1 package com.panogenesis.webapp.filter;
2
3 import java.io.IOException;
4
5 import javax.servlet.Filter;
6 import javax.servlet.FilterChain;
7 import javax.servlet.FilterConfig;
8 import javax.servlet.ServletContext;
9 import javax.servlet.ServletException;
10 import javax.servlet.ServletRequest;
11 import javax.servlet.ServletResponse;
12 import javax.servlet.http.HttpServletRequest;
13 import javax.servlet.http.HttpServletResponse;
14 import javax.servlet.http.HttpSession;
15
16 import org.apache.commons.logging.Log;
17 import org.apache.commons.logging.LogFactory;
18
19 import com.panogenesis.Constants;
20 import com.panogenesis.model.User;
21 import com.panogenesis.service.UserManager;
22 import com.panogenesis.webapp.util.RequestUtil;
23 import com.panogenesis.webapp.util.SslUtil;
24
25 import org.springframework.context.ApplicationContext;
26 import org.springframework.web.context.support.WebApplicationContextUtils;
27
28 /***
29 * This class is used to filter all requests to the <code>Action</code>
30 * servlet and detect if a user is authenticated. If a user is authenticated,
31 * but no user object exists, this class populates the <code>UserForm</code>
32 * from the user store.
33 *
34 * <p><a href="ActionFilter.java.html"><i>View Source</i></a></p>
35 *
36 * @author Matt Raible
37 * @version $Revision: 1.1 $ $Date: 2004/11/28 03:49:32 $
38 *
39 * @web.filter display-name="Action Filter" name="actionFilter"
40 *
41 * <p>Change this value to true if you want to secure your entire application.
42 * This can also be done in web-security.xml by setting <transport-guarantee>
43 * to CONFIDENTIAL.</p>
44 *
45 * @web.filter-init-param name="isSecure" value="${secure.application}"
46 */
47 public class ActionFilter implements Filter {
48 private static Boolean secure = Boolean.FALSE;
49 private final transient Log log = LogFactory.getLog(ActionFilter.class);
50 private FilterConfig config = null;
51
52 public void init(FilterConfig config) throws ServletException {
53 this.config = config;
54
55
56 secure = Boolean.valueOf(config.getInitParameter("isSecure"));
57 }
58
59 /***
60 * Destroys the filter.
61 */
62 public void destroy() {
63 config = null;
64 }
65
66 public void doFilter(ServletRequest req, ServletResponse resp,
67 FilterChain chain)
68 throws IOException, ServletException {
69
70 HttpServletRequest request = (HttpServletRequest) req;
71 HttpServletResponse response = (HttpServletResponse) resp;
72 HttpSession session = request.getSession(true);
73
74
75
76 String redirectString =
77 SslUtil.getRedirectString(request, config.getServletContext(),
78 secure.booleanValue());
79
80 if (redirectString != null) {
81 if (log.isDebugEnabled()) {
82 log.debug("protocol switch needed, redirecting to '" +
83 redirectString + "'");
84 }
85
86
87 response.sendRedirect(response.encodeRedirectURL(redirectString));
88
89
90 return;
91 }
92
93 User user = (User) session.getAttribute(Constants.USER_KEY);
94 ServletContext context = config.getServletContext();
95 String username = request.getRemoteUser();
96
97
98 if ((username != null) && (user == null)) {
99 ApplicationContext ctx =
100 WebApplicationContextUtils.getRequiredWebApplicationContext(context);
101
102 UserManager mgr = (UserManager) ctx.getBean("userManager");
103 user = mgr.getUser(username);
104 session.setAttribute(Constants.USER_KEY, user);
105
106
107 if (session.getAttribute(Constants.LOGIN_COOKIE) != null) {
108 session.removeAttribute(Constants.LOGIN_COOKIE);
109
110 String loginCookie = mgr.createLoginCookie(username);
111 RequestUtil.setCookie(response, Constants.LOGIN_COOKIE,
112 loginCookie, request.getContextPath());
113 }
114 }
115
116 chain.doFilter(request, response);
117 }
118 }