SignOnFilterpublic class SignOnFilter extends Object implements Filter| This filter protects some URI and make sure that only signed-on users
can access them |
| Fields Summary |
|---|
| private static final Log | __log | | private String | _signon | | private HashMap | _protectedUris | | private FilterConfig | _config |
| Methods Summary |
|---|
| public void | destroy()
_protectedUris.clear( );
| | public void | doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain)
HttpServletRequest req = ( HttpServletRequest ) request;
/* Uri */
String uri = req.getRequestURI( );
if ( uri.startsWith( "/" ) )
{
uri = uri.substring( 1 );
}
int i = uri.indexOf( "/" );
if ( i >= 0 )
{
uri = uri.substring( i + 1 );
}
else {}
/* check if signon is required */
if ( isProtected( uri ) && !isSignedIn( req ) )
{
String forward = _signon + "?redirectUri=" + uri;
_config.getServletContext( ).getRequestDispatcher( forward ).forward( request, response );
}
else
{
chain.doFilter( request, response );
}
| | public void | init(javax.servlet.FilterConfig config)
//~ Methods ----------------------------------------------------------------
__log.info( "init()" );
_config = config;
/* SignOn action */
_signon = config.getInitParameter( "signon.action" );
__log.info( "...signon.action=" + _signon );
/* Protected Uri */
String uri = config.getInitParameter( "protected.uri" );
StringTokenizer tok = new StringTokenizer( uri, "," );
while ( tok.hasMoreTokens( ) )
{
String url = tok.nextToken( );
_protectedUris.put( url, url );
__log.info( "...Adding URI to protect: " + url );
}
| | public boolean | isProtected(java.lang.String uri)
return ( _protectedUris.get( uri ) != null );
| | public boolean | isSignedIn(javax.servlet.http.HttpServletRequest request)
HttpSession session = request.getSession( false );
return ( session == null )
? false
: ( session.getAttribute( BaseAction.USERID_KEY ) != null );
|
|
