KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > com > tonbeller > wcf > token > TokenFilter


1 /*
2  * ====================================================================
3  * This software is subject to the terms of the Common Public License
4  * Agreement, available at the following URL:
5  * http://www.opensource.org/licenses/cpl.html .
6  * Copyright (C) 2003-2004 TONBELLER AG.
7  * All Rights Reserved.
8  * You must accept the terms of that agreement to use this software.
9  * ====================================================================
10  *
11  *
12  */
13 package com.tonbeller.wcf.token;
14
15 import java.io.IOException JavaDoc;
16 import java.util.Random JavaDoc;
17
18 import javax.servlet.Filter JavaDoc;
19 import javax.servlet.FilterChain JavaDoc;
20 import javax.servlet.FilterConfig JavaDoc;
21 import javax.servlet.ServletException JavaDoc;
22 import javax.servlet.ServletRequest JavaDoc;
23 import javax.servlet.ServletResponse JavaDoc;
24 import javax.servlet.http.HttpServletRequest JavaDoc;
25 import javax.servlet.http.HttpServletResponse JavaDoc;
26
27 import org.apache.log4j.Logger;
28
29 import com.tonbeller.wcf.controller.RequestContext;
30 import com.tonbeller.wcf.controller.RequestContextFactoryFinder;
31 import com.tonbeller.wcf.statusline.StatusLine;
32
33 public class TokenFilter implements Filter JavaDoc {
34   private String JavaDoc httpParameterName;
35   private boolean showMessage;
36   private static Random JavaDoc random = new Random JavaDoc();
37   private static final Logger logger = Logger.getLogger(TokenFilter.class);
38
39   public void init(FilterConfig JavaDoc config) throws ServletException JavaDoc {
40     httpParameterName = config.getInitParameter("token");
41     if (httpParameterName == null)
42       httpParameterName = "token";
43     showMessage = "true".equals(config.getInitParameter("showMessage"));
44   }
45
46   private static ThreadLocal JavaDoc threadLocal = new ThreadLocal JavaDoc();
47
48   public void doFilter(ServletRequest JavaDoc req, ServletResponse JavaDoc res, FilterChain JavaDoc chain)
49       throws IOException JavaDoc, ServletException JavaDoc {
50
51     // BEA Weblogic calls the filter for imported files too, so in case of recursion
52 // we just forward the request.
53 if (threadLocal.get() != null) {
54       chain.doFilter(req, res);
55       return;
56     }
57     
58     try {
59       threadLocal.set(Boolean.TRUE); // any object will do
60
61       HttpServletRequest JavaDoc request = (HttpServletRequest JavaDoc) req;
62       HttpServletResponse JavaDoc response = (HttpServletResponse JavaDoc) res;
63
64       String JavaDoc token = request.getParameter(httpParameterName);
65       RequestToken s = RequestToken.instance(request.getSession(true));
66       s.setHttpParameterName(httpParameterName);
67       if (token != null && s.getToken() != null) {
68         if (!token.equals(s.getToken())) {
69           if (logger.isInfoEnabled())
70             logger.info("redirecting to " + s.getPage());
71           response.sendRedirect(s.getPage());
72
73           if (showMessage) {
74             // create a temporary context that is NOT stored in the ThreadLocal
75 RequestContext context = RequestContextFactoryFinder.createContext(request, response,
76                 false);
77             String JavaDoc message = context.getResources(TokenFilter.class).getString(
78                 "wcf.token.browser.navigation");
79             StatusLine.instance(context.getSession()).setMessage(message);
80           }
81           return;
82         }
83       }
84
85       synchronized (random) {
86         s.setToken(Integer.toHexString(random.nextInt()));
87         s.setPage(request.getRequestURI());
88       }
89
90       chain.doFilter(request, response);
91     } finally {
92       threadLocal.set(null);
93     }
94   }
95
96   public void destroy() {
97   }
98
99 }
100
Popular Tags