AdminOnlyFilter


1   /*
2    * AdminOnlyFilter.java
3    *
4    * Version: $Revision: 1.7 $
5    *
6    * Date: $Date: 2005/10/17 03:35:45 $
7    *
8    * Copyright (c) 2002-2005, Hewlett-Packard Company and Massachusetts
9    * Institute of Technology.  All rights reserved.
10   *
11   * Redistribution and use in source and binary forms, with or without
12   * modification, are permitted provided that the following conditions are
13   * met:
14   *
15   * - Redistributions of source code must retain the above copyright
16   * notice, this list of conditions and the following disclaimer.
17   *
18   * - Redistributions in binary form must reproduce the above copyright
19   * notice, this list of conditions and the following disclaimer in the
20   * documentation and/or other materials provided with the distribution.
21   *
22   * - Neither the name of the Hewlett-Packard Company nor the name of the
23   * Massachusetts Institute of Technology nor the names of their
24   * contributors may be used to endorse or promote products derived from
25   * this software without specific prior written permission.
26   *
27   * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
28   * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
29   * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
30   * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
31   * HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
32   * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
33   * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
34   * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
35   * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
36   * TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
37   * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
38   * DAMAGE.
39   */
40  package org.dspace.app.webui.filter;
41  
42  import java.io.IOException  ;
43  import java.sql.SQLException  ;
44  
45  import javax.servlet.Filter  ;
46  import javax.servlet.FilterChain  ;
47  import javax.servlet.FilterConfig  ;
48  import javax.servlet.ServletException  ;
49  import javax.servlet.ServletRequest  ;
50  import javax.servlet.ServletResponse  ;
51  import javax.servlet.http.HttpServletRequest  ;
52  import javax.servlet.http.HttpServletResponse  ;
53  
54  import org.apache.log4j.Logger;
55  import org.dspace.app.webui.util.Authenticate;
56  import org.dspace.app.webui.util.JSPManager;
57  import org.dspace.app.webui.util.UIUtil;
58  import org.dspace.authorize.AuthorizeManager;
59  import org.dspace.core.Context;
60  import org.dspace.core.LogManager;
61  
62  /**
63   * DSpace filter that only allows requests from authenticated administrators to
64   * proceed. Anonymous requests prompt the authentication procedure. Requests
65   * from authenticated non-admins result in an authorisation error.
66   * 
67   * @author Robert Tansley
68   * @version $Revision: 1.7 $
69   */
70  public class AdminOnlyFilter implements Filter  
71  {
72      /** log4j category */
73      private static Logger log = Logger.getLogger(RegisteredOnlyFilter.class);
74  
75      public void init(FilterConfig   config)
76      {
77          // Do nothing
78      }
79  
80      public void doFilter(ServletRequest   request, ServletResponse   response,
81              FilterChain   chain) throws ServletException  , IOException  
82      {
83          Context context = null;
84  
85          // We need HTTP request objects
86          HttpServletRequest   hrequest = (HttpServletRequest  ) request;
87          HttpServletResponse   hresponse = (HttpServletResponse  ) response;
88  
89          try
90          {
91              // Obtain a context
92              context = UIUtil.obtainContext(hrequest);
93  
94              // Continue if logged in or startAuthentication finds a user;
95              // otherwise it will issue redirect so just return.
96              if (context.getCurrentUser() != null ||
97                  Authenticate.startAuthentication(context, hrequest, hresponse))
98              {
99                  // User is authenticated
100                 if (AuthorizeManager.isAdmin(context))
101                 {
102                     // User is an admin, allow request to proceed
103                     chain.doFilter(hrequest, hresponse);
104                 }
105                 else
106                 {
107                     // User is not an admin
108                     log.info(LogManager.getHeader(context, "admin_only", ""));
109                     JSPManager.showAuthorizeError(hrequest, hresponse, null);
110                 }
111             }
112         }
113         catch (SQLException   se)
114         {
115             log.warn(LogManager.getHeader(context, "database_error", se
116                     .toString()), se);
117             JSPManager.showInternalError(hrequest, hresponse);
118         }
119 
120         // Abort the context if it's still valid
121         if ((context != null) && context.isValid())
122         {
123             context.abort();
124         }
125     }
126 
127     public void destroy()
128     {
129         // Nothing
130     }
131 }
132
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags