ConversationStateUpdateFilter.java

/*
 *
 *  JBoss, a division of Red Hat
 *  Copyright 2012, Red Hat Middleware, LLC, and individual contributors as indicated
 *  by the @authors tag. See the copyright.txt in the distribution for a
 *  full listing of individual contributors.
 *
 *  This is free software; you can redistribute it and/or modify it
 *  under the terms of the GNU Lesser General Public License as
 *  published by the Free Software Foundation; either version 2.1 of
 *  the License, or (at your option) any later version.
 *
 *  This software is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
 *  Lesser General Public License for more details.
 *
 *  You should have received a copy of the GNU Lesser General Public
 *  License along with this software; if not, write to the Free
 *  Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
 *  02110-1301 USA, or see the FSF site: http://www.fsf.org.
 *
 */

package org.exoplatform.web.login;

import java.io.IOException;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;

import org.exoplatform.container.web.AbstractFilter;
import org.exoplatform.services.security.ConversationState;
import org.exoplatform.web.security.AuthenticationRegistry;
import org.gatein.common.logging.Logger;
import org.gatein.common.logging.LoggerFactory;
import org.gatein.wci.security.Credentials;

/**
 * Filter is used to update {@link ConversationState} with necessary attributes after login of user. It needs to be configured
 * in filter chain after {@link org.exoplatform.services.security.web.SetCurrentIdentityFilter} !!!
 *
 * @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
 */
public class ConversationStateUpdateFilter extends AbstractFilter {
    private static final Logger log = LoggerFactory.getLogger(ConversationStateUpdateFilter.class);

    @Override
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException,
            ServletException {
        HttpServletRequest hreq = (HttpServletRequest) request;
        AuthenticationRegistry authRegistry = (AuthenticationRegistry) getContainer().getComponentInstanceOfType(
                AuthenticationRegistry.class);

        // This should happen during first request of authenticated user. We need to bind credentials to ConversationState
        // and unregister them from authenticationRegistry
        if (hreq.getRemoteUser() != null && authRegistry.getCredentials(hreq) != null) {
            Credentials credentials = authRegistry.removeCredentials(hreq);
            bindCredentialsToConversationState(credentials);
        }

        // Continue with filter chain
        chain.doFilter(request, response);
    }

    @Override
    public void destroy() {
    }

    /**
     * Add credentials to {@link ConversationState}.
     *
     * @param credentials
     */
    protected void bindCredentialsToConversationState(Credentials credentials) {
        ConversationState currentConversationState = ConversationState.getCurrent();
        if (currentConversationState != null && credentials != null) {
            log.debug("Binding credentials to conversationState for user " + credentials.getUsername());
            currentConversationState.setAttribute(Credentials.CREDENTIALS, credentials);
        }
    }
}