CustomExceptionTranslationFilter


1   /*
2    *  Copyright 2004 Blandware (http://www.blandware.com)
3    *
4    *  Licensed under the Apache License, Version 2.0 (the "License");
5    *  you may not use this file except in compliance with the License.
6    *  You may obtain a copy of the License at
7    *
8    *      http://www.apache.org/licenses/LICENSE-2.0
9    *
10   *  Unless required by applicable law or agreed to in writing, software
11   *  distributed under the License is distributed on an "AS IS" BASIS,
12   *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   *  See the License for the specific language governing permissions and
14   *  limitations under the License.
15   */
16  package com.blandware.atleap.webapp.acegi;
17  
18  import org.acegisecurity.AuthenticationException;
19  import org.acegisecurity.context.SecurityContextHolder;
20  import org.acegisecurity.intercept.web.FilterInvocation;
21  import org.acegisecurity.ui.ExceptionTranslationFilter;
22  import org.apache.commons.logging.Log;
23  import org.apache.commons.logging.LogFactory;
24  
25  import javax.servlet.FilterChain  ;
26  import javax.servlet.ServletException  ;
27  import javax.servlet.ServletRequest  ;
28  import javax.servlet.ServletResponse  ;
29  import javax.servlet.http.HttpServletRequest  ;
30  import javax.servlet.http.HttpServletResponse  ;
31  import java.io.IOException  ;
32  
33  /**
34   * <p>This class provides specialized method to save original request into session.</p>
35   * <p><a HREF="CustomExceptionTranslationFilter.java.htm"><i>View Source</i></a></p>
36   *
37   * @author Andrey Grebnev <a HREF="mailto:andrey.grebnev@blandware.com">&lt;andrey.grebnev@blandware.com&gt;</a>
38   * @version $Revision: 1.2 $ $Date: 2006/03/12 08:46:05 $
39   * @web.filter name="exceptionTranslationFilter"
40   */
41  public class CustomExceptionTranslationFilter extends ExceptionTranslationFilter {
42  
43      public static final String   SAVED_REQUEST_SESSION_ATTRIBUTE = "com.blandware.atleap.webapp.acegi.SAVED_REQUEST_SESSION_ATTRIBUTE";
44      protected boolean createSessionAllowed = true;
45  
46      /**
47       * Overridden method in order to save request into session
48       * @param request
49       * @param response
50       * @param chain
51       * @param reason
52       * @throws ServletException
53       * @throws IOException
54       */
55      protected void sendStartAuthentication(ServletRequest   request,
56              ServletResponse   response, FilterChain   chain,
57              AuthenticationException reason) throws ServletException  , IOException   {
58          HttpServletRequest   httpRequest = (HttpServletRequest  ) request;
59  
60          if (createSessionAllowed) {
61              httpRequest.getSession().setAttribute(SAVED_REQUEST_SESSION_ATTRIBUTE, SavedRequest.saveRequest(httpRequest));
62          }
63  
64          // SEC-112: Clear the SecurityContextHolder's Authentication, as the
65          // existing Authentication is no longer considered valid
66          SecurityContextHolder.getContext().setAuthentication(null);
67  
68          getAuthenticationEntryPoint().commence(httpRequest,
69              (HttpServletResponse  ) response, reason);
70      }
71  
72      /**
73       * If <code>true</code>, indicates that
74       * <code>SecurityEnforcementFilter</code> is permitted to store the target
75       * URL and exception information in the <code>HttpSession</code> (the
76       * default). In situations where you do not wish to unnecessarily create
77       * <code>HttpSession</code>s - because the user agent will know the failed
78       * URL, such as with BASIC or Digest authentication - you may wish to set
79       * this property to <code>false</code>. Remember to also set the {@link
80       * org.acegisecurity.context.HttpSessionContextIntegrationFilter#setAllowSessionCreation}
81       * to <code>false</code> if you set this property to <code>false</code>.
82       *
83       * @return <code>true</code> if the <code>HttpSession</code> will be used
84       *         to store information about the failed request,
85       *         <code>false</code> if the <code>HttpSession</code> will not be
86       *         used
87       */
88      public boolean isCreateSessionAllowed() {
89          return createSessionAllowed;
90      }
91      
92      public void setCreateSessionAllowed(boolean createSessionAllowed) {
93          this.createSessionAllowed = createSessionAllowed;
94      }
95  
96  }
97
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags