001: /*
002: * Copyright (c) 1998-2008 Caucho Technology -- all rights reserved
003: *
004: * This file is part of Resin(R) Open Source
005: *
006: * Each copy or derived work must preserve the copyright notice and this
007: * notice unmodified.
008: *
009: * Resin Open Source is free software; you can redistribute it and/or modify
010: * it under the terms of the GNU General Public License as published by
011: * the Free Software Foundation; either version 2 of the License, or
012: * (at your option) any later version.
013: *
014: * Resin Open Source is distributed in the hope that it will be useful,
015: * but WITHOUT ANY WARRANTY; without even the implied warranty of
016: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE, or any warranty
017: * of NON-INFRINGEMENT. See the GNU General Public License for more
018: * details.
019: *
020: * You should have received a copy of the GNU General Public License
021: * along with Resin Open Source; if not, write to the
022: * Free SoftwareFoundation, Inc.
023: * 59 Temple Place, Suite 330
024: * Boston, MA 02111-1307 USA
025: *
026: * @author Scott Ferguson
027: */
028:
029: package com.caucho.server.security;
030:
031: import com.caucho.servlet.comet.CometFilterChain;
032: import com.caucho.server.connection.CauchoRequest;
033: import com.caucho.server.connection.CauchoResponse;
034: import com.caucho.server.dispatch.AbstractFilterChain;
035:
036: import javax.servlet.FilterChain;
037: import javax.servlet.ServletContext;
038: import javax.servlet.ServletException;
039: import javax.servlet.ServletRequest;
040: import javax.servlet.ServletResponse;
041: import java.io.IOException;
042: import java.util.ArrayList;
043: import java.util.HashMap;
044:
045: public class SecurityFilterChain extends AbstractFilterChain {
046: private FilterChain _next;
047:
048: private ServletContext _webApp;
049:
050: private AbstractConstraint[] _constraints;
051: private HashMap<String, AbstractConstraint[]> _methodMap;
052:
053: SecurityFilterChain(FilterChain next) {
054: _next = next;
055: }
056:
057: public void setWebApp(ServletContext app) {
058: _webApp = app;
059: }
060:
061: public void setConstraints(ArrayList<AbstractConstraint> constraints) {
062: _constraints = new AbstractConstraint[constraints.size()];
063:
064: constraints.toArray(_constraints);
065: }
066:
067: public void setMethodMap(
068: HashMap<String, AbstractConstraint[]> methodMap) {
069: _methodMap = methodMap;
070: }
071:
072: public void destroy() {
073: }
074:
075: public void doFilter(ServletRequest request,
076: ServletResponse response) throws ServletException,
077: IOException {
078: // This filter is always called before user filters so we know that
079: // the request and response are AbstractRequest and Response.
080: CauchoRequest req = (CauchoRequest) request;
081: CauchoResponse res = (CauchoResponse) response;
082:
083: AbstractConstraint[] constraints = null;
084: if (_methodMap != null)
085: constraints = _methodMap.get(req.getMethod());
086:
087: if (constraints == null)
088: constraints = _constraints;
089:
090: boolean isPrivateCache = false;
091: if (constraints != null) {
092: // non-authentication constraints are first
093: for (int i = 0; i < constraints.length; i++) {
094: AbstractConstraint constraint = constraints[i];
095:
096: if (constraint.needsAuthentication())
097: continue;
098:
099: if (!constraint.isAuthorized(req, res, _webApp))
100: return;
101:
102: if (constraint.isPrivateCache())
103: isPrivateCache = true;
104: }
105:
106: boolean hasAuth = false;
107: for (int i = 0; i < constraints.length; i++) {
108: AbstractConstraint constraint = constraints[i];
109:
110: if (!constraint.needsAuthentication())
111: continue;
112:
113: if (!hasAuth) {
114: hasAuth = true;
115: if (!req.authenticate())
116: return;
117: }
118:
119: if (!constraint.isAuthorized(req, res, _webApp))
120: return;
121:
122: if (constraint.isPrivateCache())
123: isPrivateCache = true;
124: }
125: }
126:
127: if (isPrivateCache)
128: res.setPrivateCache(true);
129:
130: _next.doFilter(request, response);
131: }
132:
133: /**
134: * Resumes the request.
135: *
136: * @param request the servlet request
137: * @param response the servlet response
138: *
139: * @since Resin 3.1.3
140: */
141: @Override
142: public boolean doResume(ServletRequest request,
143: ServletResponse response) throws ServletException,
144: IOException {
145: if (_next instanceof CometFilterChain) {
146: CometFilterChain next = (CometFilterChain) _next;
147:
148: return next.doResume(request, response);
149: } else
150: return false;
151: }
152: }
|