FileDocCategorySizeDatePackage
AutomaticLoginFilter.javaAPI DocExample4532Thu Sep 09 22:47:56 BST 2004com.oreilly.strutsckbk.ch11

AutomaticLoginFilter

public class AutomaticLoginFilter extends Object implements Filter
Filter which handles application authentication. The filter implements the following policy:
  1. If the username is in the session the filter exits;
  2. If not, the authentication cookies are looked for;
  3. If found, the authentication is attempted
  4. If authentication is successful, the username is stored in the session
  5. Otherwise, the cookies are invalid and subsequently removed from the response
author
Bill Siggelkow

Fields Summary
private String
onFailure
private FilterConfig
filterConfig
private static final Log
log
Constructors Summary
Methods Summary
private voidclearCookie(javax.servlet.http.HttpServletResponse response, java.lang.String cookieName)

        // the cookie value does not matter
        Cookie cookie = new Cookie(cookieName, "expired");

        // setting maxAge to zero effectively removes the cookie
        cookie.setMaxAge(0);
        response.addCookie(cookie);
public voiddestroy()

        // Nothing necessary
public voiddoFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain)

        HttpServletRequest req = (HttpServletRequest) request;
        HttpServletResponse res = (HttpServletResponse) response;
        
        String contextPath = req.getContextPath();
        // if the requested page is the onFailure page continue
        // down the chain to avoid an infinite redirect loop        
        if (req.getServletPath().equals(onFailure)) {
            chain.doFilter(request, response);
            return;
        }
    
        HttpSession session = req.getSession(); // get the session or create it
        String username = (String) session.getAttribute("username");
        if (log.isDebugEnabled()) log.debug("User in session:"+username);

        // if user is null get credentials from cookie; otherwise continue
        if (username == null) {
            boolean authentic = false;
            username = findCookie(req, "StrutsCookbookUsername");
            String password = findCookie(req, "StrutsCookbookPassword");
            if (username != null && password != null) {
                try {
                    if (log.isDebugEnabled()) log.debug("Checking authentication");
                    // Call your security service here
                    //SecurityService.authenticate(username, password);
                    session.setAttribute("username", username);
                    authentic = true;
                }
                catch (Exception e) {
                    log.error("Unexpected authentication failure.", e);
                    clearCookie(res, "StrutsCookbookUsername");
                    clearCookie(res, "StrutsCookbookPassword");
                }
            }
    
            // if not authentic redirect to the logon page
            if (!authentic) {
                res.sendRedirect(contextPath+onFailure);
                //abort filter instead of chaining
                return;
            }
        }
        if (log.isDebugEnabled()) log.debug("Continuing filter chain ...");
        chain.doFilter(request, response);
private java.lang.StringfindCookie(javax.servlet.http.HttpServletRequest request, java.lang.String cookieName)

        Cookie[] cookies = request.getCookies();
        String value = null;
        if (cookies != null) {
            for (int i=0; i<cookies.length; i++) {
                if (cookies[i].getName().equals(cookieName)) {
                    value = cookies[i].getValue();
                }
            }
        }
        return value;
public voidinit(javax.servlet.FilterConfig filterConfig)


          
        this.filterConfig = filterConfig;
        onFailure = filterConfig.getInitParameter("onFailure");