Java > Open Source Codes > org > jresearch > gossip > filters > AutoLoginFilter


1 /*
2  * $$Id: AutoLoginFilter.java,v 1.3 2005/06/07 12:32:26 bel70 Exp $$
3  *
4  * ***** BEGIN LICENSE BLOCK *****
5  * The contents of this file are subject to the Mozilla Public License
6  * Version 1.1 (the "License"); you may not use this file except in
7  * compliance with the License. You may obtain a copy of the License
8  * at http://www.mozilla.org/MPL/
9  *
10  * Software distributed under the License is distributed on an "AS IS"
11  * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
12  * the License for the specific language governing rights and
13  * limitations under the License.
14  *
15  * The Original Code is JGossip forum code.
16  *
17  * The Initial Developer of the Original Code is the JResearch, Org.
18  * Portions created by the Initial Developer are Copyright (C) 2004
19  * the Initial Developer. All Rights Reserved.
20  *
21  * Contributor(s):
22  * Dmitry Belov <bel@jresearch.org>
23  *
24  * ***** END LICENSE BLOCK ***** */
25 /*
26  * Created on Oct 22, 2003
27  *
28  */
29 package org.jresearch.gossip.filters;
30
31 import java.io.IOException ;
32 import java.sql.SQLException ;
33 import java.util.Date ;
34 import java.util.HashSet ;
35 import java.util.StringTokenizer ;
36
37 import javax.servlet.Filter ;
38 import javax.servlet.FilterChain ;
39 import javax.servlet.FilterConfig ;
40 import javax.servlet.ServletContext ;
41 import javax.servlet.ServletException ;
42 import javax.servlet.ServletRequest ;
43 import javax.servlet.ServletResponse ;
44 import javax.servlet.http.Cookie ;
45 import javax.servlet.http.HttpServletRequest ;
46 import javax.servlet.http.HttpSession ;
47
48 import org.jresearch.gossip.IConst;
49 import org.jresearch.gossip.beans.user.User;
50 import org.jresearch.gossip.configuration.Configurator;
51 import org.jresearch.gossip.constants.UserStatus;
52 import org.jresearch.gossip.dao.ForumDAO;
53 import org.jresearch.gossip.dao.UserDAO;
54 import org.jresearch.gossip.exception.ConfiguratorException;
55 import org.jresearch.gossip.singlesign.IUser;
56
57 /**
58  * DOCUMENT ME!
59  *
60  * @author dbelov
61  */
62 public class AutoLoginFilter implements Filter {
63
64     private String _editInfo;
65
66     private String _userRole;
67
68     private FilterConfig _config;
69
70     private static final String SAVE_PROFILE_ACTION_PATH = "/SaveProfile.do";
71
72     private HashSet _publicUris = new HashSet ();
73
74     /*
75      * (non-Javadoc)
76      *
77      * @see javax.servlet.Filter#init(javax.servlet.FilterConfig)
78      */
79     public void init(FilterConfig config) throws ServletException {
80         _config = config;
81
82         /* editInfo action */
83         _editInfo = config.getInitParameter("editInfo.action");
84
85         /* JAAS user role */
86         _userRole = config.getInitParameter("JAAS.role");
87
88         /* Public Uri */
89         String uri = config.getServletContext().getInitParameter("public.uri");
90         StringTokenizer tok = new StringTokenizer (uri, ",");
91
92         while (tok.hasMoreTokens()) {
93             String url = tok.nextToken().trim();
94             _publicUris.add(url);
95         }
96     }
97
98     /*
99      * (non-Javadoc)
100      *
101      * @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest,
102      * javax.servlet.ServletResponse, javax.servlet.FilterChain)
103      */
104     public void doFilter(ServletRequest req, ServletResponse res,
105             FilterChain chain) throws IOException , ServletException {
106         HttpServletRequest request = (HttpServletRequest ) req;
107
108         try {
109             /* Uri */
110             String uri = request.getRequestURI();
111
112             int i = uri.lastIndexOf("/");
113
114             if (i >= 0) {
115                 uri = uri.substring(i + 1);
116             }
117
118             if (isPublic(uri)) {// do not add user is session for public screen
119 _config.getServletContext().getRequestDispatcher(
120                         request.getServletPath()).forward(req, res);
121             } else {
122                 // setting up start time for this request processing
123 req.setAttribute(IConst.REQUEST.START_TIME_KEY, new Date ());
124
125                 HttpSession session = request.getSession();
126                 ServletContext application = session.getServletContext();
127
128                 // setting up max inactive interval for current session
129 int inactiveInterval;
130
131                 inactiveInterval = Integer.parseInt(Configurator.getInstance()
132                         .get(IConst.CONFIG.SESSION_LENGTH));
133
134                 if (session.getMaxInactiveInterval() != inactiveInterval) {
135                     session.setMaxInactiveInterval(inactiveInterval);
136                 }
137
138                 // try to get user from session
139 User user = (User) session
140                         .getAttribute(IConst.SESSION.USER_KEY);
141
142                 if (user != null) {
143                     // check that this user(or session) was not kicked by admin
144 ForumDAO dao = ForumDAO.getInstance();
145
146                     try {
147
148                         if (!dao.isEntryExist(session.getId())) {
149                             application.log("AutoLoginFilter: Entry for login="
150                                     + user.getName()
151                                     + " not found - User is removed ");
152                             session.removeAttribute(IConst.SESSION.USER_KEY);
153                             user = null;
154                         }
155                     } catch (SQLException sqle) {
156                         throw new ServletException (sqle);
157                     }
158                 }
159
160                 if ((user == null)
161                         || (IConst.VALUES.TRUE.equals(Configurator
162                                 .getInstance().get(
163                                         IConst.CONFIG.ENABLE_EXT_SIGN_ON)) && (user
164                                 .getStatus() == 0))) {
165                     if (IConst.VALUES.TRUE.equals(Configurator.getInstance()
166                             .get(IConst.CONFIG.ENABLE_AUTO_LOGIN))
167                             && (user == null)) {
168                         // try to get user from autologin cookie
169 user = getUserFromCookie(request);
170                         application
171                                 .log("AutoLoginFilter: try to get user from autologin cookie");
172                     }
173
174                     if (IConst.VALUES.TRUE.equals(Configurator.getInstance()
175                             .get(IConst.CONFIG.ENABLE_EXT_SIGN_ON))
176                             && ((user == null) || (user.getStatus() == 0))) {
177                         // try to get external user from session
178 application
179                                 .log("AutoLoginFilter: try to get external user ");
180                         user = getExternalUser(request);
181                     }
182
183                     if (user == null) {
184                         // set empty user for guest's logon
185 application
186                                 .log("AutoLoginFilter: user isn't loaded ,so sign on as guest ");
187
188                         user = new User(req.getRemoteAddr());
189                     }
190
191                     // save user bean in session
192 session.setAttribute(IConst.SESSION.USER_KEY, user);
193                 }
194
195                 if (IConst.VALUES.TRUE.equals(Configurator.getInstance().get(
196                         IConst.CONFIG.ENABLE_EXT_SIGN_ON))
197                         && (user.getName() != null)
198                         && (user.getInfo().getEmail() == null)) {
199                     // forward to editInfo action if external user have not
200 // filled info
201 if (request.getRequestURI().indexOf(
202                             SAVE_PROFILE_ACTION_PATH) < 0) {
203                         application
204                                 .log("AutoLoginFilter: info is empty for external user with login="
205                                         + user.getName()
206                                         + ", so forward to "
207                                         + _editInfo);
208
209                         _config.getServletContext().getRequestDispatcher(
210                                 _editInfo).forward(req, res);
211                     }
212                 }
213                 chain.doFilter(req, res);
214             }
215
216         } catch (NumberFormatException e) {
217             throw new ServletException (e);
218         } catch (ConfiguratorException e) {
219             throw new ServletException (e);
220         }
221     }
222
223     /**
224      * DOCUMENT ME!
225      *
226      * @param request
227      *
228      * @return
229      * @throws ServletException
230      * DOCUMENT ME!
231      */
232     private User getExternalUser(HttpServletRequest request)
233             throws ServletException {
234         String extUserLogin = null;
235         User user = null;
236         ServletContext application = request.getSession().getServletContext();
237
238         // try to get ext user from session
239 IUser extUser = (IUser) request.getSession().getAttribute(
240                 IConst.SESSION.EXT_USER_KEY);
241
242         if (extUser != null) {
243             extUserLogin = extUser.getName();
244         } else {
245             // try to get user login from JAAS
246 if ((request.getUserPrincipal() != null)
247                     && ((_userRole == null) || request.isUserInRole(_userRole))) {
248                 extUserLogin = request.getUserPrincipal().getName();
249             }
250         }
251
252         application.log("AutoLoginFilter: external user login=" + extUserLogin);
253
254         if (extUserLogin != null) {
255             UserDAO dao = UserDAO.getInstance();
256
257             try {
258
259                 if (!dao.isUserExist(extUserLogin)) {
260                     // create empty user with status=1 and name=extUserLogin
261 user = new User(request.getRemoteAddr());
262                     user.setName(extUserLogin);
263                     user.setStatus(UserStatus.USER);
264                 } else {
265                     user = dao.getUser(extUserLogin);
266                     user.setIp(request.getRemoteAddr());
267                 }
268
269                 application
270                         .log("AutoLoginFilter: external user is loaded with login="
271                                 + user.getName());
272             } catch (SQLException sqle) {
273                 throw new ServletException (sqle);
274             }
275         }
276
277         // TODO fill user info and save user in forum db
278 return user;
279     }
280
281     /**
282      * DOCUMENT ME!
283      *
284      * @param cookies
285      * @param name
286      *
287      * @return
288      */
289     private String getCookieValue(Cookie [] cookies, String name) {
290         if (cookies != null) {
291             for (int i = 0; i < cookies.length; i++) {
292                 Cookie c = cookies[i];
293
294                 if (name.equals(c.getName())) {
295                     return c.getValue();
296                 }
297             }
298         }
299
300         return null;
301     }
302
303     private User getUserFromCookie(HttpServletRequest request)
304             throws ServletException {
305         Cookie [] cookies = request.getCookies();
306         String userCookie = getCookieValue(cookies, IConst.COOKIE.USER_COOKIE);
307
308         User user = null;
309
310         if ((userCookie != null)) {
311             HttpSession session = request.getSession();
312             ServletContext application = session.getServletContext();
313             UserDAO dao = UserDAO.getInstance();
314             StringTokenizer login = new StringTokenizer (userCookie, "*");
315
316             if (login.countTokens() >= 2) {
317                 try {
318                     user = dao.getUserEncoded(login.nextToken(), login
319                             .nextToken());
320                 } catch (SQLException sqle) {
321                     throw new ServletException (sqle);
322                 }
323             }
324
325             if ((user != null) && user.getSettings().isAutologin()) {
326                 user.setIp(request.getRemoteAddr());
327                 application
328                         .log("AutoLoginFilter: user from cookie is loaded with login="
329                                 + user.getName());
330             } else {
331                 return null;
332             }
333         }
334
335         return user;
336     }
337
338     /*
339      * (non-Javadoc)
340      *
341      * @see javax.servlet.Filter#destroy()
342      */
343     public void destroy() {
344     }
345
346     /**
347      * DOCUMENT ME!
348      *
349      * @param uri
350      * DOCUMENT ME!
351      *
352      * @return DOCUMENT ME!
353      */
354     public boolean isPublic(String uri) {
355         return _publicUris.contains(uri);
356     }
357 }

A to Z: JavaDoc & Examples

---

Daily Java News & Articles

---

Open Source Projects

---

Open Source Codes

---

Free Computer Books

---

Remove Frame

---

Popular Tags