ProarcAuthFilter.java example

Explorer
proarc-master
/*
 * Copyright (C) 2013 Pavel Stastny
 * 
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 * 
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 * 
 * You should have received a copy of the GNU General Public License
 * along with this program. If not, see <http://www.gnu.org/licenses/>.
 */
package cz.cas.lib.proarc.authentication;

import cz.cas.lib.proarc.authentication.utils.AuthUtils;
import java.io.IOException;
import java.util.logging.Logger;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

/**
 * Authentication filter
 * @author pavels
 */
public class ProarcAuthFilter implements Filter {

    public static final Logger LOGGER = Logger.getLogger(ProarcAuthFilter.class.getName());
    
    public static final String SESSION_KEY = "user";

    @Override
    public void destroy() {
    }

    @Override
    public void doFilter(ServletRequest arg0, ServletResponse arg1,
            FilterChain chain) throws IOException, ServletException {

        securedContent(arg0, arg1, chain);
    }

    /**
     * Filter secured content
     * @param arg0 {@link HttpServletRequest}
     * @param arg1 {@link HttpServletResponse}
     * @param chain {@link FilterChain}
     * @throws IOException
     * @throws ServletException
     */
    public void securedContent(ServletRequest arg0, ServletResponse arg1,
            FilterChain chain) throws IOException, ServletException {

        HttpServletRequest httpReq = (HttpServletRequest) arg0;
        HttpServletResponse httpResp = (HttpServletResponse) arg1;
        HttpSession session = httpReq.getSession();
        if (session != null) {
            ProarcPrincipal p = (ProarcPrincipal) session.getAttribute(SESSION_KEY);
            if (p != null) {
                // already logged
                HttpServletRequest authenticatedRequest = ProarcAuthenticatedHTTPRequest.newInstance(httpReq, p, p.getName());
                chain.doFilter(authenticatedRequest, httpResp);
            } else {
                // not logged -> test forbidden resource ?
                if (isForbinddenResource(httpReq.getRequestURL().toString())) {
                    AuthUtils.setLoginRequiredResponse(httpResp);
                } else {
                    // not forbidden resource -> chain
                    chain.doFilter(httpReq, httpResp);
                }
            }
        } else {
            // no session -> not logged -> forbidden resource ?
            if (isForbinddenResource(httpReq.getRequestURL().toString())) {
                AuthUtils.setLoginRequiredResponse(httpResp);
            } else {
                chain.doFilter(httpReq, httpResp);
            }
        }
    }

    private boolean isForbinddenResource(String reqUrl) {
        return reqUrl != null && reqUrl.contains("/rest/");
    }

    @Override
    public void init(FilterConfig arg0) throws ServletException {
    }

}