KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > uk > org > primrose > web > SecurityFilter


1 /**
2 * Library name : Primrose - A Java Database Connection Pool.
3 * Published by Ben Keeping, http://primrose.org.uk .
4 * Copyright (C) 2004 Ben Keeping, primrose.org.uk
5 * Email: Use "Contact Us Form" on website
6 *
7 * This library is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU Lesser General Public
9 * License as published by the Free Software Foundation; either
10 * version 2.1 of the License, or (at your option) any later version.
11 *
12 * This library is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * Lesser General Public License for more details.
16 *
17 * You should have received a copy of the GNU Lesser General Public
18 * License along with this library; if not, write to the Free Software
19 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
20 */

21
22 package uk.org.primrose.web;
23
24 // Servlet Classes
25
import javax.servlet.Filter JavaDoc;
26 import javax.servlet.FilterConfig JavaDoc;
27 import javax.servlet.FilterChain JavaDoc;
28 import javax.servlet.ServletContext JavaDoc;
29 import javax.servlet.ServletRequest JavaDoc;
30 import javax.servlet.ServletResponse JavaDoc;
31 import javax.servlet.ServletException JavaDoc;
32 import javax.servlet.http.HttpServletRequest JavaDoc;
33 import javax.servlet.http.HttpServletResponse JavaDoc;
34
35 // Core Java Classes
36
import java.io.IOException JavaDoc;
37 import java.util.Date JavaDoc;
38
39
40 /**
41  * A Tomcat Filter which intercepts the request object and determines whether or not
42  * the user has a cookie which permits usage of this web-app. If not, they are
43  * redirected to the default login page of the <code>properties.login</code> file.
44  *
45  * @author MJD(original, hacked by BK !)
46  */

47 public class SecurityFilter implements Filter JavaDoc {
48     // Global Variables
49
private FilterConfig JavaDoc config = null;
50
51
52     /**
53      * This method must be declared in order to implement Filter and contains
54      * all the initialisation for the class.
55      *
56      * @param config A <code>FilterConfig</code> instance
57      */

58     public void init(FilterConfig JavaDoc config) throws ServletException JavaDoc {
59         this.config = config;
60     }
61
62     /**
63      * This method must be declared in order to implement Filter and is called
64      * when the class is passed to garbage collection
65      */

66     public void destroy() {
67         config = null;
68     }
69
70     /**
71      * This method must be declared in order to implement Filter and is called
72      * automatically during both the request and reponse parts of a user request
73      * to the server.
74      *
75      * @param request A <code>ServletRequest</code> object (must be cast to be used as an <code>HttpServletRequest</code> object).
76      * @param response A <code>ServletResponse</code> object (must be cast to be used as an <code>HttpServletResponse</code> object).
77      * @param chain A <code>FilterChain</code> object (must be passed onwards to continue the request/response chain).
78      */

79     public void doFilter(ServletRequest JavaDoc request, ServletResponse JavaDoc response, FilterChain JavaDoc chain) throws IOException JavaDoc, ServletException JavaDoc {
80         HttpServletRequest JavaDoc httpRequest = (HttpServletRequest JavaDoc)request;
81         HttpServletResponse JavaDoc httpResponse = (HttpServletResponse JavaDoc)response;
82         String JavaDoc uri = httpRequest.getRequestURI();
83         if (uri.indexOf("/primrose/") != -1) uri = uri.replaceAll("/primrose/", "/");
84         String JavaDoc[] parts = uri.split("/");
85         String JavaDoc referer = httpRequest.getHeader("referer");
86         if (referer == null) referer = "";
87
88
89         System.err.println("Referer : " +referer +", RemoteAddr : " +httpRequest.getRemoteAddr() +", URL : " +uri +", Date : " +(new java.util.Date JavaDoc()));
90         //System.err.println((referer.indexOf("primrose") == -1 && (parts[parts.length -1].trim().endsWith(".js") || parts[parts.length -1].trim().endsWith(".css"))));
91

92         // Don't let people browse directories, redirect them
93
if (parts.length == 0 || parts[parts.length -1].indexOf(".") == -1) {
94             System.err.println("[SecurityFilter] Rejecting request for " +uri +", forwarding to home.jsp " +new Date JavaDoc());
95             httpResponse.sendRedirect("/home.jsp");
96         // Don't let people download the .js or .css files if the referer is not our site
97
//} else if(referer.indexOf("primrose") == -1 && (parts[parts.length -1].trim().endsWith(".js") || parts[parts.length -1].trim().endsWith(".css"))) {
98
// System.err.println("[SecurityFilter] Rejecting request js/css file, forwarding to home.jsp " +new Date());
99
// httpResponse.sendRedirect("/primrose/home.jsp");
100
// They passed - let them through !
101
} else {
102             //System.err.println("[SecurityFilter] Allowing " +uri);
103
chain.doFilter(request, response);
104         }
105
106     }
107
108 }
109
Popular Tags