| Line | Hits | Source |
|---|---|---|
| 1 | /* | |
| 2 | Chrysalis Web Framework [http://chrysalis.sourceforge.net] | |
| 3 | Copyright (c) 2002, 2003, 2004, Paul Strack | |
| 4 | ||
| 5 | All rights reserved. | |
| 6 | ||
| 7 | Redistribution and use in source and binary forms, with or without | |
| 8 | modification, are permitted provided that the following conditions are met: | |
| 9 | ||
| 10 | 1. Redistributions of source code must retain the above copyright notice, this | |
| 11 | list of conditions and the following disclaimer. | |
| 12 | ||
| 13 | 2. Redistributions in binary form must reproduce the above copyright notice, | |
| 14 | this list of conditions and the following disclaimer in the documentation | |
| 15 | and/or other materials provided with the distribution. | |
| 16 | ||
| 17 | 3. Neither the name of the copyright holder nor the names of its contributors | |
| 18 | may be used to endorse or promote products derived from this software without | |
| 19 | specific prior written permission. | |
| 20 | ||
| 21 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND | |
| 22 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED | |
| 23 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE | |
| 24 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR | |
| 25 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES | |
| 26 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
| 27 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON | |
| 28 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | |
| 29 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS | |
| 30 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
| 31 | */ | |
| 32 | ||
| 33 | package org.chwf.servlet.view; | |
| 34 | ||
| 35 | import java.io.IOException; | |
| 36 | ||
| 37 | import javax.servlet.FilterChain; | |
| 38 | import javax.servlet.ServletException; | |
| 39 | import javax.servlet.http.HttpServletRequest; | |
| 40 | import javax.servlet.http.HttpServletResponse; | |
| 41 | ||
| 42 | import org.chwf.plugin.AuthenticationException; | |
| 43 | import org.chwf.plugin.User; | |
| 44 | import org.chwf.servlet.ServletUtils; | |
| 45 | import org.chwf.servlet.engine.RedirectFilter; | |
| 46 | import org.chwf.servlet.filter.FilterSupport; | |
| 47 | ||
| 48 | /** | |
| 49 | * <p>A filter managing security for web pages.</p> | |
| 50 | * | |
| 51 | * @author <a href="mailto:pfstrack@users.sourceforge.net">Paul Strack</a> | |
| 52 | */ | |
| 53 | 7 | public class SecurityFilter extends FilterSupport { |
| 54 | ||
| 55 | /** | |
| 56 | * Check security and either (a) redirect to the login page or (b) throw | |
| 57 | * an exception. | |
| 58 | * | |
| 59 | * @param request The request. | |
| 60 | * @param response The response. | |
| 61 | * @param chain The filter chain. | |
| 62 | * @throws ServletException For servlet exceptions. | |
| 63 | * @throws IOException For IO exceptions. | |
| 64 | */ | |
| 65 | public void doHttpFilter( | |
| 66 | HttpServletRequest request, | |
| 67 | HttpServletResponse response, | |
| 68 | FilterChain chain) | |
| 69 | throws IOException, ServletException { | |
| 70 | ||
| 71 | 3 | PageConfig config = PageConfig.getPageConfig(request); |
| 72 | try { | |
| 73 | 3 | String[] roles = config.getSecurityRoles(); |
| 74 | 3 | if (roles.length > 0) { |
| 75 | 1 | User user = User.getInstance(); |
| 76 | 1 | if (user.isAuthenticated()) { |
| 77 | 0 | user.check(roles); |
| 78 | } else { | |
| 79 | 1 | redirectToLogin(request, response, config); |
| 80 | 1 | return; |
| 81 | } | |
| 82 | } | |
| 83 | 2 | chain.doFilter(request, response); |
| 84 | 2 | } catch (AuthenticationException ex) { |
| 85 | 0 | throw new ServletException(ex); // Rethrow error |
| 86 | } | |
| 87 | 2 | } |
| 88 | ||
| 89 | /** | |
| 90 | * Redirect to login page, or throw an error if there is no login page. | |
| 91 | * | |
| 92 | * @param request The request. | |
| 93 | * @param response The response. | |
| 94 | * @param config The page config. | |
| 95 | * @throws ServletException If there is no login page (wraps an | |
| 96 | * {@link org.chwf.plugin.AuthenticationException}). | |
| 97 | * @throws IOException For redirect errors. | |
| 98 | */ | |
| 99 | private void redirectToLogin( | |
| 100 | HttpServletRequest request, | |
| 101 | HttpServletResponse response, | |
| 102 | PageConfig config) | |
| 103 | throws ServletException, IOException { | |
| 104 | ||
| 105 | 1 | String loginPage = config.getSecurityLogin(); |
| 106 | 1 | if (loginPage == null) { |
| 107 | 0 | AuthenticationException ex = |
| 108 | new AuthenticationException( | |
| 109 | AuthenticationException.MESSAGE_USER_NOT_AUTHENTICATED); | |
| 110 | 0 | throw new ServletException(ex); |
| 111 | } | |
| 112 | 1 | String uri = ServletUtils.getURLWithQueryString(request).toString(); |
| 113 | 1 | uri = ServletUtils.encode(uri); |
| 114 | 1 | String redirect = loginPage + "?" + User.REDIRECT_PARAMETER + "=" + uri; |
| 115 | 1 | RedirectFilter.redirect(request, response, redirect); |
| 116 | 1 | } |
| 117 | } |
|
this report was generated by version 1.0.5 of jcoverage. |
copyright © 2003, jcoverage ltd. all rights reserved. |