001: /* The Jcorporate Apache Style Software License, Version 1.2 05-07-2002
002: *
003: * Copyright (c) 1995-2002 Jcorporate Ltd. All rights reserved.
004: *
005: * Redistribution and use in source and binary forms, with or without
006: * modification, are permitted provided that the following conditions
007: * are met:
008: *
009: * 1. Redistributions of source code must retain the above copyright
010: * notice, this list of conditions and the following disclaimer.
011: *
012: * 2. Redistributions in binary form must reproduce the above copyright
013: * notice, this list of conditions and the following disclaimer in
014: * the documentation and/or other materials provided with the
015: * distribution.
016: *
017: * 3. The end-user documentation included with the redistribution,
018: * if any, must include the following acknowledgment:
019: * "This product includes software developed by Jcorporate Ltd.
020: * (http://www.jcorporate.com/)."
021: * Alternately, this acknowledgment may appear in the software itself,
022: * if and wherever such third-party acknowledgments normally appear.
023: *
024: * 4. "Jcorporate" and product names such as "Expresso" must
025: * not be used to endorse or promote products derived from this
026: * software without prior written permission. For written permission,
027: * please contact info@jcorporate.com.
028: *
029: * 5. Products derived from this software may not be called "Expresso",
030: * or other Jcorporate product names; nor may "Expresso" or other
031: * Jcorporate product names appear in their name, without prior
032: * written permission of Jcorporate Ltd.
033: *
034: * 6. No product derived from this software may compete in the same
035: * market space, i.e. framework, without prior written permission
036: * of Jcorporate Ltd. For written permission, please contact
037: * partners@jcorporate.com.
038: *
039: * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
040: * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
041: * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
042: * DISCLAIMED. IN NO EVENT SHALL JCORPORATE LTD OR ITS CONTRIBUTORS
043: * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
044: * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
045: * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
046: * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
047: * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
048: * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
049: * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
050: * SUCH DAMAGE.
051: * ====================================================================
052: *
053: * This software consists of voluntary contributions made by many
054: * individuals on behalf of the Jcorporate Ltd. Contributions back
055: * to the project(s) are encouraged when you make modifications.
056: * Please send them to support@jcorporate.com. For more information
057: * on Jcorporate Ltd. and its products, please see
058: * <http://www.jcorporate.com/>.
059: *
060: * Portions of this software are based upon other open source
061: * products and are subject to their respective licenses.
062: */
063:
064: package com.jcorporate.expresso.core.registry;
065:
066: import com.jcorporate.expresso.core.controller.NonHandleableException;
067: import com.jcorporate.expresso.core.dataobjects.DataObject;
068: import com.jcorporate.expresso.core.dataobjects.Securable;
069: import com.jcorporate.expresso.core.db.DBException;
070: import com.jcorporate.expresso.core.jsdkapi.GenericSession;
071: import com.jcorporate.expresso.core.misc.CurrentLogin;
072: import com.jcorporate.expresso.core.security.SuperUser;
073: import com.jcorporate.expresso.core.security.User;
074: import com.jcorporate.expresso.core.servlet.CheckLogin;
075: import com.jcorporate.expresso.services.dbobj.DefaultUserInfo;
076:
077: import javax.servlet.Filter;
078: import javax.servlet.FilterChain;
079: import javax.servlet.FilterConfig;
080: import javax.servlet.ServletException;
081: import javax.servlet.ServletRequest;
082: import javax.servlet.ServletResponse;
083: import javax.servlet.http.HttpServlet;
084: import javax.servlet.http.HttpServletRequest;
085: import java.io.IOException;
086:
087: /**
088: * Does a similar job as Expresso's checkLogin() but it also sets the
089: * current default request context and user in the request registry.
090: *
091: * @author Michael Rimov
092: * @version 1.0
093: */
094: public class RequestRegistryFilter extends HttpServlet implements
095: Filter {
096: private FilterConfig filterConfig;
097:
098: /**
099: * Initialization
100: *
101: * @param filterConfig FilterConfig The Filter Configuration
102: * @throws ServletException upon construction
103: */
104: public void init(FilterConfig filterConfig) throws ServletException {
105: this .filterConfig = filterConfig;
106: filterConfig.getServletContext().log(
107: "Initializing RequestRegistryFilter");
108: }
109:
110: /**
111: * Processes the request/response by defining the registry as set up
112: * by CheckLogin and the 'CurrentLogin' class.
113: *
114: * @param request ServletRequest The HttpServletRequest
115: * @param response ServletResponse The HttpServletResponse
116: * @param filterChain FilterChain the filter chain
117: * @throws ServletException upon expresso controller-related error.
118: * @throws IOException Only thrown by filters further down the chain.
119: */
120: public void doFilter(ServletRequest request,
121: ServletResponse response, FilterChain filterChain)
122: throws ServletException, IOException {
123: try {
124: HttpServletRequest req = (HttpServletRequest) request;
125: RequestRegistry super UserSettings = new MutableRequestRegistry(
126: "default", SuperUser.SUPER_USER);
127: CurrentLogin cl;
128: User u;
129: try {
130: //Set the current thread to superuser for authentication
131: //purposes. We downgrade it as soon as we have privlidges.
132: CheckLogin.getInstance().checkLogin(
133: (HttpServletRequest) request);
134: cl = (CurrentLogin) GenericSession.getAttribute(req,
135: "CurrentLogin");
136:
137: u = new User();
138: u.setDataContext(cl.getDBName());
139: u.setUid(cl.getUid());
140:
141: try {
142: u.retrieve();
143: } catch (DBException ex1) {
144: //We have a potential situation where the User
145: //table might not exist yet.
146: DataObject dao = new DefaultUserInfo(
147: Securable.SYSTEM_ACCOUNT);
148: dao.setDataContext(cl.getDBName());
149: try {
150: dao.count();
151: throw new DBException("Unable to load user",
152: ex1);
153: } catch (DBException ex) {
154: try {
155: this
156: .log(
157: "User Table Doesn't Yet Exist",
158: ex);
159: } catch (NullPointerException ex2) {
160: ex.printStackTrace();
161: System.err
162: .println("User table doesn't yet exist, but couldn't log: "
163: + ex2.getMessage());
164: }
165: }
166: }
167: } finally {
168: //Take out the superuser settings to save any chances of
169: //exploits occuring by reuse of a thread.
170: super UserSettings.releaseSettings();
171: }
172:
173: //The following line sets the particular instance of requestRegistry
174: //into the threadlocal context.
175: RequestRegistry requestRegistry = new MutableRequestRegistry(
176: cl.getDBName(), u);
177: try {
178: filterChain.doFilter(request, response);
179: } finally {
180: requestRegistry.releaseSettings();
181: }
182: } catch (NonHandleableException ex) {
183: throw new ServletException("Error pre-processing request",
184: ex);
185: } catch (DBException ex) {
186: throw new ServletException("Error pre-processing request",
187: ex);
188: }
189: }
190:
191: /**
192: * Clean up resources
193: */
194: public void destroy() {
195: filterConfig.getServletContext().log(
196: "Destroying RequestRegistryFilter");
197: }
198: }
|