ExplorerFilter.java

package org.activiti.explorer.filter;

import java.io.IOException;
import java.util.ArrayList;
import java.util.List;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.activiti.explorer.Constants;

public class ExplorerFilter implements Filter {
  
  private List<String> ignoreList = new ArrayList<String>();

  @Override
  public void init(FilterConfig filterConfig) throws ServletException {
    ignoreList.add("/ui");
    ignoreList.add("/VAADIN");
    ignoreList.add("/modeler.html");
    ignoreList.add("/editor-app");
    ignoreList.add("/service");
    ignoreList.add("/diagram-viewer");
  }

  @Override
  public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
    HttpServletRequest req = (HttpServletRequest) request;
    String path = req.getRequestURI().substring(req.getContextPath().length());
    int indexSlash = path.indexOf("/", 1);
    String firstPart = null;
    if (indexSlash > 0) {
      firstPart = path.substring(0, indexSlash);
    } else {
      firstPart = path;
    }
    
    if (ignoreList.contains(firstPart)) {
      
      // Only authenticated users can access /service
      if("/service".equals(firstPart) && req.getRemoteUser() == null &&
        (req.getSession(false) == null || req.getSession().getAttribute(Constants.AUTHENTICATED_USER_ID) == null)){
          ((HttpServletResponse)response).sendError(HttpServletResponse.SC_FORBIDDEN);
          return;
      }
      
      chain.doFilter(request, response); // Goes to default servlet.
    } else {
      request.getRequestDispatcher("/ui" + path).forward(request, response);
    }
  }

  @Override
  public void destroy() {
  }

}