ActionFilter


1   package com.blandware.atleap.webapp.filter;
2   
3   import com.blandware.atleap.common.Constants;
4   import com.blandware.atleap.model.core.User;
5   import com.blandware.atleap.model.core.UserCookie;
6   import com.blandware.atleap.service.core.UserManager;
7   import com.blandware.atleap.webapp.util.core.RequestUtil;
8   import com.blandware.atleap.webapp.util.core.SslUtil;
9   import org.apache.commons.logging.Log;
10  import org.apache.commons.logging.LogFactory;
11  import org.springframework.context.ApplicationContext;
12  import org.springframework.web.context.support.WebApplicationContextUtils;
13  
14  import javax.servlet.Filter  ;
15  import javax.servlet.FilterChain  ;
16  import javax.servlet.FilterConfig  ;
17  import javax.servlet.ServletContext  ;
18  import javax.servlet.ServletException  ;
19  import javax.servlet.ServletRequest  ;
20  import javax.servlet.ServletResponse  ;
21  import javax.servlet.http.HttpServletRequest  ;
22  import javax.servlet.http.HttpServletResponse  ;
23  import javax.servlet.http.HttpSession  ;
24  import java.io.IOException  ;
25  import java.util.Date  ;
26  
27  /**
28   * <p>This class is used to filter all requests to the <code>Action</code>
29   * servlet and detect if a user is authenticated.
30   * </p>
31   * <p><a HREF="ActionFilter.java.htm"><i>View Source</i></a></p>
32   *
33   * @author Matt Raible <a HREF="mailto:matt@raibledesigns.com">&lt;matt@raibledesigns.com&gt;</a>
34   * @version $Revision: 1.12 $ $Date: 2005/08/04 17:25:13 $
35   * @web.filter name="actionFilter"
36   * <p>Change this value to true if you want to secure your entire application.
37   * This can also be done in web-security.xml by setting <transport-guarantee>
38   * to CONFIDENTIAL.</p>
39   * @web.filter-init-param name="isSecure" value="${secure.application}"
40   */
41  public class ActionFilter implements Filter   {
42      protected Boolean   secure = Boolean.FALSE;
43      protected transient final Log log = LogFactory.getLog(ActionFilter.class);
44      protected FilterConfig   config = null;
45  
46      /**
47       * Initializes the filter with a given filter config
48       *
49       * @param config The config to use
50       * @throws ServletException
51       */
52      public void init(FilterConfig   config) throws ServletException   {
53          this.config = config;
54  
55          /* This determines if the application uconn SSL or not */
56          secure = Boolean.valueOf(config.getInitParameter("isSecure"));
57      }
58  
59      /**
60       * Destroys the filter.
61       */
62      public void destroy() {
63          config = null;
64      }
65  
66      /**
67       * Filters a request
68       *
69       * @param req   Filtered request
70       * @param resp  Response that will be result of filtering
71       * @param chain Chain of following filters
72       * @throws IOException
73       * @throws ServletException
74       */
75      public void doFilter(ServletRequest   req, ServletResponse   resp,
76                           FilterChain   chain)
77              throws IOException  , ServletException   {
78          // cast to the types I want to use
79          HttpServletRequest   request = (HttpServletRequest  ) req;
80          HttpServletResponse   response = (HttpServletResponse  ) resp;
81          HttpSession   session = request.getSession(true);
82  
83          // do pre filter work here
84          // If using https, switch to http
85          String   redirectString =
86                  SslUtil.getRedirectString(request, config.getServletContext(),
87                          secure.booleanValue());
88  
89          if ( redirectString != null ) {
90              if ( log.isDebugEnabled() ) {
91                  log.debug("protocol switch needed, redirecting to '" +
92                          redirectString + "'");
93              }
94  
95              // Redirect the page to the desired URL
96              response.sendRedirect(response.encodeRedirectURL(redirectString));
97  
98              // ensure we don't chain to requested resource
99              return;
100         }
101 
102         ServletContext   context = config.getServletContext();
103         String   username = request.getRemoteUser();
104         User user = (User) session.getAttribute(Constants.USER_KEY);
105 
106         // only for UserCounterListener in order to correctly count users after context reload
107         if ( user != null ) {
108             session.setAttribute(Constants.USER_KEY, user);
109         }
110 
111         // user authenticated, empty user object
112         if ( username != null && user == null ) {
113             ApplicationContext ctx =
114                     WebApplicationContextUtils.getRequiredWebApplicationContext(context);
115 
116             UserManager userManager = (UserManager) ctx.getBean(Constants.USER_MANAGER_BEAN);
117             user = userManager.retrieveUser(username);
118             session.setAttribute(Constants.USER_KEY, user);
119 
120             // if user wants to be remembered, create a remember me cookie
121             if ( session.getAttribute(Constants.LOGIN_COOKIE) != null ) {
122                 session.removeAttribute(Constants.LOGIN_COOKIE);
123 
124 
125                 UserCookie userCookie = new UserCookie();
126                 userCookie.setDateCreated(new Date  ());
127                 String   loginCookie = null;
128                 try {
129                     loginCookie = userManager.createUserCookie(userCookie, username);
130                 } catch ( Exception   e ) {
131                     throw new ServletException  (e);
132                 }
133                 RequestUtil.setCookie(response, Constants.LOGIN_COOKIE,
134                         loginCookie, request.getContextPath());
135             }
136         }
137 
138         chain.doFilter(request, response);
139     }
140 }
141
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags