1 25 29 package org.jresearch.gossip.filters; 30 31 import java.io.IOException ; 32 import java.sql.SQLException ; 33 import java.util.Date ; 34 import java.util.HashSet ; 35 import java.util.StringTokenizer ; 36 37 import javax.servlet.Filter ; 38 import javax.servlet.FilterChain ; 39 import javax.servlet.FilterConfig ; 40 import javax.servlet.ServletContext ; 41 import javax.servlet.ServletException ; 42 import javax.servlet.ServletRequest ; 43 import javax.servlet.ServletResponse ; 44 import javax.servlet.http.Cookie ; 45 import javax.servlet.http.HttpServletRequest ; 46 import javax.servlet.http.HttpSession ; 47 48 import org.jresearch.gossip.IConst; 49 import org.jresearch.gossip.beans.user.User; 50 import org.jresearch.gossip.configuration.Configurator; 51 import org.jresearch.gossip.constants.UserStatus; 52 import org.jresearch.gossip.dao.ForumDAO; 53 import org.jresearch.gossip.dao.UserDAO; 54 import org.jresearch.gossip.exception.ConfiguratorException; 55 import org.jresearch.gossip.singlesign.IUser; 56 57 62 public class AutoLoginFilter implements Filter { 63 64 private String _editInfo; 65 66 private String _userRole; 67 68 private FilterConfig _config; 69 70 private static final String SAVE_PROFILE_ACTION_PATH = "/SaveProfile.do"; 71 72 private HashSet _publicUris = new HashSet (); 73 74 79 public void init(FilterConfig config) throws ServletException { 80 _config = config; 81 82 83 _editInfo = config.getInitParameter("editInfo.action"); 84 85 86 _userRole = config.getInitParameter("JAAS.role"); 87 88 89 String uri = config.getServletContext().getInitParameter("public.uri"); 90 StringTokenizer tok = new StringTokenizer (uri, ","); 91 92 while (tok.hasMoreTokens()) { 93 String url = tok.nextToken().trim(); 94 _publicUris.add(url); 95 } 96 } 97 98 104 public void doFilter(ServletRequest req, ServletResponse res, 105 FilterChain chain) throws IOException , ServletException { 106 HttpServletRequest request = (HttpServletRequest ) req; 107 108 try { 109 110 String uri = request.getRequestURI(); 111 112 int i = uri.lastIndexOf("/"); 113 114 if (i >= 0) { 115 uri = uri.substring(i + 1); 116 } 117 118 if (isPublic(uri)) { _config.getServletContext().getRequestDispatcher( 120 request.getServletPath()).forward(req, res); 121 } else { 122 req.setAttribute(IConst.REQUEST.START_TIME_KEY, new Date ()); 124 125 HttpSession session = request.getSession(); 126 ServletContext application = session.getServletContext(); 127 128 int inactiveInterval; 130 131 inactiveInterval = Integer.parseInt(Configurator.getInstance() 132 .get(IConst.CONFIG.SESSION_LENGTH)); 133 134 if (session.getMaxInactiveInterval() != inactiveInterval) { 135 session.setMaxInactiveInterval(inactiveInterval); 136 } 137 138 User user = (User) session 140 .getAttribute(IConst.SESSION.USER_KEY); 141 142 if (user != null) { 143 ForumDAO dao = ForumDAO.getInstance(); 145 146 try { 147 148 if (!dao.isEntryExist(session.getId())) { 149 application.log("AutoLoginFilter: Entry for login=" 150 + user.getName() 151 + " not found - User is removed "); 152 session.removeAttribute(IConst.SESSION.USER_KEY); 153 user = null; 154 } 155 } catch (SQLException sqle) { 156 throw new ServletException (sqle); 157 } 158 } 159 160 if ((user == null) 161 || (IConst.VALUES.TRUE.equals(Configurator 162 .getInstance().get( 163 IConst.CONFIG.ENABLE_EXT_SIGN_ON)) && (user 164 .getStatus() == 0))) { 165 if (IConst.VALUES.TRUE.equals(Configurator.getInstance() 166 .get(IConst.CONFIG.ENABLE_AUTO_LOGIN)) 167 && (user == null)) { 168 user = getUserFromCookie(request); 170 application 171 .log("AutoLoginFilter: try to get user from autologin cookie"); 172 } 173 174 if (IConst.VALUES.TRUE.equals(Configurator.getInstance() 175 .get(IConst.CONFIG.ENABLE_EXT_SIGN_ON)) 176 && ((user == null) || (user.getStatus() == 0))) { 177 application 179 .log("AutoLoginFilter: try to get external user "); 180 user = getExternalUser(request); 181 } 182 183 if (user == null) { 184 application 186 .log("AutoLoginFilter: user isn't loaded ,so sign on as guest "); 187 188 user = new User(req.getRemoteAddr()); 189 } 190 191 session.setAttribute(IConst.SESSION.USER_KEY, user); 193 } 194 195 if (IConst.VALUES.TRUE.equals(Configurator.getInstance().get( 196 IConst.CONFIG.ENABLE_EXT_SIGN_ON)) 197 && (user.getName() != null) 198 && (user.getInfo().getEmail() == null)) { 199 if (request.getRequestURI().indexOf( 202 SAVE_PROFILE_ACTION_PATH) < 0) { 203 application 204 .log("AutoLoginFilter: info is empty for external user with login=" 205 + user.getName() 206 + ", so forward to " 207 + _editInfo); 208 209 _config.getServletContext().getRequestDispatcher( 210 _editInfo).forward(req, res); 211 } 212 } 213 chain.doFilter(req, res); 214 } 215 216 } catch (NumberFormatException e) { 217 throw new ServletException (e); 218 } catch (ConfiguratorException e) { 219 throw new ServletException (e); 220 } 221 } 222 223 232 private User getExternalUser(HttpServletRequest request) 233 throws ServletException { 234 String extUserLogin = null; 235 User user = null; 236 ServletContext application = request.getSession().getServletContext(); 237 238 IUser extUser = (IUser) request.getSession().getAttribute( 240 IConst.SESSION.EXT_USER_KEY); 241 242 if (extUser != null) { 243 extUserLogin = extUser.getName(); 244 } else { 245 if ((request.getUserPrincipal() != null) 247 && ((_userRole == null) || request.isUserInRole(_userRole))) { 248 extUserLogin = request.getUserPrincipal().getName(); 249 } 250 } 251 252 application.log("AutoLoginFilter: external user login=" + extUserLogin); 253 254 if (extUserLogin != null) { 255 UserDAO dao = UserDAO.getInstance(); 256 257 try { 258 259 if (!dao.isUserExist(extUserLogin)) { 260 user = new User(request.getRemoteAddr()); 262 user.setName(extUserLogin); 263 user.setStatus(UserStatus.USER); 264 } else { 265 user = dao.getUser(extUserLogin); 266 user.setIp(request.getRemoteAddr()); 267 } 268 269 application 270 .log("AutoLoginFilter: external user is loaded with login=" 271 + user.getName()); 272 } catch (SQLException sqle) { 273 throw new ServletException (sqle); 274 } 275 } 276 277 return user; 279 } 280 281 289 private String getCookieValue(Cookie [] cookies, String name) { 290 if (cookies != null) { 291 for (int i = 0; i < cookies.length; i++) { 292 Cookie c = cookies[i]; 293 294 if (name.equals(c.getName())) { 295 return c.getValue(); 296 } 297 } 298 } 299 300 return null; 301 } 302 303 private User getUserFromCookie(HttpServletRequest request) 304 throws ServletException { 305 Cookie [] cookies = request.getCookies(); 306 String userCookie = getCookieValue(cookies, IConst.COOKIE.USER_COOKIE); 307 308 User user = null; 309 310 if ((userCookie != null)) { 311 HttpSession session = request.getSession(); 312 ServletContext application = session.getServletContext(); 313 UserDAO dao = UserDAO.getInstance(); 314 StringTokenizer login = new StringTokenizer (userCookie, "*"); 315 316 if (login.countTokens() >= 2) { 317 try { 318 user = dao.getUserEncoded(login.nextToken(), login 319 .nextToken()); 320 } catch (SQLException sqle) { 321 throw new ServletException (sqle); 322 } 323 } 324 325 if ((user != null) && user.getSettings().isAutologin()) { 326 user.setIp(request.getRemoteAddr()); 327 application 328 .log("AutoLoginFilter: user from cookie is loaded with login=" 329 + user.getName()); 330 } else { 331 return null; 332 } 333 } 334 335 return user; 336 } 337 338 343 public void destroy() { 344 } 345 346 354 public boolean isPublic(String uri) { 355 return _publicUris.contains(uri); 356 } 357 } | Popular Tags |