KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > com > caucho > server > security > SecurityFilterChain


1 /*
2  * Copyright (c) 1998-2006 Caucho Technology -- all rights reserved
3  *
4  * This file is part of Resin(R) Open Source
5  *
6  * Each copy or derived work must preserve the copyright notice and this
7  * notice unmodified.
8  *
9  * Resin Open Source is free software; you can redistribute it and/or modify
10  * it under the terms of the GNU General Public License as published by
11  * the Free Software Foundation; either version 2 of the License, or
12  * (at your option) any later version.
13  *
14  * Resin Open Source is distributed in the hope that it will be useful,
15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE, or any warranty
17  * of NON-INFRINGEMENT. See the GNU General Public License for more
18  * details.
19  *
20  * You should have received a copy of the GNU General Public License
21  * along with Resin Open Source; if not, write to the
22  * Free SoftwareFoundation, Inc.
23  * 59 Temple Place, Suite 330
24  * Boston, MA 02111-1307 USA
25  *
26  * @author Scott Ferguson
27  */

28
29 package com.caucho.server.security;
30
31 import com.caucho.server.connection.CauchoRequest;
32 import com.caucho.server.connection.CauchoResponse;
33
34 import javax.servlet.FilterChain JavaDoc;
35 import javax.servlet.ServletContext JavaDoc;
36 import javax.servlet.ServletException JavaDoc;
37 import javax.servlet.ServletRequest JavaDoc;
38 import javax.servlet.ServletResponse JavaDoc;
39 import java.io.IOException JavaDoc;
40 import java.util.ArrayList JavaDoc;
41 import java.util.HashMap JavaDoc;
42
43 public class SecurityFilterChain implements FilterChain JavaDoc {
44   private FilterChain JavaDoc _next;
45   
46   private ServletContext JavaDoc _webApp;
47
48   private AbstractConstraint []_constraints;
49   private HashMap JavaDoc<String JavaDoc,AbstractConstraint[]> _methodMap;
50
51   SecurityFilterChain(FilterChain JavaDoc next)
52   {
53     _next = next;
54   }
55
56   public void setWebApp(ServletContext JavaDoc app)
57   {
58     _webApp = app;
59   }
60
61   public void setConstraints(ArrayList JavaDoc<AbstractConstraint> constraints)
62   {
63     _constraints = new AbstractConstraint[constraints.size()];
64
65     constraints.toArray(_constraints);
66   }
67
68   public void setMethodMap(HashMap JavaDoc<String JavaDoc,AbstractConstraint[]> methodMap)
69   {
70     _methodMap = methodMap;
71   }
72
73   public void destroy()
74   {
75   }
76
77   public void doFilter(ServletRequest JavaDoc request, ServletResponse JavaDoc response)
78     throws ServletException JavaDoc, IOException JavaDoc
79   {
80     // This filter is always called before user filters so we know that
81
// the request and response are AbstractRequest and Response.
82
CauchoRequest req = (CauchoRequest) request;
83     CauchoResponse res = (CauchoResponse) response;
84
85     AbstractConstraint []constraints = null;
86     if (_methodMap != null)
87       constraints = _methodMap.get(req.getMethod());
88
89     if (constraints == null)
90       constraints = _constraints;
91
92     boolean isPrivateCache = false;
93     if (constraints != null) {
94       // non-authentication constraints are first
95
for (int i = 0; i < constraints.length; i++) {
96     AbstractConstraint constraint = constraints[i];
97     
98     if (constraint.needsAuthentication())
99       continue;
100
101         if (! constraint.isAuthorized(req, res, _webApp))
102           return;
103     
104     if (constraint.isPrivateCache())
105       isPrivateCache = true;
106       }
107
108       boolean hasAuth = false;
109       for (int i = 0; i < constraints.length; i++) {
110     AbstractConstraint constraint = constraints[i];
111     
112         if (! constraint.needsAuthentication())
113       continue;
114
115         if (! hasAuth) {
116           hasAuth = true;
117           if (! req.authenticate())
118             return;
119         }
120         
121         if (! constraint.isAuthorized(req, res, _webApp))
122           return;
123     
124     if (constraint.isPrivateCache())
125       isPrivateCache = true;
126       }
127     }
128
129     if (isPrivateCache)
130       res.setPrivateCache(true);
131     
132     _next.doFilter(request, response);
133   }
134 }
135
Popular Tags