LogoutHandlingFilter.java example

Explorer
coprhd-controller-master
/*
 * Copyright (c) 2013 EMC Corporation
 * All Rights Reserved
 */

package com.emc.storageos.security.authentication;

import java.io.IOException;
import java.net.URI;
import java.util.regex.Pattern;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;

import com.emc.storageos.security.exceptions.SecurityException;
import com.emc.storageos.services.util.SecurityUtils;
import com.emc.storageos.svcs.errorhandling.resources.InternalException;
import com.google.common.net.InetAddresses;

/**
 * Logout request handler, redirects the request to authsvc
 */
public class LogoutHandlingFilter extends AbstractRequestWrapperFilter {
    private final Logger _logger = LoggerFactory.getLogger(LogoutHandlingFilter.class);
    final private String LOGOUT_URI = "/logout";
    final private String _regEx = "^" + LOGOUT_URI + "(\\.xml|\\.json)?$";
    final private Pattern _pattern = Pattern.compile(_regEx, Pattern.CASE_INSENSITIVE);

    @Autowired
    protected AuthSvcEndPointLocator _endpointLocator;

    @Override
    public void doFilter(final ServletRequest servletRequest, final ServletResponse servletResponse,
            final FilterChain filterChain) throws IOException, ServletException {

        HttpServletRequest req = (HttpServletRequest) servletRequest;
        if (!findLogoutPattern(req.getRequestURI())) {
            filterChain.doFilter(servletRequest, servletResponse);
        } else {
            // logout request, handle here
            URI endpoint = null;
            try {
                endpoint = _endpointLocator.getAnEndpoint();
            } catch (SecurityException e) {
                final HttpServletResponse response = (HttpServletResponse) servletResponse;
                response.sendError(toHTTPStatus(e), toServiceErrorXml(e));
            }
            StringBuilder redirectURL = new StringBuilder(endpoint.toString());
            if (!InetAddresses.isInetAddress(endpoint.getHost()) ||
                    RequestProcessingUtils.getTokenFromCookie(req) != null) {
                // ok, then, keep them on the same node
                redirectURL = RequestProcessingUtils.getOnNodeAuthsvcRedirectURL(req, endpoint);
            }
            redirectURL.append("/logout");
            String queryString = SecurityUtils.stripXSS(req.getQueryString());
            if (queryString != null && !queryString.isEmpty()) {
                redirectURL.append("?" + queryString);
            }
            _logger.info("redirecting logout request: url: {}", redirectURL.toString());
            final HttpServletResponse response = (HttpServletResponse) servletResponse;
            response.sendRedirect(redirectURL.toString());
        }
    }

    /**
     * parses the input string to find matches for /logout, /logout.xml, /logout.json (case insensitive)
     * 
     * @param input
     * @return true if found, false if not found.
     */
    private boolean findLogoutPattern(String input) {
        return _pattern.matcher(input).find();
    }

    @Override
    protected AbstractRequestWrapper authenticate(ServletRequest servletRequest)
            throws InternalException {
        throw SecurityException.fatals.unsupportedOperation();
    }
}