LoginFilter xref

View Javadoc

1   package com.panogenesis.webapp.filter;
2   
3   import java.io.IOException;
4   
5   import javax.servlet.Filter;
6   import javax.servlet.FilterChain;
7   import javax.servlet.FilterConfig;
8   import javax.servlet.RequestDispatcher;
9   import javax.servlet.ServletException;
10  import javax.servlet.ServletRequest;
11  import javax.servlet.ServletResponse;
12  import javax.servlet.http.Cookie;
13  import javax.servlet.http.HttpServletRequest;
14  import javax.servlet.http.HttpServletResponse;
15  
16  import org.apache.commons.lang.StringUtils;
17  import org.apache.commons.logging.Log;
18  import org.apache.commons.logging.LogFactory;
19  import com.panogenesis.Constants;
20  import com.panogenesis.model.User;
21  import com.panogenesis.service.UserManager;
22  import com.panogenesis.util.StringUtil;
23  import com.panogenesis.webapp.util.RequestUtil;
24  import org.springframework.web.context.WebApplicationContext;
25  
26  
27  /***
28   * <p>Intercepts Login requests for "Remember Me" functionality.</p>
29   *
30   * <p>
31   * <a href="LoginFilter.java.html"><i>View Source</i></a>
32   * </p>
33   *
34   * @author <a href="mailto:matt@raibledesigns.com">Matt Raible</a>
35   * @version $Revision: 1.1 $ $Date: 2004/11/28 03:49:32 $
36   *
37   * @web.filter display-name="Login Filter" name="loginFilter"
38   * @web.filter-init-param name="enabled" value="${rememberMe.enabled}"
39   */
40  public final class LoginFilter implements Filter {
41      //~ Instance fields ========================================================
42  
43      private transient final Log log = LogFactory.getLog(LoginFilter.class);
44      private FilterConfig config = null;
45      private boolean enabled = true;
46  
47      //~ Methods ================================================================
48  
49      public void doFilter(ServletRequest req, ServletResponse resp,
50                           FilterChain chain)
51                    throws IOException, ServletException {
52  
53          HttpServletRequest request = (HttpServletRequest) req;
54          HttpServletResponse response = (HttpServletResponse) resp;
55  
56          // See if the user has a remember me cookie
57          Cookie c = RequestUtil.getCookie(request, Constants.LOGIN_COOKIE);
58  
59          WebApplicationContext context =
60              (WebApplicationContext) config.getServletContext().getAttribute
61              (WebApplicationContext.ROOT_WEB_APPLICATION_CONTEXT_ATTRIBUTE);
62          UserManager mgr = (UserManager) context.getBean("userManager");
63  
64          // Check to see if the user is logging out, if so, remove all
65          // login cookies
66          if (request.getRequestURL().indexOf("logout") != -1 &&
67                  request.getRemoteUser() != null) {
68              // make sure user's session hasn't timed out
69              if (request.getRemoteUser() != null) {
70                  if (log.isDebugEnabled()) {
71                      log.debug("logging out '" + request.getRemoteUser() + "'");
72                  }
73  
74                  mgr.removeLoginCookies(request.getRemoteUser());
75                  RequestUtil.deleteCookie(response, c, request.getContextPath());
76                  request.getSession().invalidate();
77              }
78          } else if (c != null && enabled) {
79              String loginCookie = mgr.checkLoginCookie(c.getValue());
80  
81              if (loginCookie != null) {
82                  RequestUtil.setCookie(response, Constants.LOGIN_COOKIE,
83                                        loginCookie,
84                                        request.getContextPath());
85                  loginCookie = StringUtil.decodeString(loginCookie);
86  
87                  String[] value = StringUtils.split(loginCookie, '|');
88  
89                  User user = mgr.getUser(value[0]);
90  
91                  // authenticate user without displaying login page
92                  String route = "/authorize?j_username=" +
93                                 user.getUsername() + "&j_password=" +
94                                 user.getPassword();
95  
96                  request.setAttribute("encrypt", "false");
97                  request.getSession(true).setAttribute("cookieLogin",
98                                                        "true");
99  
100                 if (log.isDebugEnabled()) {
101                     log.debug("I remember you '" + user.getUsername() +
102                               "', attempting to authenticate...");
103                 }
104 
105                 RequestDispatcher dispatcher =
106                     request.getRequestDispatcher(route);
107                 dispatcher.forward(request, response);
108 
109                 return;
110             }
111         }
112 
113         chain.doFilter(req, resp);
114     }
115 
116     /***
117      * Initialize controller values of filter.
118      */
119     public void init(FilterConfig config) {
120         this.config = config;
121 
122         String param = config.getInitParameter("enabled");
123         enabled = Boolean.valueOf(param).booleanValue();
124 
125         if (log.isDebugEnabled()) {
126             log.debug("Remember Me enabled: " + enabled);
127         }
128 
129         config.getServletContext()
130               .setAttribute("rememberMeEnabled",
131                             config.getInitParameter("enabled"));
132     }
133 
134     /***
135      * destroy any instance values other than config *
136      */
137     public void destroy() {
138     }
139 }