FileDocCategorySizeDatePackage
SignOnFilter.javaAPI DocJBoss 4.2.13988Fri Jul 13 20:55:42 BST 2007xpetstore.web.filter

SignOnFilter

public class SignOnFilter extends Object implements Filter
This filter protects some URI and make sure that only signed-on users can access them
author
Herve Tchepannou
web.filter
name="signon" display-name="xPetstore WebWork Signon Filter"
web.filter-mapping
servlet-name="action"
web.filter-init-param
name="signon.action" value="signon.action"
web.filter-init-param
name="protected.uri" value="checkout.action,order.action"

Fields Summary
private static final Log
__log
private String
_signon
private HashMap
_protectedUris
private FilterConfig
_config
Constructors Summary
Methods Summary
public voiddestroy()

see
javax.servlet.Filter#destroy()

        _protectedUris.clear(  );
    
public voiddoFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain)

see
javax.servlet.Filter#doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain)

        HttpServletRequest req = ( HttpServletRequest ) request;

        /* Uri */
        String uri = req.getRequestURI(  );

        if ( uri.startsWith( "/" ) )
        {
            uri = uri.substring( 1 );
        }

        int i = uri.indexOf( "/" );

        if ( i >= 0 )
        {
            uri = uri.substring( i + 1 );
        }
        else {}

        /* check if signon is required */
        if ( isProtected( uri ) && !isSignedIn( req ) )
        {
            String forward = _signon + "?redirectUri=" + uri;
            _config.getServletContext(  ).getRequestDispatcher( forward ).forward( request, response );
        }
        else
        {
            chain.doFilter( request, response );
        }
    
public voidinit(javax.servlet.FilterConfig config)

see
javax.servlet.Filter#init(javax.servlet.FilterConfig)


    //~ Methods ----------------------------------------------------------------

           
         
         
    
        __log.info( "init()" );

        _config = config;

        /* SignOn action */
        _signon = config.getInitParameter( "signon.action" );
        __log.info( "...signon.action=" + _signon );

        /* Protected Uri */
        String          uri = config.getInitParameter( "protected.uri" );
        StringTokenizer tok = new StringTokenizer( uri, "," );

        while ( tok.hasMoreTokens(  ) )
        {
            String url = tok.nextToken(  );
            _protectedUris.put( url, url );

            __log.info( "...Adding URI to protect: " + url );
        }
    
public booleanisProtected(java.lang.String uri)

        return ( _protectedUris.get( uri ) != null );
    
public booleanisSignedIn(javax.servlet.http.HttpServletRequest request)

        HttpSession session = request.getSession( false );

        return ( session == null )
               ? false
               : ( session.getAttribute( BaseAction.USERID_KEY ) != null );