("GGinAFilter is deactivated");
77 chain.doFilter(req, resp);
78 return;
79 }
80
81 HttpServletRequest sreq = (HttpServletRequest) req;
82
83 String requesturi = sreq.getRequestURI();
84 if (logger.isDebugEnabled()) {
85 for (Enumeration e = req.getAttributeNames() ; e.hasMoreElements() ;) {
86 logger.debug(e.nextElement());
87 }
88 }
89
90 logger.debug("Request for: " + requesturi);
91
92 // Allow access to localhost
93 if (isLocalAddress(req)) {
94 logger.debug("Request to localhost");
95 chain.doFilter(req, resp);
96 return;
97 }
98
99 // Allow access to login pages
100 String path = this.sc.getContextPath();
101 if (requesturi.equals(path + LOGIN_JSP)
102 || requesturi.equals(path + LOGIN_SERVLET)
103 || requesturi.equals(path + FLYS_CSS)) {
104 logger.debug("Request for login " + requesturi);
105 chain.doFilter(req, resp);
106 return;
107 }
108
109 boolean redirect = false;
110
111 HttpSession session = sreq.getSession();
112
113 String uri = path + "/" + this.redirecturl;
114
115 /* Redirect if uri is root or redirecturl */
116 if (requesturi.equals(uri) || requesturi.equals(path + "/")) {
117 redirect = true;
118 }
119
120 String queryString = sreq.getQueryString();
121
122 if (queryString != null) {
123 uri += "?" + queryString;
124 }
125 session.setAttribute("requesturi", uri);
126
127 User user = (User)session.getAttribute("user");
128 if (user == null) {
129 logger.debug("No user in session: " + requesturi);
130 this.handleResponse(resp, redirect);
131 return;
132 }
133 if (user.hasExpired()) {
134 // try to re-authenticate the user
135 logger.debug("User ticket has expired: " + requesturi);
136 String encoding = sreq.getCharacterEncoding();
137 try {
138 Authentication auth = this.auth(user, encoding);
139 if (auth == null || !auth.isSuccess()) {
140 logger.debug("Re-athentication not successful");
141 this.handleResponse(resp, redirect);
142 }
143 }
144 catch(AuthenticationException e) {
145 logger.error("Failure during re-authentication", e);
146 this.handleResponse(resp, redirect);
147 return;
148 }
149 }
150
151 chain.doFilter(req, resp);
152 return;
153 }
154
155 private void redirect(ServletResponse resp) throws IOException {
156 logger.debug("Redirect to login");
157 ((HttpServletResponse) resp).sendRedirect(this.sc.getContextPath() +
158 "/login.jsp");
159 }
160
161 private void sendNotAuthenticated(ServletResponse resp) throws IOException {
162 logger.debug("Send not authenticated");
163 ((HttpServletResponse)resp).sendError(HttpServletResponse.SC_FORBIDDEN, "User not authenticated");
164 }
165
166 private void handleResponse(ServletResponse resp, boolean redirect) throws IOException {
167 if (redirect) {
168 this.redirect(resp);
169 }
170 else {
171 this.sendNotAuthenticated(resp);
172 }
173 }
174
175
176 /**
177 * Do nothing at destruction.
178 */
179 @Override
180 public void destroy() {
181 }
182
183 private Authentication auth(User user, String encoding)
184 throws AuthenticationException, IOException {
185 Features features = (Features)sc.getAttribute(Features.CONTEXT_ATTRIBUTE);
186 return AuthenticationFactory.getInstance(this.authmethod).auth(
187 user.getName(), user.getPassword(), encoding, features);
188 }
189
190 /**
191 * Returns true if the request is from our machine
192 * @param req The ServletRequest
193 * @return true if the request is from a loopback interface or from one of
194 * the interface addresses of the machine
195 */
196 private boolean isLocalAddress(ServletRequest req) {
197 try {
198 InetAddress addr = InetAddress.getByName(req.getRemoteAddr());
199 return addr.isAnyLocalAddress() || addr.isLoopbackAddress();
200 } catch (UnknownHostException e) {
201 logger.error(e, e);
202 return false;
203 }
204 }
205 }
206 // vim:set ts=4 sw=4 si et sta sts=4 fenc=utf8 :
http://dive4elements.wald.intevation.org