FileDocCategorySizeDatePackage
LoginFilter.javaAPI DocExample4781Thu Dec 15 21:35:20 GMT 2005com.oreilly.jent.people.servlet

LoginFilter

public class LoginFilter extends Object implements Filter
In general, you may use the code in this book in your programs and documentation. You do not need to contact us for permission unless you're reproducing a significant portion of the code. For example, writing a program that uses several chunks of code from this book does not require permission. Selling or distributing a CD-ROM of examples from O'Reilly books does require permission. Answering a question by citing this book and quoting example code does not require permission. Incorporating a significant amount of example code from this book into your product's documentation does require permission. We appreciate, but do not require, attribution. An attribution usually includes the title, author, publisher, and ISBN. For example: "Java Enterprise in a Nutshell, Third Edition, by Jim Farley and William Crawford with Prakash Malani, John G. Norman, and Justin Gehtland. Copyright 2006 O'Reilly Media, Inc., 0-596-10142-2." If you feel your use of code examples falls outside fair use or the permission given above, feel free to contact us at permissions@oreilly.com.

Fields Summary
public static final String
AUTHN_ID_VAR
public static final String
USER_VAR
public static final String
PASSWORD_VAR
private String[]
mAccounts
private String
mLoginURI
Constructors Summary
public LoginFilter()
Default constructor

    
       
      
        super();
    
Methods Summary
public voiddestroy()
Cleanup any initialized resources

        
    
public voiddoFilter(javax.servlet.ServletRequest sReq, javax.servlet.ServletResponse sResp, javax.servlet.FilterChain chain)
Execute the filter on an incoming request.

        boolean loggedIn = false;
        
        HttpServletRequest request = (HttpServletRequest)sReq;
        HttpServletResponse response = (HttpServletResponse)sResp;
        HttpSession session = request.getSession();
        
        // If the target is the login entry screen, let the
        // request pass through
        if (request.getRequestURI().endsWith(getLoginURI())) {
            chain.doFilter(request, response);
            return;
        }
        
        // Check the session for our authentication id
        if (session == null ||
            session.getAttribute(AUTHN_ID_VAR) == null) {
            // No session attribute set yet, so check for the login 
            // parameters
            String user = request.getParameter(USER_VAR);
            String pw = request.getParameter(PASSWORD_VAR);
            // Compare these to our set of accounts to see if there's a match
            String authnID = null;
            for (int i = 0; i < this.mAccounts.length; i++) {
                if (user != null && user.equals(this.mAccounts[i][0]) &&
                    pw != null && pw.equals(this.mAccounts[i][1])) {
                    authnID = user;
                    break;
                }
            }
            // If there's a match, set the session variable with the 
            // authenticated user's id, and pass through
            if (authnID != null) {
                session.setAttribute(AUTHN_ID_VAR, authnID);
                chain.doFilter(request, response);
            }
            // If we failed to login the user, redirect them to the login page
            else {
                response.sendRedirect(response.encodeRedirectURL(getLoginURI()));
                return;
            }
        }
        // If there is a session authn id, pass them through, because they're
        // already logged in
        else {
            chain.doFilter(request, response);
        }
    
public java.lang.StringgetLoginURI()

return
Returns the mLoginURI.

        return mLoginURI;
    
public voidinit(javax.servlet.FilterConfig arg0)
Initialization callback

    
public voidsetLoginURI(java.lang.String loginURI)

param
loginURI The mLoginURI to set.

        mLoginURI = loginURI;