1 28 package net.sf.jguard.jee.authentication.http; 29 30 import java.io.IOException ; 31 import java.security.Permission ; 32 import java.security.Permissions ; 33 import java.security.Policy ; 34 import java.security.PrivilegedActionException ; 35 import java.security.PrivilegedExceptionAction ; 36 import java.util.ArrayList ; 37 import java.util.Collection ; 38 import java.util.HashMap ; 39 import java.util.HashSet ; 40 import java.util.Iterator ; 41 import java.util.Map ; 42 import java.util.Set ; 43 import java.util.regex.Matcher ; 44 import java.util.regex.Pattern ; 45 46 import javax.security.auth.Subject ; 47 import javax.servlet.Filter ; 48 import javax.servlet.FilterChain ; 49 import javax.servlet.FilterConfig ; 50 import javax.servlet.ServletContext ; 51 import javax.servlet.ServletException ; 52 import javax.servlet.ServletRequest ; 53 import javax.servlet.ServletResponse ; 54 import javax.servlet.http.HttpServletRequest ; 55 import javax.servlet.http.HttpServletResponse ; 56 import javax.servlet.http.HttpSession ; 57 58 import net.sf.jguard.core.CoreConstants; 59 import net.sf.jguard.core.authentication.credentials.JGuardCredential; 60 import net.sf.jguard.core.authorization.permissions.URLPermission; 61 import net.sf.jguard.ext.SecurityConstants; 62 import net.sf.jguard.ext.audit.AuditManager; 63 import net.sf.jguard.ext.authentication.AuthenticationException; 64 import net.sf.jguard.ext.authentication.manager.AuthenticationManager; 65 import net.sf.jguard.ext.authentication.manager.AuthenticationManagerFactory; 66 import net.sf.jguard.ext.registration.SubjectTemplate; 67 import net.sf.jguard.ext.util.XMLUtils; 68 import net.sf.jguard.jee.authentication.callbacks.HttpCallbackHandler; 69 import net.sf.jguard.jee.authorization.http.HttpAccessControllerUtils; 70 import net.sf.jguard.jee.util.WebappUtil; 71 72 import org.apache.commons.logging.Log; 73 import org.apache.commons.logging.LogFactory; 74 import org.dom4j.Document; 75 import org.dom4j.Element; 76 77 78 79 84 public class AccessFilter implements Filter ,HttpConstants{ 85 86 87 private static final String STAR = "\\*"; 88 private static final String DOUBLE_STAR = "\\*\\*"; 89 private static Pattern starPattern = Pattern.compile(AccessFilter.STAR); 90 91 92 93 static public final Log logger = LogFactory.getLog(AccessFilter.class); 94 95 96 private static String indexURI; 98 private static URLPermission authenticationFailedURI; 100 private static URLPermission logonURI; 102 private static String logonURIStr; 103 private static URLPermission logonProcessURI; 105 private static Permissions logoffURIs; 107 private static URLPermission accessDeniedURI; 109 110 private static URLPermission registerProcessURI; 113 private static String registerURI; 116 117 private static String applicationName; 119 120 121 private static String authScheme; 123 124 private static boolean goToLastAccessDeniedUriOnSuccess = true; 125 126 private boolean local; 128 129 133 public void init(FilterConfig filterCfg) throws ServletException { 134 135 logger.debug("server info = "+filterCfg.getServletContext().getServerInfo()); 136 logger.debug("servletContextName="+ filterCfg.getServletContext().getServletContextName()); 137 logger.debug("servlet Real Path="+ WebappUtil.getWebappHomePath(filterCfg.getServletContext(),"/")); 138 logger.debug("current Policy="+Policy.getPolicy()); 139 140 ServletContext context = filterCfg.getServletContext(); 141 applicationName = context.getServletContextName(); 142 if(applicationName == null){ 143 logger.fatal(" ServletContext.getServletContextName() return null \n you should fix your web.xml by adding the 'display-name' markup with the name of your webapp "); 144 