package org.jvnet.hudson.plugins.monitoring;
import net.bull.javamelody.MonitoringFilter;
import net.bull.javamelody.SessionListener;
import hudson.model.Hudson;
import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
/**
* Filter of monitoring JavaMelody with security check for Hudson administrator.
* @author Emeric Vernat
*/
public class HudsonMonitoringFilter extends MonitoringFilter {
/** {@inheritDoc} */
public void init(FilterConfig config) throws ServletException {
// Rq: avec hudson, on ne peut pas ajouter un SessionListener comme dans un web.xml, sauf si api servlet 3.0
if (config.getServletContext().getMajorVersion() >= 3) {
config.getServletContext().addListener(SessionListener.class);
}
super.init(config);
}
/** {@inheritDoc} */
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
if (!(request instanceof HttpServletRequest)) {
super.doFilter(request, response, chain);
return;
}
final HttpServletRequest httpRequest = (HttpServletRequest) request;
if (httpRequest.getRequestURI().equals(getMonitoringUrl(httpRequest))) {
// only the hudson administrator can view the monitoring report
Hudson.getInstance().checkPermission(Hudson.ADMINISTER);
}
super.doFilter(request, response, chain);
}
}