LoginFilterpublic class LoginFilter extends Object implements FilterIn general, you may use the code in this book in your programs and
documentation. You do not need to contact us for permission unless
you're reproducing a significant portion of the code. For example,
writing a program that uses several chunks of code from this book does
not require permission. Selling or distributing a CD-ROM of examples
from O'Reilly books does require permission. Answering a question by
citing this book and quoting example code does not require permission.
Incorporating a significant amount of example code from this book into
your product's documentation does require permission.
We appreciate, but do not require, attribution. An attribution usually
includes the title, author, publisher, and ISBN. For example:
"Java Enterprise in a Nutshell, Third Edition,
by Jim Farley and William Crawford
with Prakash Malani, John G. Norman, and Justin Gehtland.
Copyright 2006 O'Reilly Media, Inc., 0-596-10142-2."
If you feel your use of code examples falls outside fair use or the
permission given above, feel free to contact us at
permissions@oreilly.com. |
Fields Summary |
---|
public static final String | AUTHN_ID_VAR | public static final String | USER_VAR | public static final String | PASSWORD_VAR | private String[] | mAccounts | private String | mLoginURI |
Constructors Summary |
---|
public LoginFilter()Default constructor
super();
|
Methods Summary |
---|
public void | destroy()Cleanup any initialized resources
| public void | doFilter(javax.servlet.ServletRequest sReq, javax.servlet.ServletResponse sResp, javax.servlet.FilterChain chain)Execute the filter on an incoming request.
boolean loggedIn = false;
HttpServletRequest request = (HttpServletRequest)sReq;
HttpServletResponse response = (HttpServletResponse)sResp;
HttpSession session = request.getSession();
// If the target is the login entry screen, let the
// request pass through
if (request.getRequestURI().endsWith(getLoginURI())) {
chain.doFilter(request, response);
return;
}
// Check the session for our authentication id
if (session == null ||
session.getAttribute(AUTHN_ID_VAR) == null) {
// No session attribute set yet, so check for the login
// parameters
String user = request.getParameter(USER_VAR);
String pw = request.getParameter(PASSWORD_VAR);
// Compare these to our set of accounts to see if there's a match
String authnID = null;
for (int i = 0; i < this.mAccounts.length; i++) {
if (user != null && user.equals(this.mAccounts[i][0]) &&
pw != null && pw.equals(this.mAccounts[i][1])) {
authnID = user;
break;
}
}
// If there's a match, set the session variable with the
// authenticated user's id, and pass through
if (authnID != null) {
session.setAttribute(AUTHN_ID_VAR, authnID);
chain.doFilter(request, response);
}
// If we failed to login the user, redirect them to the login page
else {
response.sendRedirect(response.encodeRedirectURL(getLoginURI()));
return;
}
}
// If there is a session authn id, pass them through, because they're
// already logged in
else {
chain.doFilter(request, response);
}
| public java.lang.String | getLoginURI()
return mLoginURI;
| public void | init(javax.servlet.FilterConfig arg0)Initialization callback
| public void | setLoginURI(java.lang.String loginURI)
mLoginURI = loginURI;
|
|