KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > xpetstore > web > filter > SignOnFilter


1 /*
2  * Created on 26-Feb-2003
3  */
4 package xpetstore.web.filter;
5
6 import java.io.IOException JavaDoc;
7
8 import java.util.HashMap JavaDoc;
9 import java.util.StringTokenizer JavaDoc;
10
11 import javax.servlet.Filter JavaDoc;
12 import javax.servlet.FilterChain JavaDoc;
13 import javax.servlet.FilterConfig JavaDoc;
14 import javax.servlet.ServletException JavaDoc;
15 import javax.servlet.ServletRequest JavaDoc;
16 import javax.servlet.ServletResponse JavaDoc;
17 import javax.servlet.http.HttpServletRequest JavaDoc;
18 import javax.servlet.http.HttpSession JavaDoc;
19
20 import org.apache.commons.logging.Log;
21 import org.apache.commons.logging.LogFactory;
22
23 import xpetstore.web.webwork.action.BaseAction;
24
25
26 /**
27  * This filter protects some URI and make sure that only signed-on users
28  * can access them
29  *
30  * @author <a HREF="mailto:tchbansi@sourceforge.net">Herve Tchepannou</a>
31  *
32  * @web.filter
33  * name="signon"
34  * display-name="xPetstore WebWork Signon Filter"
35  *
36  * @web.filter-mapping
37  * servlet-name="action"
38  *
39  * @web.filter-init-param
40  * name="signon.action"
41  * value="signon.action"
42  *
43  * @web.filter-init-param
44  * name="protected.uri"
45  * value="checkout.action,order.action"
46  */
47 public class SignOnFilter
48     implements Filter JavaDoc
49 {
50     //~ Static fields/initializers ---------------------------------------------
51
52     private static final Log __log = LogFactory.getLog( SignOnFilter.class );
53
54     //~ Instance fields --------------------------------------------------------
55
56     private String JavaDoc _signon;
57     private HashMap JavaDoc _protectedUris = new HashMap JavaDoc( );
58     private FilterConfig JavaDoc _config;
59
60     //~ Methods ----------------------------------------------------------------
61
62     /**
63      * @see javax.servlet.Filter#init(javax.servlet.FilterConfig)
64      */
65     public void init( FilterConfig JavaDoc config )
66         throws ServletException JavaDoc
67     {
68         __log.info( "init()" );
69
70         _config = config;
71
72         /* SignOn action */
73         _signon = config.getInitParameter( "signon.action" );
74         __log.info( "...signon.action=" + _signon );
75
76         /* Protected Uri */
77         String JavaDoc uri = config.getInitParameter( "protected.uri" );
78         StringTokenizer JavaDoc tok = new StringTokenizer JavaDoc( uri, "," );
79
80         while ( tok.hasMoreTokens( ) )
81         {
82             String JavaDoc url = tok.nextToken( );
83             _protectedUris.put( url, url );
84
85             __log.info( "...Adding URI to protect: " + url );
86         }
87     }
88
89     /**
90      * @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain)
91      */
92     public void doFilter( ServletRequest JavaDoc request,
93                           ServletResponse JavaDoc response,
94                           FilterChain JavaDoc chain )
95         throws IOException JavaDoc,
96                    ServletException JavaDoc
97     {
98         HttpServletRequest JavaDoc req = ( HttpServletRequest JavaDoc ) request;
99
100         /* Uri */
101         String JavaDoc uri = req.getRequestURI( );
102
103         if ( uri.startsWith( "/" ) )
104         {
105             uri = uri.substring( 1 );
106         }
107
108         int i = uri.indexOf( "/" );
109
110         if ( i >= 0 )
111         {
112             uri = uri.substring( i + 1 );
113         }
114         else {}
115
116         /* check if signon is required */
117         if ( isProtected( uri ) && !isSignedIn( req ) )
118         {
119             String JavaDoc forward = _signon + "?redirectUri=" + uri;
120             _config.getServletContext( ).getRequestDispatcher( forward ).forward( request, response );
121         }
122         else
123         {
124             chain.doFilter( request, response );
125         }
126     }
127
128     /**
129      * @see javax.servlet.Filter#destroy()
130      */
131     public void destroy( )
132     {
133         _protectedUris.clear( );
134     }
135
136     public boolean isProtected( String JavaDoc uri )
137     {
138         return ( _protectedUris.get( uri ) != null );
139     }
140
141     public boolean isSignedIn( HttpServletRequest JavaDoc request )
142     {
143         HttpSession JavaDoc session = request.getSession( false );
144
145         return ( session == null )
146                ? false
147                : ( session.getAttribute( BaseAction.USERID_KEY ) != null );
148     }
149 }
150
Popular Tags