throw new ServletException (" ServletContext.getServletContextName() return null \n you should fix your web.xml by adding the 'display-name' markup with the name of your webapp "); 145 } 146 147 String filterConfigurationLocation = WebappUtil.getWebappHomePath(context,filterCfg.getInitParameter(HttpConstants.CONFIGURATION_LOCATION)); 148 149 Map filterSettings = loadFilterConfiguration(filterConfigurationLocation); 150 151 setFilterSettings(filterSettings); 152 153 context.setAttribute(CoreConstants.APPLICATION_NAME,applicationName); 154 context.setAttribute(HttpConstants.AUTH_SCHEME,authScheme); 155 context.setAttribute(HttpConstants.USERS_IN_SESSION,new ArrayList ()); 156 String authenticationScope = (String )context.getAttribute(SecurityConstants.AUTHENTICATION_SCOPE); 157 if(SecurityConstants.JVM_SCOPE.equalsIgnoreCase(authenticationScope)){ 158 local = false; 159 }else{ 160 local = true; 161 } 162 } 163 164 168 private void setFilterSettings(Map filterSettings) throws ServletException { 169 indexURI = (String )filterSettings.get(HttpConstants.INDEX_URI); 170 authenticationFailedURI = new URLPermission("authenticationFailedURI",(String )filterSettings.get(HttpConstants.AUTHENTICATION_FAILED_URI)); 171 logonProcessURI = new URLPermission("logonProcessURI",(String )filterSettings.get(HttpConstants.LOGON_PROCESS_URI)); 172 logonURIStr = (String )filterSettings.get(HttpConstants.LOGON_URI); 173 logonURI = new URLPermission("logonURI",logonURIStr); 174 logoffURIs = new Permissions (); 175 Iterator itLogoffURI = ((Set )filterSettings.get(HttpConstants.LOGOFF_URIS)).iterator(); 176 while (itLogoffURI.hasNext()){ 177 logoffURIs.add(new URLPermission("logoffURI",(String )itLogoffURI.next())); 178 } 179 accessDeniedURI = new URLPermission("accessDeniedURI",(String )filterSettings.get(HttpConstants.ACCESS_DENIED_URI)); 180 registerProcessURI = new URLPermission("registerProcessURI",(String )filterSettings.get(HttpConstants.REGISTER_PROCESS_URI)); 181 registerURI = (String )filterSettings.get(HttpConstants.REGISTER_URI); 182 183 authScheme = (String )filterSettings.get(HttpConstants.AUTH_SCHEME); 185 Collection authSchemes = AuthSchemesHelper.validateAuthScheme(authScheme); 186 if(authSchemes.contains(HttpConstants.FORM_AUTH)){ 187 HttpCallbackHandler.setLoginField((String )filterSettings.get(HttpConstants.LOGIN_FIELD)); 188 HttpCallbackHandler.setPasswordField((String )filterSettings.get(HttpConstants.PASSWORD_FIELD)); 189 } 190 191 String tmpValue = (String )filterSettings.get(HttpConstants.GO_TO_LAST_ACCESS_DENIED_URI_ON_SUCCESS); 193 if("false".equalsIgnoreCase(tmpValue) || "no".equalsIgnoreCase(tmpValue)) 194 goToLastAccessDeniedUriOnSuccess = false; 195 196 } 197 198 199 204 public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException , ServletException { 205 HttpServletRequest req = (HttpServletRequest )request; 206 HttpServletResponse res = (HttpServletResponse )response; 207 URLPermission urlPermission = (URLPermission)buildPermission(req); 208 Subject subject = HttpAuthenticationUtils.getSubject(req.getSession(true)); 209 210 if(subject == null){ 211 logger.debug("LAST_ACCESS_DENIED_URI="+urlPermission.getURI()); 212 req.getSession(true).setAttribute(HttpConstants.LAST_ACCESS_DENIED_URI,urlPermission.getURI()); 213 AuditManager.addEvent(subject," subject is null "," logonProcess phase "); 214 logonProcess(new AnonymizerRequestWrapper(req), res); 215 }else if(authenticationFailedURI.implies(urlPermission)){ 216 StringBuffer sb1 = new StringBuffer ("subject is not null and URI"); 218 sb1.append(urlPermission.getURI()); 219 sb1.append("= authenticationFailedURI( ").append(authenticationFailedURI.getURI()).append(")"); 220 