Mercurial > dive4elements > river
view flys-client/src/main/java/de/intevation/flys/client/server/filter/GGInAFilter.java @ 4488:5041105d2edd
Check if response code from GGInA is 200 OK
Only parse the GGInA response if the status code is 200 OK. This improves the
error message if GGInA is not available and shows the real reason instead of a
JDOM error while parsing the response.
author | Björn Ricks <bjoern.ricks@intevation.de> |
---|---|
date | Wed, 14 Nov 2012 10:36:21 +0100 |
parents | 9fca4d60fb7c |
children | 9a2432485371 |
line wrap: on
line source
package de.intevation.flys.client.server.filter; import de.intevation.flys.client.server.auth.Authentication; import de.intevation.flys.client.server.auth.AuthenticationException; import de.intevation.flys.client.server.auth.AuthenticationFactory; import de.intevation.flys.client.server.auth.User; import de.intevation.flys.client.server.features.Features; import java.io.IOException; import java.util.Enumeration; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import org.apache.log4j.Logger; /** ServletFilter used for GGInA authentification and certain authorisation. */ public class GGInAFilter implements Filter { /** Private logger. */ private static Logger logger = Logger.getLogger(GGInAFilter.class); private boolean deactivate = false; private String authmethod; private String redirecturl; private ServletContext sc; public static final String LOGIN_JSP = "/login.jsp"; public static final String LOGIN_SERVLET = "/flys/login"; public static final String FLYS_CSS = "/FLYS.css"; public static final String MAP_PRINT = "/flys/map-print"; public static final String MAPFISH_PRINT = "/flys/mapfish-print/print.pdf"; /** * Initialize. * * Read FilterConfig parameter deactivate */ @Override public void init(FilterConfig config) throws ServletException { String deactivate = config.getInitParameter("deactivate"); this.sc = config.getServletContext(); logger.debug("GGInAFilter context " + this.sc.getContextPath()); this.authmethod = sc.getInitParameter("authentication"); this.redirecturl = sc.getInitParameter("redirect-url"); if (deactivate != null && deactivate.equalsIgnoreCase("true")) { this.deactivate = true; } } /** * Called when filter in chain invoked. * @param req request to servlet * @param resp response of servlet * @param chain the filter chain */ @Override public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws IOException, ServletException { if (this.deactivate) { logger.debug("GGinAFilter is deactivated"); chain.doFilter(req, resp); return; } HttpServletRequest sreq = (HttpServletRequest) req; String requesturi = sreq.getRequestURI(); for (Enumeration e = req.getAttributeNames() ; e.hasMoreElements() ;) { logger.debug(e.nextElement()); } logger.debug("Request for: " + requesturi); // Allow access to login pages // TODO Maybe replace with Filter <url-pattern> String path = this.sc.getContextPath(); if (requesturi.equals(path + LOGIN_JSP) || requesturi.equals(path + LOGIN_SERVLET) || requesturi.equals(path + FLYS_CSS) || requesturi.equals(path + MAP_PRINT) || requesturi.equals(path + MAPFISH_PRINT)) { logger.debug("Request for login " + requesturi); chain.doFilter(req, resp); return; } boolean redirect = false; HttpSession session = sreq.getSession(); String uri = path + "/" + this.redirecturl; /* Redirect if uri is root or redirecturl */ if (requesturi.equals(uri) || requesturi.equals(path + "/")) { redirect = true; } if (sreq.getQueryString() != null) { uri = uri + "?" + sreq.getQueryString(); } session.setAttribute("requesturi", uri); User user = (User)session.getAttribute("user"); if (user == null) { logger.debug("No user in session: " + requesturi); this.handleResponse(resp, redirect); return; } if (user.hasExpired()) { // try to re-authenticate the user logger.debug("User ticket has expired: " + requesturi); String encoding = sreq.getCharacterEncoding(); try { Authentication auth = this.auth(user, encoding); if (auth == null || !auth.isSuccess()) { logger.debug("Re-athentication not successful"); this.handleResponse(resp, redirect); } } catch(AuthenticationException e) { logger.error("Failure during re-authentication", e); this.handleResponse(resp, redirect); return; } } chain.doFilter(req, resp); return; } private void redirect(ServletResponse resp) throws IOException { logger.debug("Redirect to login"); ((HttpServletResponse) resp).sendRedirect(this.sc.getContextPath() + "/login.jsp"); } private void sendNotAuthenticated(ServletResponse resp) throws IOException { logger.debug("Send not authenticated"); ((HttpServletResponse)resp).sendError(HttpServletResponse.SC_FORBIDDEN, "User not authenticated"); } private void handleResponse(ServletResponse resp, boolean redirect) throws IOException { if (redirect) { this.redirect(resp); } else { this.sendNotAuthenticated(resp); } } /** * Do nothing at destruction. */ @Override public void destroy() { } private Authentication auth(User user, String encoding) throws AuthenticationException, IOException { Features features = (Features)sc.getAttribute(Features.CONTEXT_ATTRIBUTE); return AuthenticationFactory.getInstance(this.authmethod).auth( user.getName(), user.getPassword(), encoding, features); } } // vim:set ts=4 sw=4 si et sta sts=4 fenc=utf8 :