changeset 2952:3cacd42a0336

Filter all requests to FLYS If a user is not authenticated redirect him to the login.jsp. The GGinAFilter can be deactivated via the web.xml file. flys-client/trunk@4931 c6561f87-3c4e-4783-a992-168aeb5c3f6f
author Bjoern Ricks <bjoern.ricks@intevation.de>
date Wed, 11 Jul 2012 10:57:24 +0000
parents 20ae06d2eeff
children 75e9eab05ee4
files flys-client/ChangeLog flys-client/src/main/java/de/intevation/flys/client/server/GGInAFilter.java
diffstat 2 files changed, 63 insertions(+), 11 deletions(-) [+]
line wrap: on
line diff
--- a/flys-client/ChangeLog	Wed Jul 11 10:38:11 2012 +0000
+++ b/flys-client/ChangeLog	Wed Jul 11 10:57:24 2012 +0000
@@ -1,3 +1,8 @@
+2012-07-11	Björn Ricks	<bjoern.ricks@intevation.de>
+
+	* src/main/java/de/intevation/flys/client/server/GGInAFilter.java:
+	  Redirect a user to the login page if he isn't authenticated.
+
 2012-07-11	Björn Ricks	<bjoern.ricks@intevation.de>
 
 	* src/main/java/de/intevation/flys/client/server/LoginServlet.java,
--- a/flys-client/src/main/java/de/intevation/flys/client/server/GGInAFilter.java	Wed Jul 11 10:38:11 2012 +0000
+++ b/flys-client/src/main/java/de/intevation/flys/client/server/GGInAFilter.java	Wed Jul 11 10:57:24 2012 +0000
@@ -1,6 +1,7 @@
 package de.intevation.flys.client.server;
 
 import java.io.IOException;
+import java.io.InputStream;
 
 import javax.servlet.Filter;
 import javax.servlet.FilterChain;
@@ -9,14 +10,14 @@
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
 
-/*
-import javax.servlet.http.HttpServlet;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
-*/
+import javax.servlet.http.HttpSession;
 
 import org.apache.log4j.Logger;
 
+import de.intevation.flys.client.server.was.User;
+
 
 /** ServletFilter used for GGInA authentification and certain authorisation. */
 public class GGInAFilter implements Filter {
@@ -24,17 +25,23 @@
     /** Private logger. */
     private static Logger logger = Logger.getLogger(GGInAFilter.class);
 
-    public static final String LOG4J_PROPERTIES = "FLYS_CLIENT_LOG4J_PROPERIES";
+    private boolean deactivate = false;
 
 
     /**
      * Initialize.
+     *
+     * Read FilterConfig parameter deactivate
      */
     @Override
     public void init(FilterConfig config)
     throws ServletException
     {
-        System.out.println("GGInAFilter.init");
+        String deactivate = config.getInitParameter("deactivate");
+        if (deactivate != null && deactivate.equals("1")) {
+            this.deactivate = true;
+        }
+
     }
 
 
@@ -48,17 +55,57 @@
     public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain)
     throws IOException, ServletException
     {
-        /*
-        String userAgent = ((HttpServletRequest) req).getHeader("User-Agent");
-        // Redirect
-        ((HttpServletResponse) resp).sendRedirect(this.geh,gina);
-        */
-        System.out.println("GGInAFilter.doFilter");
+        if (this.deactivate) {
+            logger.debug("GGinAFilter is deactivated");
+            chain.doFilter(req, resp);
+            return;
+        }
+
+        HttpServletRequest sreq = (HttpServletRequest) req;
+
+        String requesturi = sreq.getRequestURI();
+
+        logger.debug("Request for: " + requesturi);
+
+        // Allow access to login pages
+        // TODO Maybe replace with Filter <url-pattern>
+        if (requesturi.equals("/login.jsp") || requesturi.equals("/flys/login")
+                || requesturi.equals("/FLYS.css")) {
+            logger.debug("Request for login " + requesturi);
+            chain.doFilter(req, resp);
+            return;
+        }
+
+        HttpSession session = sreq.getSession();
+
+        String uri = requesturi;
+        if (sreq.getQueryString() != null) {
+            uri = uri + "?" + sreq.getQueryString();
+        }
+        session.setAttribute("requesturi", uri);
+
+        User user = (User)session.getAttribute("user");
+        if (user == null) {
+            logger.debug("No user in session: " + requesturi);
+            this.redirect(resp);
+            return;
+        }
+        if (user.hasExpired()) {
+            logger.debug("User ticket has expired: " + requesturi);
+            this.redirect(resp);
+            return;
+        }
+
         logger.debug("GGInAFilter.doFilter");
         chain.doFilter(req, resp);
         return;
     }
 
+    private void redirect(ServletResponse resp) throws IOException {
+        logger.debug("Redirect to login");
+        ((HttpServletResponse) resp).sendRedirect("/login.jsp");
+    }
+
 
     /**
      * Do nothing at destruction.

http://dive4elements.wald.intevation.org