AuditManager.addEvent(subject,sb1.toString()," access authorized "); 221 chain.doFilter(request,response); 222 }else if(accessDeniedURI.implies(urlPermission)){ 223 StringBuffer sb1 = new StringBuffer ("subject is not null and URI"); 225 sb1.append(urlPermission.getURI()); 226 sb1.append("= accessDeniedURI( ").append(accessDeniedURI.getURI()).append(")"); 227 AuditManager.addEvent(subject,sb1.toString()," access authorized "); 228 chain.doFilter(request,response); 229 }else if(logonURI.implies(urlPermission)){ 230 StringBuffer sb2 = new StringBuffer ("uri(").append(urlPermission.getURI()).append(")"); 231 sb2.append(" is equals to logonURI(").append(logonURI.getURI()).append(") "); 232 AuditManager.addEvent(subject,sb2.toString()," logon phase "); 233 HttpCallbackHandler.buildFormChallenge(chain, req, res); 234 }else if(logonProcessURI.implies(urlPermission)){ 235 StringBuffer sb3 = new StringBuffer (" uri(").append(urlPermission.getURI()).append(")").append("=logonProcessURI(").append(logonProcessURI.getURI()).append(")"); 236 AuditManager.addEvent(subject,sb3.toString()," logonProcess phase "); 237 logonProcess(req, res); 238 }else if(logoffURIs.implies(urlPermission)){ 239 StringBuffer sb4 = new StringBuffer ("uri(").append(urlPermission.getURI()).append(")=logoffURI(").append(urlPermission.getURI()).append(")"); 240 AuditManager.addEvent(subject,sb4.toString()," logoff phase "); 241 logoff(req, res, chain); 242 243 }else if(registerProcessURI!= null && registerURI != null && registerProcessURI.implies(urlPermission)){ 245 StringBuffer sb5 = new StringBuffer ("uri(").append(urlPermission.getURI()).append(")=registerProcessURI(").append(registerProcessURI.getURI()).append(")"); 247 AuditManager.addEvent(subject,sb5.toString()," registerProcess phase "); 248 249 boolean authenticate = authenticate(new AnonymizerRequestWrapper(req), res); 254 if(authenticate== false){ 255 return; 257 } 258 boolean registerSucceed = registerProcess(req, res, chain); 259 260 if(!registerSucceed){ 261 AuditManager.addEvent(subject," registration failed " ," registerProcess phase "); 262 if(!res.isCommitted()){ 263 res.sendRedirect(res.encodeRedirectURL(req.getContextPath()+registerURI)); 264 }else{ 265 logger.warn(" we cannot redirect to "+req.getContextPath()+registerURI+" because response is already commited "); 266 } 267 }else if(registerSucceed){ 268 AuditManager.addEvent(subject," registration succeed " ," registerProcess phase "); 269 req.getSession(true).removeAttribute(HttpConstants.AUTHN_UTILS); 271 req.getSession(true).removeAttribute(HttpConstants.LAST_ACCESS_DENIED_URI); 272 authenticateAfterRegistration(req, res); 273 } 274 275 }else{ 276 277 278 if(!HttpAccessControllerUtils.hasPermission(req,urlPermission)){ 280 req.getSession(true).setAttribute(HttpConstants.LAST_ACCESS_DENIED_URI,urlPermission.getURI()); 283 StringBuffer sb5 = new StringBuffer (" subject hasn't got the permission name=").append(urlPermission.getName()).append(" actions=").append(urlPermission.getActions()); 284 AuditManager.addEvent(subject,sb5.toString()," accessdenied phase "); 285 accessDenied(req, res); 286 }else{ 287 StringBuffer sb6 = new StringBuffer (" subject has got the permission name=").append(urlPermission.getName()).append(" actions=").append(urlPermission.getActions()); 289 AuditManager.addEvent(subject,sb6.toString()," authorize phase "); 290 authorize(chain, req, res); 291 } 292 } 293 294 295 } 296 297 304 private static boolean registerProcess(HttpServletRequest req, HttpServletResponse res, FilterChain chain) { 305 boolean success = false; 306 AuthenticationManager auth = AuthenticationManagerFactory.getAuthenticationManager(); 307 SubjectTemplate st = null; 