FileDocCategorySizeDatePackage
AccessControlFilter.javaAPI DocExample3789Tue Jun 08 11:26:42 BST 2004com.mycompany.messages

AccessControlFilter

public class AccessControlFilter extends Object implements Filter
This class provides access control for all requests in the Project Billboard application, by looking for the authentication token in the session and forwarding to the login page if not found.
author
Hans Bergsten, Gefion Software
version
1.0

Fields Summary
private FilterConfig
config
private String
loginPage
Constructors Summary
Methods Summary
public voiddestroy()
Resets the instance variable.

        config = null;
public voiddoFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain)
Looks for the authentication token in the session and forwards to the login page if not found.


        HttpServletRequest httpReq = (HttpServletRequest) request;
        HttpServletResponse httpResp = (HttpServletResponse) response;

        if (!isAuthenticated(httpReq)) {
            String forwardURI = getForwardURI(httpReq);

            // Forward to the login page and stop further processing
            ServletContext context = config.getServletContext();
            RequestDispatcher rd = context.getRequestDispatcher(forwardURI);
            if (rd == null) {
                httpResp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, 
                    "Login page doesn't exist");
            }
            rd.forward(request, response);
            return;
        }

        /*
         * Process the rest of the filter chain, if any, and ultimately
         * the requested servlet or JSP page.
         */
        chain.doFilter(request, response);
private java.lang.StringgetContextRelativeURI(javax.servlet.http.HttpServletRequest request)
Returns a context-relative path for the request, including the query string, if any.

        int ctxPathLength = request.getContextPath().length();
        String requestURI = request.getRequestURI();
        StringBuffer uri = 
            new StringBuffer(requestURI.substring(ctxPathLength));
        String query = request.getQueryString();
        if (query != null) {
            uri.append("?").append(query);
        }
        return uri.toString();
private java.lang.StringgetForwardURI(javax.servlet.http.HttpServletRequest request)
Returns the context-relative path to the login page, with the parameters used by the login page.

        StringBuffer uri = new StringBuffer(loginPage);
        uri.append("?errorMsg=Please+log+in+first&origURL=").
            append(URLEncoder.encode(getContextRelativeURI(request)));
        return uri.toString();
public voidinit(javax.servlet.FilterConfig config)
Reads the "loginPage" filter init parameter and saves the value in an instance variable.

exception
ServletException if the "loginPage" parameter is not set.


                                   
          
        this.config = config;
        loginPage = config.getInitParameter("loginPage");
        if (loginPage == null) {
            throw new ServletException("loginPage init parameter missing");
        }
private booleanisAuthenticated(javax.servlet.http.HttpServletRequest request)
Returns true if the session contains the authentication token.

        boolean isAuthenticated = false;
        HttpSession session = request.getSession();
        if (session.getAttribute("validUser") != null) {
            isAuthenticated = true;
        }
        return isAuthenticated;