KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > jresearch > gossip > filters > SignOnFilter


1 /*
2  * $$Id: SignOnFilter.java,v 1.3 2005/06/07 12:32:26 bel70 Exp $$
3  *
4  * ***** BEGIN LICENSE BLOCK *****
5  * The contents of this file are subject to the Mozilla Public License
6  * Version 1.1 (the "License"); you may not use this file except in
7  * compliance with the License. You may obtain a copy of the License
8  * at http://www.mozilla.org/MPL/
9  *
10  * Software distributed under the License is distributed on an "AS IS"
11  * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
12  * the License for the specific language governing rights and
13  * limitations under the License.
14  *
15  * The Original Code is JGossip forum code.
16  *
17  * The Initial Developer of the Original Code is the JResearch, Org.
18  * Portions created by the Initial Developer are Copyright (C) 2004
19  * the Initial Developer. All Rights Reserved.
20  *
21  * Contributor(s):
22  * Dmitry Belov <bel@jresearch.org>
23  *
24  * ***** END LICENSE BLOCK ***** */
25 /*
26  * Created on 26-Feb-2003
27  */
28 package org.jresearch.gossip.filters;
29
30 import java.io.IOException JavaDoc;
31 import java.util.HashMap JavaDoc;
32
33 import javax.servlet.Filter JavaDoc;
34 import javax.servlet.FilterChain JavaDoc;
35 import javax.servlet.FilterConfig JavaDoc;
36 import javax.servlet.ServletException JavaDoc;
37 import javax.servlet.ServletRequest JavaDoc;
38 import javax.servlet.ServletResponse JavaDoc;
39 import javax.servlet.http.HttpServletRequest JavaDoc;
40 import javax.servlet.http.HttpSession JavaDoc;
41
42 import org.jresearch.gossip.IConst;
43 import org.jresearch.gossip.am.StrutsConfigurationHelperAction;
44 import org.jresearch.gossip.am.StrutsPermissionMapping;
45 import org.jresearch.gossip.am.model.IPermissionGuard;
46 import org.jresearch.gossip.am.values.PermissionPoint;
47 import org.jresearch.gossip.beans.user.User;
48 import org.jresearch.gossip.configuration.Configurator;
49 import org.jresearch.gossip.constants.UserStatus;
50 import org.jresearch.gossip.exception.ConfiguratorException;
51 import org.jresearch.gossip.exception.SystemException;
52 import org.jresearch.gossip.log.LogLevel;
53 import org.jresearch.gossip.log.avalon.JGossipLog;
54
55 /**
56  * This filter protects some URI and make sure that only signed-on users can
57  * access them
58  */
59 public class SignOnFilter implements Filter JavaDoc {
60
61     private String JavaDoc _signon;
62
63     private String JavaDoc _denied;
64
65     private FilterConfig JavaDoc _config;
66
67     private static HashMap JavaDoc permissionMapping;
68
69     /**
70      * @see javax.servlet.Filter#init(javax.servlet.FilterConfig)
71      */
72     public void init(FilterConfig JavaDoc config) throws ServletException JavaDoc {
73         _config = config;
74
75         /* SignOn action */
76         _signon = config.getInitParameter("signon.action");
77
78         _denied = config.getInitParameter("denied.action");
79     }
80
81     /**
82      * @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest,
83      * javax.servlet.ServletResponse, javax.servlet.FilterChain)
84      */
85     public void doFilter(ServletRequest JavaDoc request, ServletResponse JavaDoc response,
86             FilterChain JavaDoc chain) throws IOException JavaDoc, ServletException JavaDoc {
87         HttpServletRequest JavaDoc req = (HttpServletRequest JavaDoc) request;
88
89         try {
90             if (checkPermission(req)) {
91                 chain.doFilter(request, response);
92             } else {
93                 HttpSession JavaDoc session = req.getSession();
94                 JGossipLog.audit(LogLevel.WARN, (User) session
95                         .getAttribute(IConst.SESSION.USER_KEY),
96                         " attempted to access " + req.getRequestURI(), session);
97                 if (!isSignedIn(req.getSession())) {
98                     String JavaDoc uri = req.getRequestURI();
99                     int i = uri.lastIndexOf("/");
100                     if (i >= 0) {
101                         uri = uri.substring(i);
