001: /* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
002: *
003: * Licensed under the Apache License, Version 2.0 (the "License");
004: * you may not use this file except in compliance with the License.
005: * You may obtain a copy of the License at
006: *
007: * http://www.apache.org/licenses/LICENSE-2.0
008: *
009: * Unless required by applicable law or agreed to in writing, software
010: * distributed under the License is distributed on an "AS IS" BASIS,
011: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
012: * See the License for the specific language governing permissions and
013: * limitations under the License.
014: */
015:
016: package org.acegisecurity.captcha;
017:
018: import org.acegisecurity.context.SecurityContextHolder;
019:
020: import org.apache.commons.logging.Log;
021: import org.apache.commons.logging.LogFactory;
022:
023: import org.springframework.beans.factory.InitializingBean;
024:
025: import java.io.IOException;
026:
027: import javax.servlet.*;
028: import javax.servlet.http.HttpServletRequest;
029: import javax.servlet.http.HttpSession;
030:
031: /**
032: * Filter for web integration of the {@link CaptchaServiceProxy}. <br>
033: * It basically intercept calls containing the specific validation parameter, use the {@link CaptchaServiceProxy} to
034: * validate the request, and update the {@link CaptchaSecurityContext} if the request passed the validation. <br>
035: * This Filter should be placed after the ContextIntegration filter and before the {@link
036: * CaptchaChannelProcessorTemplate} filter in the filter stack in order to update the {@link CaptchaSecurityContext}
037: * before the humanity verification routine occurs. <br>
038: * This filter should only be used in conjunction with the {@link CaptchaSecurityContext}<br>
039: *
040: * @author marc antoine Garrigue
041: * @version $Id: CaptchaValidationProcessingFilter.java 1784 2007-02-24 21:00:24Z luke_t $
042: */
043: public class CaptchaValidationProcessingFilter implements
044: InitializingBean, Filter {
045: //~ Static fields/initializers =====================================================================================
046:
047: protected static final Log logger = LogFactory
048: .getLog(CaptchaValidationProcessingFilter.class);
049:
050: //~ Instance fields ================================================================================================
051:
052: private CaptchaServiceProxy captchaService;
053: private String captchaValidationParameter = "_captcha_parameter";
054:
055: //~ Methods ========================================================================================================
056:
057: public void afterPropertiesSet() throws Exception {
058: if (this .captchaService == null) {
059: throw new IllegalArgumentException(
060: "CaptchaServiceProxy must be defined ");
061: }
062:
063: if ((this .captchaValidationParameter == null)
064: || "".equals(captchaValidationParameter)) {
065: throw new IllegalArgumentException(
066: "captchaValidationParameter must not be empty or null");
067: }
068: }
069:
070: /**
071: * Does nothing. We use IoC container lifecycle services instead.
072: */
073: public void destroy() {
074: }
075:
076: public void doFilter(ServletRequest request,
077: ServletResponse response, FilterChain chain)
078: throws IOException, ServletException {
079: String captchaResponse = request
080: .getParameter(captchaValidationParameter);
081:
082: if ((request != null) && request instanceof HttpServletRequest
083: && (captchaResponse != null)) {
084: logger.debug("captcha validation parameter found");
085:
086: // validate the request against CaptchaServiceProxy
087: boolean valid = false;
088:
089: logger.debug("try to validate");
090:
091: //get session
092: HttpSession session = ((HttpServletRequest) request)
093: .getSession();
094:
095: if (session != null) {
096: String id = session.getId();
097: valid = this .captchaService.validateReponseForId(id,
098: captchaResponse);
099: logger
100: .debug("captchaServiceProxy says : request is valid = "
101: + valid);
102:
103: if (valid) {
104: logger.debug("update the context");
105: ((CaptchaSecurityContext) SecurityContextHolder
106: .getContext()).setHuman();
107:
108: //logger.debug("retrieve original request from ")
109: } else {
110: logger.debug("captcha test failed");
111: }
112: } else {
113: logger
114: .debug("no session found, user don't even ask a captcha challenge");
115: }
116: } else {
117: logger
118: .debug("captcha validation parameter not found, do nothing");
119: }
120:
121: if (logger.isDebugEnabled()) {
122: logger.debug("chain ...");
123: }
124:
125: chain.doFilter(request, response);
126: }
127:
128: public CaptchaServiceProxy getCaptchaService() {
129: return captchaService;
130: }
131:
132: public String getCaptchaValidationParameter() {
133: return captchaValidationParameter;
134: }
135:
136: /**
137: * Does nothing. We use IoC container lifecycle services instead.
138: *
139: * @param filterConfig ignored
140: *
141: * @throws ServletException ignored
142: */
143: public void init(FilterConfig filterConfig) throws ServletException {
144: }
145:
146: public void setCaptchaService(CaptchaServiceProxy captchaService) {
147: this .captchaService = captchaService;
148: }
149:
150: public void setCaptchaValidationParameter(
151: String captchaValidationParameter) {
152: this.captchaValidationParameter = captchaValidationParameter;
153: }
154: }
|