RequestRegistryFilter


1   /* The Jcorporate Apache Style Software License, Version 1.2 05-07-2002
2   *
3   * Copyright (c) 1995-2002 Jcorporate Ltd. All rights reserved.
4   *
5   * Redistribution and use in source and binary forms, with or without
6   * modification, are permitted provided that the following conditions
7   * are met:
8   *
9   * 1. Redistributions of source code must retain the above copyright
10  *    notice, this list of conditions and the following disclaimer.
11  *
12  * 2. Redistributions in binary form must reproduce the above copyright
13  *    notice, this list of conditions and the following disclaimer in
14  *    the documentation and/or other materials provided with the
15  *    distribution.
16  *
17  * 3. The end-user documentation included with the redistribution,
18  *    if any, must include the following acknowledgment:
19  *       "This product includes software developed by Jcorporate Ltd.
20  *        (http://www.jcorporate.com/)."
21  *    Alternately, this acknowledgment may appear in the software itself,
22  *    if and wherever such third-party acknowledgments normally appear.
23  *
24  * 4. "Jcorporate" and product names such as "Expresso" must
25  *    not be used to endorse or promote products derived from this
26  *    software without prior written permission. For written permission,
27  *    please contact info@jcorporate.com.
28  *
29  * 5. Products derived from this software may not be called "Expresso",
30  *    or other Jcorporate product names; nor may "Expresso" or other
31  *    Jcorporate product names appear in their name, without prior
32  *    written permission of Jcorporate Ltd.
33  *
34  * 6. No product derived from this software may compete in the same
35  *    market space, i.e. framework, without prior written permission
36  *    of Jcorporate Ltd. For written permission, please contact
37  *    partners@jcorporate.com.
38  *
39  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
40  * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
41  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
42  * DISCLAIMED.  IN NO EVENT SHALL JCORPORATE LTD OR ITS CONTRIBUTORS
43  * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
44  * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
45  * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
46  * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
47  * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
48  * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
49  * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
50  * SUCH DAMAGE.
51  * ====================================================================
52  *
53  * This software consists of voluntary contributions made by many
54  * individuals on behalf of the Jcorporate Ltd. Contributions back
55  * to the project(s) are encouraged when you make modifications.
56  * Please send them to support@jcorporate.com. For more information
57  * on Jcorporate Ltd. and its products, please see
58  * <http://www.jcorporate.com/>.
59  *
60  * Portions of this software are based upon other open source
61  * products and are subject to their respective licenses.
62   */
63  
64  package com.jcorporate.expresso.core.registry;
65  
66  import com.jcorporate.expresso.core.controller.NonHandleableException;
67  import com.jcorporate.expresso.core.dataobjects.DataObject;
68  import com.jcorporate.expresso.core.dataobjects.Securable;
69  import com.jcorporate.expresso.core.db.DBException;
70  import com.jcorporate.expresso.core.jsdkapi.GenericSession;
71  import com.jcorporate.expresso.core.misc.CurrentLogin;
72  import com.jcorporate.expresso.core.security.SuperUser;
73  import com.jcorporate.expresso.core.security.User;
74  import com.jcorporate.expresso.core.servlet.CheckLogin;
75  import com.jcorporate.expresso.services.dbobj.DefaultUserInfo;
76  
77  import javax.servlet.Filter  ;
78  import javax.servlet.FilterChain  ;
79  import javax.servlet.FilterConfig  ;
80  import javax.servlet.ServletException  ;
81  import javax.servlet.ServletRequest  ;
82  import javax.servlet.ServletResponse  ;
83  import javax.servlet.http.HttpServlet  ;
84  import javax.servlet.http.HttpServletRequest  ;
85  import java.io.IOException  ;
86  
87  /**
88   * Does a similar job as Expresso's checkLogin() but it also sets the
89   * current default request context and user in the request registry.
90   *
91   * @author Michael Rimov
92   * @version 1.0
93   */
94  public class RequestRegistryFilter extends HttpServlet   implements Filter   {
95      private FilterConfig   filterConfig;
96  
97  
98      /**
99       * Initialization
100      *
101      * @param filterConfig FilterConfig The Filter Configuration
102      * @throws ServletException upon construction
103      */
104     public void init(FilterConfig   filterConfig) throws ServletException   {
105         this.filterConfig = filterConfig;
106         filterConfig.getServletContext().log("Initializing RequestRegistryFilter");
107     }
108 
109     /**
110      * Processes the request/response by defining the registry as set up
111      * by CheckLogin and the 'CurrentLogin' class.
112      *
113      * @param request     ServletRequest The HttpServletRequest
114      * @param response    ServletResponse The HttpServletResponse
115      * @param filterChain FilterChain the filter chain
116      * @throws ServletException upon expresso controller-related error.
117      * @throws IOException      Only thrown by filters further down the chain.
118      */
119     public void doFilter(ServletRequest   request, ServletResponse   response,
120                          FilterChain   filterChain) throws ServletException  , IOException   {
121         try {
122             HttpServletRequest   req = (HttpServletRequest  ) request;
123             RequestRegistry superUserSettings =
124                     new MutableRequestRegistry("default", SuperUser.SUPER_USER);
125             CurrentLogin cl;
126             User u;
127             try {
128                 //Set the  current thread to superuser for authentication
129                 //purposes.  We downgrade it as soon as we have privlidges.
130                 CheckLogin.getInstance().checkLogin((HttpServletRequest  )
131                         request);
132                 cl = (CurrentLogin) GenericSession
133                         .getAttribute(req, "CurrentLogin");
134 
135                 u = new User();
136                 u.setDataContext(cl.getDBName());
137                 u.setUid(cl.getUid());
138 
139                 try {
140                     u.retrieve();
141                 } catch (DBException ex1) {
142                     //We have a potential situation where the User
143                     //table might not exist yet.
144                     DataObject dao = new DefaultUserInfo(Securable.SYSTEM_ACCOUNT);
145                     dao.setDataContext(cl.getDBName());
146                     try {
147                         dao.count();
148                         throw new DBException("Unable to load user", ex1);
149                     } catch (DBException ex) {
150                         try {
151                             this.log("User Table Doesn't Yet Exist", ex);
152                         } catch (NullPointerException   ex2) {
153                             ex.printStackTrace();
154                             System.err.println("User table doesn't yet exist, but couldn't log: " + ex2.getMessage());
155                         }
156                     }
157                 }
158             } finally {
159                 //Take out the superuser settings to save any chances of
160                 //exploits occuring by reuse of a thread.
161                 superUserSettings.releaseSettings();
162             }
163 
164             //The following line sets the particular instance of requestRegistry
165             //into the threadlocal context.
166             RequestRegistry requestRegistry =
167                     new MutableRequestRegistry(cl.getDBName(), u);
168             try {
169                 filterChain.doFilter(request, response);
170             } finally {
171                 requestRegistry.releaseSettings();
172             }
173         } catch (NonHandleableException ex) {
174             throw new ServletException  ("Error pre-processing request", ex);
175         } catch (DBException ex) {
176             throw new ServletException  ("Error pre-processing request", ex);
177         }
178     }
179 
180     /**
181      * Clean up resources
182      */
183     public void destroy() {
184         filterConfig.getServletContext().log("Destroying RequestRegistryFilter");
185     }
186 }
187
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags