package com.oreilly.strutsckbk.ch11.ams;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
public class AuthenticationFilter implements Filter {
private String onFailure = "logon.jsp";
private FilterConfig filterConfig;
public void init(FilterConfig filterConfig) throws ServletException {
this.filterConfig = filterConfig;
onFailure = filterConfig.getInitParameter("onFailure");
}
public void doFilter(ServletRequest request,
ServletResponse response,
FilterChain chain)
throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse res = (HttpServletResponse) response;
// if the requested page is the onFailure page continue
// down the chain to avoid an infinite redirect loop
if (req.getServletPath().equals(onFailure)) {
chain.doFilter(request, response);
return;
}
HttpSession session = req.getSession(); // get the session or create it
User user = (User) session.getAttribute("user");
if (user == null) {
// redirect to the login page
res.sendRedirect(req.getContextPath()+onFailure);
}
else {
chain.doFilter(request, response);
}
}
public void destroy() {
}
}
|