308 try { 309 st = buildSubjectTemplate(req); 310 } catch (AuthenticationException e1) { 311 logger.error(" subject template cannot be built ",e1); 312 return false; 313 } 314 Subject subject = null; 315 try { 316 subject = auth.createUser(st); 317 success = true; 318 } catch (AuthenticationException e) { 319 StringBuffer sb7 = new StringBuffer (" registration failed "); 320 AuditManager.addEvent(subject,sb7.toString(), " registrationProcess phase"); 321 } 322 323 return success; 324 } 325 326 332 private static SubjectTemplate buildSubjectTemplate(HttpServletRequest req) throws AuthenticationException{ 333 AuthenticationManager auth = AuthenticationManagerFactory.getAuthenticationManager(); 334 SubjectTemplate defaultSt = auth.getDefaultSubjectTemplate(); 335 SubjectTemplate st = new SubjectTemplate(); 336 st.setName(defaultSt.getName()); 337 338 Set privateCredRequiredFromDefaultSt =defaultSt.getPrivateRequiredCredentials(); 340 Set privRequiredCred = grabRegistrationForm(req, st, privateCredRequiredFromDefaultSt); 341 st.setPrivateRequiredCredentials(privRequiredCred); 342 343 Set publicCredRequiredFromDefaultSt =defaultSt.getPublicRequiredCredentials(); 345 Set pubRequiredCred = grabRegistrationForm(req, st, publicCredRequiredFromDefaultSt); 346 st.setPublicRequiredCredentials(pubRequiredCred); 347 348 Set publicCredOptionalFromDefaultSt =defaultSt.getPublicOptionalCredentials(); 350 Set pubOptionalCred = grabRegistrationForm(req, st, publicCredOptionalFromDefaultSt); 351 st.setPublicOptionalCredentials(pubOptionalCred); 352 353 Set privateCredOptionalFromDefaultSt =defaultSt.getPrivateOptionalCredentials(); 355 Set privOptionalCred = grabRegistrationForm(req, st, privateCredOptionalFromDefaultSt); 356 st.setPrivateOptionalCredentials(privOptionalCred); 357 358 359 return st; 360 } 361 362 369 private static Set grabRegistrationForm(HttpServletRequest req, SubjectTemplate st, Set credentialsFromDefaultSt) { 370 Iterator itCredentials = credentialsFromDefaultSt.iterator(); 371 Set credSet = new HashSet (); 372 while(itCredentials.hasNext()){ 373 JGuardCredential jcredFromDefault = (JGuardCredential)itCredentials.next(); 374 375 if(req.getParameter(jcredFromDefault.getId())!= null){ 377 JGuardCredential jcred = new JGuardCredential(); 378 jcred.setId(jcredFromDefault.getId()); 379 try{ 380 jcred.setValue(req.getParameter(jcredFromDefault.getId())); 381 credSet.add(jcred); 382 }catch(IllegalArgumentException iae){ 383 logger.warn(" the property "+jcredFromDefault.getId()+" doesn't exist in the HttpServletRequest "); 384 continue; 385 } 386 } 387 388 } 389 return credSet; 390 } 391 392 393 394 private static String buildRequest(HttpServletRequest req) { 395 String uriWithQuery = null; 396 StringBuffer sb = new StringBuffer (req.getServletPath()); 397 if(req.getQueryString()!=null && req.getQueryString().length()>0){ 398 sb.append("?"); 399 sb.append(req.getQueryString()); 400 } 401 uriWithQuery = sb.toString(); 402 Matcher matcher = starPattern.matcher(uriWithQuery); 403 uriWithQuery = matcher.replaceAll(AccessFilter.DOUBLE_STAR); 404 logger.debug("uriWithQuery="+uriWithQuery); 405 return uriWithQuery; 406 } 407 408 414 private void logonProcess(HttpServletRequest req, HttpServletResponse res) throws IOException { 415 HttpSession session = req.getSession(true); 416 Subject subject = HttpAuthenticationUtils.getSubject(session); 417 if(HttpConstants.BASIC_AUTH.equalsIgnoreCase(authScheme)){ 418 String authorizationHeader = req.getHeader("Authorization"); 419 logger.debug("authorizationHeader="+authorizationHeader); 420 421 if(subject == null){ 423 String AuthorizationHeaderValue = HttpCallbackHandler.buildBasicAuthHeader( 424 