1 37 38 package com.sun.j2ee.blueprints.signon.web; 39 40 import java.io.*; 41 import java.util.*; 42 import java.net.URL ; 43 44 import javax.servlet.*; 46 import javax.servlet.http.*; 47 import javax.naming.*; 48 49 import com.sun.j2ee.blueprints.signon.SignOnFacade; 50 51 52 public class SignOnFilter implements Filter { 53 54 public static final String FORM_SIGNON_URL = "j_signon_check"; 56 public static final String FORM_USER_NAME = "j_username"; 57 public static final String FORM_PASSWORD = "j_password"; 58 public static final String REMEMBER_USERNAME = "j_remember_username"; 59 public static final String USER_NAME = "j_signon_username"; 60 public static final String SIGNED_ON_USER = "j_signon"; 61 public static final String ORIGINAL_URL = "j_signon_original_url"; 62 public static final String CREATE_USER_URL = "j_create_user"; 63 public static final String COOKIE_NAME = "bp_signon"; 64 65 66 private HashMap protectedResources; 67 private FilterConfig config = null; 68 private String signOnErrorPage = null; 69 private String signOnPage = null; 70 private String userCreationError = null; 71 72 public void init(FilterConfig config) throws ServletException { 73 this.config = config; 74 URL protectedResourcesURL = null; 75 try { 76 protectedResourcesURL = config.getServletContext().getResource("/WEB-INF/signon-config.xml"); 77 ConfigFileSignOnDAO dao = new ConfigFileSignOnDAO(protectedResourcesURL); 78 signOnErrorPage = dao.getSignOnErrorPage(); 79 signOnPage = dao.getSignOnPage(); 80 protectedResources = dao.getProtectedResources(); 81 } catch (java.net.MalformedURLException ex) { 82 System.err.println("SignonFilter: malformed URL exception: " + ex); 83 throw new RuntimeException (ex); 84 } 85 } 86 87 public void destroy() { 88 config = null; 89 } 90 91 public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) 92 throws IOException, ServletException { 93 HttpServletRequest hreq = (HttpServletRequest)request; 94 String currentURI = hreq.getRequestURL().toString(); 95 String currentURL = hreq.getRequestURI(); 96 int firstSlash = currentURL.indexOf("/",1); String targetURL = null; 99 if (firstSlash != -1) targetURL = currentURL.substring(firstSlash + 1, currentURL.length()); 100 101 if ((targetURL != null) && targetURL.equals(FORM_SIGNON_URL)) { 102 validateSignOn(request, response, chain); 103 return; 105 } 106 107 boolean signedOn = false; 109 if (hreq.getSession().getAttribute(SIGNED_ON_USER) != null) { 110 signedOn =((Boolean )hreq.getSession().getAttribute(SIGNED_ON_USER)).booleanValue(); 111 } else { 112 hreq.getSession().setAttribute(SIGNED_ON_USER, new Boolean (false)); 113 } 114 if (signedOn) { 116 chain.doFilter(request,response); 117 return; 118 } 119 Iterator it = protectedResources.keySet().iterator(); 121 while (it.hasNext()) { 122 String protectedName = (String )it.next(); 123 ProtectedResource resource = (ProtectedResource)protectedResources.get(protectedName); 124 String urlPattern = resource.getURLPattern(); 125 126 if (urlPattern.equals(targetURL)) { 128 hreq.getSession().setAttribute(ORIGINAL_URL, targetURL); 130 config.getServletContext().getRequestDispatcher("/" + signOnPage).forward(request, response); 131 return; 133 } 134 } 135 chain.doFilter(request,response); 137 } 138 139 public void validateSignOn(ServletRequest request, ServletResponse response, FilterChain chain) 140 throws IOException, ServletException { 141 HttpServletRequest hreq = (HttpServletRequest)request; 143 HttpServletResponse hres = (HttpServletResponse)response; 144 String userName = hreq.getParameter(FORM_USER_NAME); 146 String password = hreq.getParameter(FORM_PASSWORD); 148 String rememberUserName = hreq.getParameter(REMEMBER_USERNAME); 150 if (rememberUserName != null) { 151 Cookie userNameCookie = new Cookie(COOKIE_NAME, userName); 153 userNameCookie.setMaxAge(2678400); 155 hres.addCookie(userNameCookie); 156 } else { 157 Cookie[] cookies = hreq.getCookies(); 159 if (cookies != null) { 160 for (int loop=0; loop < cookies.length; loop++) { 161 if (cookies[loop].getName().equals(COOKIE_NAME)) { 162 cookies[loop].setMaxAge(0); 163 hres.addCookie(cookies[loop]); 164 } 165 } 166 } 167 } 168 169 try { 171 SignOnFacade signOn = new SignOnFacade(); 172 boolean authenticated = signOn.authenticate(userName, password); 173 if (authenticated) { 174 if (hreq.getSession().getAttribute(USER_NAME) != null) { 176 hreq.getSession().removeAttribute(USER_NAME); 177 } 178 hreq.getSession().setAttribute(USER_NAME, userName); 179 if (hreq.getSession().getAttribute(SIGNED_ON_USER) != null) { 181 hreq.getSession().removeAttribute(SIGNED_ON_USER); 182 } 183 hreq.getSession().setAttribute(SIGNED_ON_USER, new Boolean (true)); 184 String targetURL = (String )hreq.getSession().getAttribute(ORIGINAL_URL); 186 hres.sendRedirect(targetURL); 187 return; 188 } else { 189 hres.sendRedirect(signOnErrorPage); 190 return; 191 } 192 } catch(Exception e) { 193 System.out.println("SignOnFilter signOnError:::exception to:" + e); 194 } 195 } 196 197 } 198 199 | Popular Tags |