102                     }
103                     request.setAttribute(IConst.REQUEST.REDIRECT_URL, uri
104                             + ((req.getQueryString() != null) ? ("?" + req
105                                     .getQueryString()) : ""));
106                     _config.getServletContext().getRequestDispatcher(
107                             getSignOnUrl()).forward(request, response);
108
109                 } else {
110                     _config.getServletContext().getRequestDispatcher(_denied)
111                             .forward(request, response);
112                 }
113             }
114         } catch (SystemException e) {
115             throw new ServletException JavaDoc(e);
116         }
117     }
118
119     /**
120      * @param req
121      * @return
122      */
123     private String JavaDoc getPath(HttpServletRequest JavaDoc req) {
124         String JavaDoc uri = req.getRequestURI();
125
126         int i = uri.lastIndexOf("/");
127         int j = uri.lastIndexOf(".do");
128         if (i >= 0 && j > 0) {
129             uri = uri.substring(i, j);
130         }
131         req.getSession().getServletContext().log(uri);
132         return uri;
133     }
134
135     /**
136      * @return
137      * @throws ServletException
138      */
139     private String JavaDoc getSignOnUrl() throws ServletException JavaDoc {
140         try {
141             if (IConst.VALUES.FALSE.equals(Configurator.getInstance().get(
142                     IConst.CONFIG.ENABLE_FORUM_SIGN_ON))) {
143                 return Configurator.getInstance().get(
144                         IConst.CONFIG.EXT_LOGON_ACTION_URL);
145             }
146         } catch (ConfiguratorException e) {
147             throw new ServletException JavaDoc(e);
148         }
149
150         return _signon;
151     }
152
153     /**
154      * @param request
155      * @return
156      * @throws SystemException
157      */
158     private boolean checkPermission(HttpServletRequest JavaDoc request)
159             throws SystemException {
160         IPermissionGuard guard = getGuard(request);
161         PermissionPoint point = getPermissionPoint(request);
162
163         if (point == null) {
164             return true;
165         }
166         return guard.checkPermission(point);
167     }
168
169     /**
170      * @param request
171      * @return
172      * @throws SystemException
173      */
174     private IPermissionGuard getGuard(HttpServletRequest JavaDoc request)
175             throws SystemException {
176
177         HttpSession JavaDoc session = request.getSession();
178         IPermissionGuard guard = (IPermissionGuard) session
179                 .getAttribute(IConst.SESSION.PERMISSION_GUARD_KEY);
180         return guard;
181     }
182
183     /**
184      * @param session
185      * @return
186      */
187     private boolean isSignedIn(HttpSession JavaDoc session) {
188         User user = (User) session.getAttribute(IConst.SESSION.USER_KEY);
189         if (user.getStatus() != UserStatus.GUEST) {
190             return true;
191         }
192
193         return false;
194     }
195
196     /**
197      * @param request
198      * @return
199      * @throws ConfiguratorException
200      */
201     private PermissionPoint getPermissionPoint(HttpServletRequest JavaDoc request)
202             throws SystemException {
203         if (permissionMapping == null) {
204             permissionMapping = StrutsConfigurationHelperAction
205                     .retrieveStrutsActionMapping(request.getSession()
206                             .getServletContext());
207         }
208         StrutsPermissionMapping spm = (StrutsPermissionMapping) permissionMapping
209                 .get(getPath(request));
210         PermissionPoint point = null;
211         if (spm != null) {
212             point = new PermissionPoint(spm.getAmObjectId().intValue(), spm
213                     .getAmOperationId().intValue());
214         }
215         return point;
216     }
217
218     /**
219      * @see javax.servlet.Filter#destroy()
220      */
221     public void destroy() {
222
223     }
224
225 }
Popular Tags