SecurityConstants.GUEST,SecurityConstants.GUEST,req.getCharacterEncoding()); 425 JGuardServletRequestWrapper jguardReq = new JGuardServletRequestWrapper(req); 426 jguardReq.setHeader(HttpCallbackHandler.AUTHORIZATION,AuthorizationHeaderValue); 427 AuditManager.addEvent(subject," BASIC authentication subject is null "," authenticate phase "); 428 authenticate(jguardReq, res); 429 }else if((authorizationHeader==null || !authorizationHeader.startsWith("Basic ") )){ 430 AuditManager.addEvent(subject," subject is not null but BASIC HEADER is incorrect "+authorizationHeader," jGuard build BASIC challenge "); 433 HttpCallbackHandler.buildBasicChallenge(res,(String )session.getServletContext().getAttribute(CoreConstants.APPLICATION_NAME)); 434 }else{ 435 AuditManager.addEvent(subject," BASIC AUTHENTICATION TYPE "," authenticate phase "); 436 authenticate(req, res); 437 } 438 }else{ 439 AuditManager.addEvent(subject," AUTHENTICATION TYPE ="+authScheme," authenticate phase "); 440 authenticate(req, res); 441 } 442 } 443 444 445 451 private void accessDenied(HttpServletRequest req, HttpServletResponse res) throws IOException { 452 if (logger.isDebugEnabled()) { 455 logger.debug(" access denied to "+req.getRequestURI()); 456 } 457 if(accessDeniedURI== null){ 458 AuditManager.addEvent(HttpAuthenticationUtils.getSubject(req.getSession(true))," access is denied to "+req.getRequestURI()+" accessDeniedURI is not defined "," jGuard send 401 http code "); 459 res.sendError(HttpServletResponse.SC_UNAUTHORIZED, " access denied "); 460 }else{ 461 AuditManager.addEvent(HttpAuthenticationUtils.getSubject(req.getSession(true))," access is denied to"+req.getRequestURI()," user is redirected to accessDeniedURI"+accessDeniedURI.getURI()); 462 if(!res.isCommitted()){ 464 res.sendRedirect(res.encodeRedirectURL(req.getContextPath()+accessDeniedURI.getURI())); 465 }else{ 466 logger.warn(" we cannot redirect to req.getContextPath()+"+accessDeniedURI.getURI()+" because response is already commited "); 467 } 468 } 469 } 470 471 479 private void authorize(FilterChain chain, HttpServletRequest req, HttpServletResponse res) throws IOException , ServletException { 480 if (logger.isDebugEnabled()) { 481 logger.debug("doFilter() - access authorized to "+ req.getRequestURI()); 482 } 483 484 if(System.getSecurityManager()!=null){ 487 try { 488 propagateSecurity(new JGuardServletRequestWrapper(req),res,chain); 489 } catch (PrivilegedActionException e) { 490 logger.warn(" access denied ",e); 491 AuditManager.addEvent(HttpAuthenticationUtils.getSubject(req.getSession(true))," a security exception "+e.getMessage()," user is redirected to accessDeniedURI("+accessDeniedURI.getURI()+")"); 492 if(!res.isCommitted()){ 493 res.sendRedirect(res.encodeRedirectURL(req.getContextPath()+accessDeniedURI.getURI())); 494 }else{ 495 logger.warn(" we cannot redirect to "+req.getContextPath()+accessDeniedURI.getURI()+" because response is already commited "); 496 } 497 } 498 }else{ 499 try{ 502 chain.doFilter(new JGuardServletRequestWrapper(req),res); 503 }catch(Throwable t){ 504 logger.fatal(t.getMessage()); 505 res.sendError(HttpServletResponse.SC_SERVICE_UNAVAILABLE); 506 } 507 } 508 } 509 510 518 private static void logoff(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException , ServletException { 519 HttpSession session = request.getSession(); 521 522 HttpAuthenticationUtils auth= (HttpAuthenticationUtils)session.getAttribute(HttpConstants.AUTHN_UTILS); 523 if(auth!