001: /**
002: * $RCSfile$
003: * $Revision: 4016 $
004: * $Date: 2006-06-18 14:12:04 -0700 (Sun, 18 Jun 2006) $
005: *
006: * Copyright (C) 2004 Jive Software. All rights reserved.
007: *
008: * This software is published under the terms of the GNU Public License (GPL),
009: * a copy of which is included in this distribution.
010: */package org.jivesoftware.admin;
011:
012: import org.jivesoftware.util.ConcurrentHashSet;
013: import org.jivesoftware.util.Log;
014: import org.jivesoftware.util.WebManager;
015:
016: import javax.servlet.*;
017: import javax.servlet.http.HttpServletRequest;
018: import javax.servlet.http.HttpServletResponse;
019: import java.io.IOException;
020: import java.net.URLEncoder;
021: import java.util.Set;
022: import java.util.StringTokenizer;
023:
024: /**
025: * A simple filter which checks for the auth token in the user's session. If it's not there
026: * the filter will redirect to the login page.
027: */
028: public class AuthCheckFilter implements Filter {
029:
030: private static Set<String> excludes = new ConcurrentHashSet<String>();
031:
032: private ServletContext context;
033: private String defaultLoginPage;
034:
035: /**
036: * Adds a new string that when present in the requested URL will skip
037: * the "is logged" checking.
038: *
039: * @param exclude the string to exclude.
040: */
041: public static void addExclude(String exclude) {
042: excludes.add(exclude);
043: }
044:
045: /**
046: * Removes a string that when present in the requested URL will skip
047: * the "is logged" checking.
048: *
049: * @param exclude the string that was being excluded.
050: */
051: public static void removeExclude(String exclude) {
052: excludes.remove(exclude);
053: }
054:
055: public void init(FilterConfig config) throws ServletException {
056: context = config.getServletContext();
057: defaultLoginPage = config.getInitParameter("defaultLoginPage");
058: String excludesProp = config.getInitParameter("excludes");
059: if (excludesProp != null) {
060: StringTokenizer tokenizer = new StringTokenizer(
061: excludesProp, ",");
062: while (tokenizer.hasMoreTokens()) {
063: String tok = tokenizer.nextToken().trim();
064: excludes.add(tok);
065: }
066: }
067: }
068:
069: public void doFilter(ServletRequest req, ServletResponse res,
070: FilterChain chain) throws IOException, ServletException {
071: HttpServletRequest request = (HttpServletRequest) req;
072: HttpServletResponse response = (HttpServletResponse) res;
073: // Reset the defaultLoginPage variable
074: String loginPage = defaultLoginPage;
075: if (loginPage == null) {
076: loginPage = request.getContextPath() + "/login.jsp";
077: }
078: // Get the page we're on:
079: String url = request.getRequestURL().toString();
080: // See if it's contained in the exclude list. If so, skip filter execution
081: boolean doExclude = false;
082: for (String exclude : excludes) {
083: if (url.indexOf(exclude) > -1) {
084: doExclude = true;
085: break;
086: }
087: }
088: if (!doExclude) {
089: WebManager manager = new WebManager();
090: manager.init(request, response, request.getSession(),
091: context);
092: if (manager.getUser() == null) {
093: response.sendRedirect(getRedirectURL(request,
094: loginPage, null));
095: return;
096: }
097: }
098: chain.doFilter(req, res);
099: }
100:
101: public void destroy() {
102: }
103:
104: private String getRedirectURL(HttpServletRequest request,
105: String loginPage, String optionalParams) {
106: StringBuilder buf = new StringBuilder();
107: try {
108: buf.append(request.getRequestURI());
109: String qs = request.getQueryString();
110: if (qs != null) {
111: buf.append("?").append(qs);
112: }
113: } catch (Exception e) {
114: Log.error(e);
115: }
116: try {
117: return loginPage
118: + "?url="
119: + URLEncoder.encode(buf.toString(), "ISO-8859-1")
120: + (optionalParams != null ? "&" + optionalParams
121: : "");
122: } catch (Exception e) {
123: Log.error(e);
124: return null;
125: }
126: }
127: }
|