File Doc Category Size Date Package
AccessControlFilter.java API Doc Example 3787 Tue Feb 28 11:34:06 GMT 2006 com.ora.jsp.servlets

AccessControlFilter

java.lang.Object

public class AccessControlFilter extends Object implements Filter

This class provides access control for all requests in the Project Billboard application, by looking for the authentication token in the session and forwarding to the login page if not found.

author: Hans Bergsten, Gefion software
version: 1.0

Fields Summary
private FilterConfig
config
private String
loginPage
Constructors Summary
Methods Summary
public void destroy()
Resets the instance variable.
config = null;
public void doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain)
Looks for the authentication token in the session and forwards to the login page if not found.
HttpServletRequest httpReq = (HttpServletRequest) request; HttpServletResponse httpResp = (HttpServletResponse) response; if (!isAuthenticated(httpReq)) { String forwardURI = getForwardURI(httpReq); // Forward to the login page and stop further processing ServletContext context = config.getServletContext(); RequestDispatcher rd = context.getRequestDispatcher(forwardURI); if (rd == null) { httpResp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Login page doesn't exist"); } rd.forward(request, response); return; } /* * Process the rest of the filter chain, if any, and ultimately * the requested servlet or JSP page. */ chain.doFilter(request, response);
private java.lang.String getContextRelativeURI(javax.servlet.http.HttpServletRequest request)
Returns a context-relative path for the request, including the query string, if any.
int ctxPathLength = request.getContextPath().length(); String requestURI = request.getRequestURI(); StringBuffer uri = new StringBuffer(requestURI.substring(ctxPathLength)); String query = request.getQueryString(); if (query != null) { uri.append("?").append(query); } return uri.toString();
private java.lang.String getForwardURI(javax.servlet.http.HttpServletRequest request)
Returns the context-relative path to the login page, with the parameters used by the login page.
StringBuffer uri = new StringBuffer(loginPage); uri.append("?errorMsg=Please+log+in+first&origURL="). append(URLEncoder.encode(getContextRelativeURI(request))); return uri.toString();
public void init(javax.servlet.FilterConfig config)
Reads the "loginPage" filter init parameter and saves the value in an instance variable.
exception
ServletException if the "loginPage" parameter is not set.
this.config = config; loginPage = config.getInitParameter("loginPage"); if (loginPage == null) { throw new ServletException("loginPage init parameter missing"); }
private boolean isAuthenticated(javax.servlet.http.HttpServletRequest request)
Returns true if the session contains the authentication token.
boolean isAuthenticated = false; HttpSession session = request.getSession(); if (session.getAttribute("validUser") != null) { isAuthenticated = true; } return isAuthenticated;