bjoern@4423: package de.intevation.flys.client.server.filter; felix@2889: felix@2889: import java.io.IOException; bjoern@3485: import java.util.Enumeration; felix@2889: felix@2889: import javax.servlet.Filter; felix@2889: import javax.servlet.FilterChain; felix@2889: import javax.servlet.FilterConfig; bjoern@3485: import javax.servlet.ServletContext; felix@2889: import javax.servlet.ServletException; felix@2889: import javax.servlet.ServletRequest; felix@2889: import javax.servlet.ServletResponse; sascha@2893: felix@2889: import javax.servlet.http.HttpServletRequest; felix@2889: import javax.servlet.http.HttpServletResponse; bjoern@2952: import javax.servlet.http.HttpSession; felix@2889: felix@2889: import org.apache.log4j.Logger; felix@2889: bjoern@2974: import de.intevation.flys.client.server.auth.Authentication; bjoern@2974: import de.intevation.flys.client.server.auth.AuthenticationException; bjoern@2974: import de.intevation.flys.client.server.auth.AuthenticationFactory; sascha@2964: import de.intevation.flys.client.server.auth.User; bjoern@3485: import de.intevation.flys.client.server.features.Features; bjoern@2952: felix@2889: felix@2889: /** ServletFilter used for GGInA authentification and certain authorisation. */ felix@2889: public class GGInAFilter implements Filter { felix@2889: felix@2889: /** Private logger. */ felix@2889: private static Logger logger = Logger.getLogger(GGInAFilter.class); felix@2889: bjoern@2952: private boolean deactivate = false; bjoern@2974: private String authmethod; bjoern@4194: private String redirecturl; bjoern@3485: private ServletContext sc; felix@2889: bjoern@3851: public static final String LOGIN_JSP = "/login.jsp"; bjoern@3851: public static final String LOGIN_SERVLET = "/flys/login"; bjoern@3851: public static final String FLYS_CSS = "/FLYS.css"; bjoern@3851: felix@2889: felix@2889: /** felix@2889: * Initialize. bjoern@2952: * bjoern@2952: * Read FilterConfig parameter deactivate felix@2889: */ felix@2889: @Override felix@2889: public void init(FilterConfig config) felix@2889: throws ServletException felix@2889: { bjoern@2952: String deactivate = config.getInitParameter("deactivate"); bjoern@3485: this.sc = config.getServletContext(); bjoern@3851: logger.debug("GGInAFilter context " + this.sc.getContextPath()); bjoern@3485: this.authmethod = sc.getInitParameter("authentication"); bjoern@4194: this.redirecturl = sc.getInitParameter("redirect-url"); bjoern@2955: if (deactivate != null && deactivate.equalsIgnoreCase("true")) { bjoern@2952: this.deactivate = true; bjoern@2952: } bjoern@2952: felix@2889: } felix@2889: felix@2889: felix@2889: /** felix@2889: * Called when filter in chain invoked. felix@2889: * @param req request to servlet felix@2889: * @param resp response of servlet felix@2889: * @param chain the filter chain felix@2889: */ felix@2889: @Override felix@2889: public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) felix@2889: throws IOException, ServletException felix@2889: { bjoern@2952: if (this.deactivate) { bjoern@2952: logger.debug("GGinAFilter is deactivated"); bjoern@2952: chain.doFilter(req, resp); bjoern@2952: return; bjoern@2952: } bjoern@2952: bjoern@2952: HttpServletRequest sreq = (HttpServletRequest) req; bjoern@2952: bjoern@2952: String requesturi = sreq.getRequestURI(); bjoern@3485: for (Enumeration e = req.getAttributeNames() ; e.hasMoreElements() ;) { bjoern@3485: logger.debug(e.nextElement()); bjoern@3485: } bjoern@2952: bjoern@2952: logger.debug("Request for: " + requesturi); bjoern@2952: bjoern@2952: // Allow access to login pages bjoern@2952: // TODO Maybe replace with Filter bjoern@3851: String path = this.sc.getContextPath(); bjoern@3851: if (requesturi.equals(path + "/login.jsp") || bjoern@3851: requesturi.equals(path + "/flys/login") bjoern@3851: || requesturi.equals(path + "/FLYS.css")) { bjoern@2952: logger.debug("Request for login " + requesturi); bjoern@2952: chain.doFilter(req, resp); bjoern@2952: return; bjoern@2952: } bjoern@2952: bjoern@4196: boolean redirect = false; bjoern@4196: bjoern@2952: HttpSession session = sreq.getSession(); bjoern@2952: bjoern@4195: String uri = path + "/" + this.redirecturl; bjoern@4194: bjoern@4228: /* Redirect if uri is root or redirecturl */ bjoern@4228: if (requesturi.equals(uri) || requesturi.equals(path + "/")) { bjoern@4196: redirect = true; bjoern@4196: } bjoern@4196: bjoern@2952: if (sreq.getQueryString() != null) { bjoern@2952: uri = uri + "?" + sreq.getQueryString(); bjoern@2952: } bjoern@2952: session.setAttribute("requesturi", uri); bjoern@2952: bjoern@2952: User user = (User)session.getAttribute("user"); bjoern@2952: if (user == null) { bjoern@2952: logger.debug("No user in session: " + requesturi); bjoern@4196: this.handleResponse(resp, redirect); bjoern@2952: return; bjoern@2952: } bjoern@2952: if (user.hasExpired()) { bjoern@2974: // try to re-authenticate the user bjoern@2952: logger.debug("User ticket has expired: " + requesturi); bjoern@2974: String encoding = sreq.getCharacterEncoding(); bjoern@2974: try { bjoern@2974: Authentication auth = this.auth(user, encoding); bjoern@2974: if (auth == null || !auth.isSuccess()) { bjoern@2974: logger.debug("Re-athentication not successful"); bjoern@4196: this.handleResponse(resp, redirect); bjoern@2974: } bjoern@2974: } bjoern@2974: catch(AuthenticationException e) { bjoern@2974: logger.error("Failure during re-authentication", e); bjoern@4196: this.handleResponse(resp, redirect); bjoern@2974: return; bjoern@2974: } bjoern@2952: } bjoern@2952: felix@2889: chain.doFilter(req, resp); felix@2889: return; felix@2889: } felix@2889: bjoern@2952: private void redirect(ServletResponse resp) throws IOException { bjoern@2952: logger.debug("Redirect to login"); bjoern@3851: ((HttpServletResponse) resp).sendRedirect(this.sc.getContextPath() + bjoern@3851: "/login.jsp"); bjoern@2952: } bjoern@2952: bjoern@4196: private void sendNotAuthenticated(ServletResponse resp) throws IOException { bjoern@4196: logger.debug("Send not authenticated"); bjoern@4196: ((HttpServletResponse)resp).sendError(HttpServletResponse.SC_FORBIDDEN, "User not authenticated"); bjoern@4196: } bjoern@4196: bjoern@4196: private void handleResponse(ServletResponse resp, boolean redirect) throws IOException { bjoern@4196: if (redirect) { bjoern@4196: this.redirect(resp); bjoern@4196: } bjoern@4196: else { bjoern@4196: this.sendNotAuthenticated(resp); bjoern@4196: } bjoern@4196: } bjoern@4196: felix@2889: felix@2889: /** felix@2889: * Do nothing at destruction. felix@2889: */ felix@2889: @Override felix@2889: public void destroy() { felix@2889: } bjoern@2974: bjoern@2974: private Authentication auth(User user, String encoding) bjoern@2974: throws AuthenticationException, IOException { bjoern@3485: Features features = (Features)sc.getAttribute(Features.CONTEXT_ATTRIBUTE); bjoern@2974: return AuthenticationFactory.getInstance(this.authmethod).auth( bjoern@3485: user.getName(), user.getPassword(), encoding, features); bjoern@2974: } felix@2889: } felix@2889: // vim:set ts=4 sw=4 si et sta sts=4 fenc=utf8 :