= null){ 524 auth.logout(); 525 AuditManager.addEvent(auth.getSubject()," "," user logoff "); 526 } 527 528 session.removeAttribute(HttpConstants.AUTHN_UTILS); 529 530 if (logger.isDebugEnabled()) { 531 logger.debug("doFilter() - user logoff "); 532 } 533 534 try{ 536 session.invalidate(); 537 }catch(IllegalStateException ise){ 538 logger.debug(" session is already invalidated "); 539 } 540 541 chain.doFilter(request,response); 543 } 544 545 553 private static void propagateSecurity(final HttpServletRequest request, final HttpServletResponse response, final FilterChain chain) throws PrivilegedActionException { 554 HttpSession session = request.getSession(); 555 Subject subject = HttpAuthenticationUtils.getSubject(session); 556 Subject.doAsPrivileged(subject, new PrivilegedExceptionAction () { 557 public Object run() throws IOException , ServletException { 558 try{ 561 chain.doFilter(new JGuardServletRequestWrapper(request),response); 562 }catch(Throwable t){ 563 logger.fatal(t.getMessage()); 564 response.sendError(HttpServletResponse.SC_SERVICE_UNAVAILABLE); 565 } 566 return null; 570 } 571 },null); 572 573 } 574 575 576 583 private boolean authenticate(HttpServletRequest req, HttpServletResponse res) throws IOException { 584 boolean authenticationFailed = !HttpAuthenticationUtils.authenticate(req,res,false,local); 585 return postAuthenticationProcess(req, res, authenticationFailed); 586 } 587 588 595 private boolean authenticateAfterRegistration(HttpServletRequest req, HttpServletResponse res) throws IOException { 596 boolean authenticationFailed = !HttpAuthenticationUtils.authenticate(req,res,true,local); 597 return postAuthenticationProcess(req, res, authenticationFailed); 598 } 599 600 private boolean postAuthenticationProcess(HttpServletRequest req, HttpServletResponse res, boolean authenticationFailed) throws IOException { 601 602 Subject subject = HttpAuthenticationUtils.getSubject(req.getSession(true)); 603 604 if(authenticationFailed){ 605 if(res.isCommitted()){ 606 logger.warn(" response is already committed "); 607 } 608 609 if(HttpConstants.BASIC_AUTH.equalsIgnoreCase(authScheme)){ 610 HttpCallbackHandler.buildBasicChallenge(res,(String )((HttpServletRequest )req).getSession(true).getServletContext().getAttribute(CoreConstants.APPLICATION_NAME)); 611 return !authenticationFailed; 612 } 613 AuditManager.addEvent(subject,"authentication failed"," redirect to "+authenticationFailedURI.getURI()); 614 615 if(authenticationFailedURI!=null && !authenticationFailedURI.getURI().equals("")){ 616 res.sendRedirect(res.encodeRedirectURL(req.getContextPath()+authenticationFailedURI.getURI())); 617 AuditManager.addEvent(subject," NOT BASIC AUTHENTICATION - user is not authenticated "," redirect to "+req.getContextPath()+authenticationFailedURI.getURI()); 618 619 }else{ 620 res.sendError(HttpServletResponse.SC_UNAUTHORIZED, " access denied "); 621 AuditManager.addEvent(subject," user is not authentication and authenticationFailedURI is not defined "," send"+HttpServletResponse.SC_UNAUTHORIZED+" code "); 622 } 623 624 }else{ 626 HttpSession oldSession = req.getSession(true); 627 String redirectURI = indexURI; 628 String lastAccessDeniedURI = (String )oldSession.getAttribute(HttpConstants.LAST_ACCESS_DENIED_URI); 629 630 HttpAuthenticationUtils httpAuthenticationUtils = HttpAuthenticationUtils.getHttpAuthenticationUtils(req,local); 636 subject = httpAuthenticationUtils.getSubject(); 637 638 if(!res.isCommitted()){ 642 oldSession.removeAttribute(HttpConstants.AUTHN_UTILS); 645 oldSession.invalidate(); 646 647 HttpSession newSession = req.getSession(true); 648 newSession.setAttribute(HttpConstants.AUTHN_UTILS,httpAuthenticationUtils); 649 } 650 651 if(lastAccessDeniedURI!=null && lastAccessDeniedURI!