felix@4433: package de.intevation.flys.client.server; felix@4433: felix@4433: import java.io.IOException; felix@4433: import java.util.Enumeration; felix@4433: felix@4433: import javax.servlet.Filter; felix@4433: import javax.servlet.FilterChain; felix@4433: import javax.servlet.FilterConfig; felix@4433: import javax.servlet.ServletContext; felix@4433: import javax.servlet.ServletException; felix@4433: import javax.servlet.ServletRequest; felix@4433: import javax.servlet.ServletResponse; felix@4433: felix@4433: import javax.servlet.http.HttpServletRequest; felix@4433: import javax.servlet.http.HttpServletResponse; felix@4433: import javax.servlet.http.HttpSession; felix@4433: felix@4433: import org.apache.log4j.Logger; felix@4433: felix@4433: import de.intevation.flys.client.server.auth.Authentication; felix@4433: import de.intevation.flys.client.server.auth.AuthenticationException; felix@4433: import de.intevation.flys.client.server.auth.AuthenticationFactory; felix@4433: import de.intevation.flys.client.server.auth.User; felix@4433: import de.intevation.flys.client.server.features.Features; felix@4433: felix@4433: felix@4433: /** ServletFilter used for GGInA authentification and certain authorisation. */ felix@4433: public class GGInAFilter implements Filter { felix@4433: felix@4433: /** Private logger. */ felix@4433: private static Logger logger = Logger.getLogger(GGInAFilter.class); felix@4433: felix@4433: private boolean deactivate = false; felix@4433: private String authmethod; felix@4433: private String redirecturl; felix@4433: private ServletContext sc; felix@4433: felix@4433: public static final String LOGIN_JSP = "/login.jsp"; felix@4433: public static final String LOGIN_SERVLET = "/flys/login"; felix@4433: public static final String FLYS_CSS = "/FLYS.css"; felix@4433: felix@4433: felix@4433: /** felix@4433: * Initialize. felix@4433: * felix@4433: * Read FilterConfig parameter deactivate felix@4433: */ felix@4433: @Override felix@4433: public void init(FilterConfig config) felix@4433: throws ServletException felix@4433: { felix@4433: String deactivate = config.getInitParameter("deactivate"); felix@4433: this.sc = config.getServletContext(); felix@4433: logger.debug("GGInAFilter context " + this.sc.getContextPath()); felix@4433: this.authmethod = sc.getInitParameter("authentication"); felix@4433: this.redirecturl = sc.getInitParameter("redirect-url"); felix@4433: if (deactivate != null && deactivate.equalsIgnoreCase("true")) { felix@4433: this.deactivate = true; felix@4433: } felix@4433: felix@4433: } felix@4433: felix@4433: felix@4433: /** felix@4433: * Called when filter in chain invoked. felix@4433: * @param req request to servlet felix@4433: * @param resp response of servlet felix@4433: * @param chain the filter chain felix@4433: */ felix@4433: @Override felix@4433: public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) felix@4433: throws IOException, ServletException felix@4433: { felix@4433: if (this.deactivate) { felix@4433: logger.debug("GGinAFilter is deactivated"); felix@4433: chain.doFilter(req, resp); felix@4433: return; felix@4433: } felix@4433: felix@4433: HttpServletRequest sreq = (HttpServletRequest) req; felix@4433: felix@4433: String requesturi = sreq.getRequestURI(); felix@4433: for (Enumeration e = req.getAttributeNames() ; e.hasMoreElements() ;) { felix@4433: logger.debug(e.nextElement()); felix@4433: } felix@4433: felix@4433: logger.debug("Request for: " + requesturi); felix@4433: felix@4433: // Allow access to login pages felix@4433: // TODO Maybe replace with Filter felix@4433: String path = this.sc.getContextPath(); felix@4433: if (requesturi.equals(path + "/login.jsp") || felix@4433: requesturi.equals(path + "/flys/login") felix@4433: || requesturi.equals(path + "/FLYS.css")) { felix@4433: logger.debug("Request for login " + requesturi); felix@4433: chain.doFilter(req, resp); felix@4433: return; felix@4433: } felix@4433: felix@4433: boolean redirect = false; felix@4433: felix@4433: HttpSession session = sreq.getSession(); felix@4433: felix@4433: String uri = path + "/" + this.redirecturl; felix@4433: felix@4433: /* Redirect if uri is root or redirecturl */ felix@4433: if (requesturi.equals(uri) || requesturi.equals(path + "/")) { felix@4433: redirect = true; felix@4433: } felix@4433: felix@4433: if (sreq.getQueryString() != null) { felix@4433: uri = uri + "?" + sreq.getQueryString(); felix@4433: } felix@4433: session.setAttribute("requesturi", uri); felix@4433: felix@4433: User user = (User)session.getAttribute("user"); felix@4433: if (user == null) { felix@4433: logger.debug("No user in session: " + requesturi); felix@4433: this.handleResponse(resp, redirect); felix@4433: return; felix@4433: } felix@4433: if (user.hasExpired()) { felix@4433: // try to re-authenticate the user felix@4433: logger.debug("User ticket has expired: " + requesturi); felix@4433: String encoding = sreq.getCharacterEncoding(); felix@4433: try { felix@4433: Authentication auth = this.auth(user, encoding); felix@4433: if (auth == null || !auth.isSuccess()) { felix@4433: logger.debug("Re-athentication not successful"); felix@4433: this.handleResponse(resp, redirect); felix@4433: } felix@4433: } felix@4433: catch(AuthenticationException e) { felix@4433: logger.error("Failure during re-authentication", e); felix@4433: this.handleResponse(resp, redirect); felix@4433: return; felix@4433: } felix@4433: } felix@4433: felix@4433: logger.debug("GGInAFilter.doFilter"); felix@4433: chain.doFilter(req, resp); felix@4433: return; felix@4433: } felix@4433: felix@4433: private void redirect(ServletResponse resp) throws IOException { felix@4433: logger.debug("Redirect to login"); felix@4433: ((HttpServletResponse) resp).sendRedirect(this.sc.getContextPath() + felix@4433: "/login.jsp"); felix@4433: } felix@4433: felix@4433: private void sendNotAuthenticated(ServletResponse resp) throws IOException { felix@4433: logger.debug("Send not authenticated"); felix@4433: ((HttpServletResponse)resp).sendError(HttpServletResponse.SC_FORBIDDEN, "User not authenticated"); felix@4433: } felix@4433: felix@4433: private void handleResponse(ServletResponse resp, boolean redirect) throws IOException { felix@4433: if (redirect) { felix@4433: this.redirect(resp); felix@4433: } felix@4433: else { felix@4433: this.sendNotAuthenticated(resp); felix@4433: } felix@4433: } felix@4433: felix@4433: felix@4433: /** felix@4433: * Do nothing at destruction. felix@4433: */ felix@4433: @Override felix@4433: public void destroy() { felix@4433: } felix@4433: felix@4433: private Authentication auth(User user, String encoding) felix@4433: throws AuthenticationException, IOException { felix@4433: Features features = (Features)sc.getAttribute(Features.CONTEXT_ATTRIBUTE); felix@4433: return AuthenticationFactory.getInstance(this.authmethod).auth( felix@4433: user.getName(), user.getPassword(), encoding, features); felix@4433: } felix@4433: } felix@4433: // vim:set ts=4 sw=4 si et sta sts=4 fenc=utf8 :