="") { 653 if(goToLastAccessDeniedUriOnSuccess) 654 redirectURI = lastAccessDeniedURI; 655 else { 656 URLPermission urlPermission = new URLPermission("indexURI",indexURI); 657 if(!HttpAccessControllerUtils.hasPermission(req,urlPermission)) 658 redirectURI = logonURIStr; 659 } 660 } 661 if (logger.isDebugEnabled()) { 662 logger.debug(" user is authenticated and redirected to ."+redirectURI); 663 } 664 if(res.isCommitted()){ 665 logger.warn(" response is already committed "); 666 } 667 668 AuditManager.addEvent(subject," user is authenticated "," redirect to "+redirectURI); 669 if(!res.isCommitted()){ 670 res.sendRedirect(res.encodeRedirectURL(req.getContextPath()+redirectURI)); 671 } 672 673 } 674 return !authenticationFailed; 675 } 676 677 680 public void destroy() { 681 } 683 684 685 686 691 private Map loadFilterConfiguration(String configurationLocation){ 692 Document doc = XMLUtils.read(configurationLocation); 693 694 Element authentication = doc.getRootElement().element(HttpConstants.FILTER); 695 Map filterSettings = new HashMap (); 696 filterSettings.put(HttpConstants.INDEX_URI,authentication.element(HttpConstants.INDEX_URI).getTextTrim()); 697 filterSettings.put(HttpConstants.AUTHENTICATION_FAILED_URI,authentication.element(HttpConstants.AUTHENTICATION_FAILED_URI).getTextTrim()); 698 if(authentication.element(HttpConstants.REGISTER_PROCESS_URI)!=null){ 699 filterSettings.put(HttpConstants.REGISTER_PROCESS_URI,authentication.element(HttpConstants.REGISTER_PROCESS_URI).getTextTrim()); 700 } 701 if(authentication.element(HttpConstants.REGISTER_URI)!=null){ 702 filterSettings.put(HttpConstants.REGISTER_URI,authentication.element(HttpConstants.REGISTER_URI).getTextTrim()); 703 } 704 filterSettings.put(HttpConstants.LOGON_PROCESS_URI,authentication.element(HttpConstants.LOGON_PROCESS_URI).getTextTrim()); 705 filterSettings.put(HttpConstants.LOGON_URI,authentication.element(HttpConstants.LOGON_URI).getTextTrim()); 706 707 Set logoffURIsCollection = new HashSet (); 708 Iterator itLogoffURI = authentication.element(HttpConstants.LOGOFF_URIS).elements(HttpConstants.LOGOFF_URI).iterator(); 709 while (itLogoffURI.hasNext()){ 710 logoffURIsCollection.add(((Element)itLogoffURI.next()).getTextTrim()); 711 } 712 filterSettings.put(HttpConstants.LOGOFF_URIS,logoffURIsCollection); 713 714 filterSettings.put(HttpConstants.ACCESS_DENIED_URI,authentication.element(HttpConstants.ACCESS_DENIED_URI).getTextTrim()); 715 filterSettings.put(HttpConstants.AUTH_SCHEME,authentication.element(HttpConstants.AUTH_SCHEME).getTextTrim()); 716 Element loginElement = authentication.element(HttpConstants.LOGIN_FIELD); 717 if (loginElement != null){ 718 filterSettings.put(HttpConstants.LOGIN_FIELD,loginElement.getTextTrim()); 719 } 720 Element passwordElement = authentication.element(HttpConstants.PASSWORD_FIELD); 721 if (passwordElement != null){ 722 filterSettings.put(HttpConstants.PASSWORD_FIELD,passwordElement.getTextTrim()); 723 } 724 725 Element goToLastAccessDeniedUriOnSuccessElement = authentication.element(HttpConstants.GO_TO_LAST_ACCESS_DENIED_URI_ON_SUCCESS); 726 if (goToLastAccessDeniedUriOnSuccessElement != null){ 727 filterSettings.put(HttpConstants.GO_TO_LAST_ACCESS_DENIED_URI_ON_SUCCESS,goToLastAccessDeniedUriOnSuccessElement.getTextTrim()); 728 } 729 730 return filterSettings; 731 } 732 public Permission buildPermission(HttpServletRequest request){ 733 String uriWithQuery = buildRequest(request); 734 logger.debug("uriWithQuery="+uriWithQuery); 735 StringBuffer actions = new StringBuffer (URLPermission.removeRegexpFromURI(uriWithQuery)); 737 actions.append(',').append(request.getProtocol()).append(',').append(request.getMethod()).append("permission build from the user request"); 738 URLPermission urlPermission = new URLPermission("permissionFromUser",actions.toString()); 739 return urlPermission; 740 } 741 } 742 | Popular Tags |