diff options
author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2013-07-26 17:07:15 +0200 |
---|---|---|
committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2013-07-26 17:07:15 +0200 |
commit | 99694b29f82f858f5b6163e6a3d6c11caaeb487e (patch) | |
tree | b46883533cd71c9f47047c38b5c43469a311a731 /id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java | |
parent | cc2e2e4ecf5bd8c4bbe16edba5a7d63fa808adcb (diff) | |
download | moa-id-spss-99694b29f82f858f5b6163e6a3d6c11caaeb487e.tar.gz moa-id-spss-99694b29f82f858f5b6163e6a3d6c11caaeb487e.tar.bz2 moa-id-spss-99694b29f82f858f5b6163e6a3d6c11caaeb487e.zip |
Configuration Web-Application
Diffstat (limited to 'id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java')
-rw-r--r-- | id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java | 236 |
1 files changed, 236 insertions, 0 deletions
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java new file mode 100644 index 000000000..517786d11 --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java @@ -0,0 +1,236 @@ +package at.gv.egovernment.moa.id.configuration.filter; + +import java.io.IOException; +import java.util.ArrayList; +import java.util.StringTokenizer; +import java.util.regex.Pattern; + +import org.apache.commons.lang.StringUtils; +import org.apache.log4j.Logger; + +import javax.servlet.Filter; +import javax.servlet.FilterChain; +import javax.servlet.FilterConfig; +import javax.servlet.RequestDispatcher; +import javax.servlet.ServletException; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; + +import at.gv.egovernment.moa.id.configuration.Constants; +import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; +import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; +import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException; +import at.gv.egovernment.moa.util.MiscUtil; +import at.gv.util.ToStringUtil; +import at.gv.util.WebAppUtil; + +public class AuthenticationFilter implements Filter{ + + private final Logger log = Logger.getLogger(AuthenticationFilter.class); + + private static ConfigurationProvider config; + + public static final String STORED_REQUEST_URL_ID = String.class.getName() + ":" + "storedRequestURL"; + public static final String WEB_XML_INIT_PARAM_LOGIN_PAGE = "loginPage"; + public static final String WEB_XML_INIT_PARAM_ERROR_PAGE = "errorPage"; + public static final String WEB_XML_INIT_PARAM_AUTHENTICATED_PAGE = "authenticatedPage"; // optional + public static final String WEB_XML_INIT_PARAM_SESSION_LOST_PAGE = "sessionLostPage"; // optional + public static final String WEB_XML_INIT_PARAM_ALLOWED_LIST = "allowedList"; + public static final String WEB_XML_INIT_PARAM_ALLOWED_REGEX = "allowed"; + + private static final String WEB_XML_INIT_PARAM_EXCLUDED_PAGES_DELIMITER = ","; + + private static String loginPage = null; + private boolean loginPageForward = true; + private static String errorPage = null; + private static String authenticatedPage = null; + private static String sessionLostPage = null; + + private static String[] excludedPages = null; + private static Pattern excludedRegEx = null; + + + + public AuthenticationFilter() throws ServletException { + try { + config = ConfigurationProvider.getInstance(); + + } catch (ConfigurationException e) { + throw new ServletException(AuthenticationFilter.class + ": Configuration can not be loaded!", e); + } + } + + public static String getErrorPage() { + return errorPage; + } + + public static String getAuthenticatedPage() { + return authenticatedPage; + } + + public static String getLoginPage() { + return loginPage; + } + + public static String getSessionLostPage() { + return sessionLostPage; + } + + private boolean isExcluded(String url) { + boolean excluded = false; + if (MiscUtil.isNotEmpty(excludedPages)) { + for (String candidate : excludedPages) { + if (StringUtils.upperCase(url).endsWith(StringUtils.upperCase(candidate))) { + excluded = true; + break; + } + } + } + if (excludedRegEx != null && !excluded) { + // log.debug("Trying to match regex \"{}\" with \"{}\".", + // excludedRegEx.toString(), url); + if (excludedRegEx.matcher(url).matches()) { + excluded = true; + } + } + log.debug("URL \"" + url + "\" is " + (excluded ? "" : "NOT ") + "excluded from filter."); + return excluded; + } + + + public void destroy() { + log.trace("Shutting down" + this.getClass().getName() + "..."); + + } + + public void doFilter(ServletRequest req, ServletResponse resp, + FilterChain filterchain) throws IOException, ServletException { + + HttpServletRequest httpServletRequest = (HttpServletRequest) req; + HttpServletResponse httpServletResponse = (HttpServletResponse) resp; + + HttpSession session = httpServletRequest.getSession(); + + Object authuser = session.getAttribute(Constants.SESSION_AUTH); + + String requestURL = WebAppUtil.getRequestURLWithParameters(httpServletRequest, true); + + log.trace("Request URL: " + requestURL); + + if (authuser == null && !this.isExcluded(requestURL)) { + + if (config.isLoginDeaktivated()) { + //add dummy Daten + log.warn("Authentication is deaktivated. Dummy authentication-information are used!"); + + if (authuser == null) { + + authuser = new AuthenticatedUser(0000000, "Max", "TestUser", true, true); + httpServletRequest.getSession().setAttribute(Constants.SESSION_AUTH, authuser); + } + + if (MiscUtil.isNotEmpty(getAuthenticatedPage())) { + if (loginPageForward) { + log.debug("Authenticated page is set. Forwarding to \"" + getAuthenticatedPage() + "\"."); + RequestDispatcher dispatcher = req.getRequestDispatcher(getAuthenticatedPage()); + dispatcher.forward(httpServletRequest, httpServletResponse); + } else { + log.debug("Authenticated page is set. Redirecting to \"" + getAuthenticatedPage() + "\"."); + httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL(getAuthenticatedPage())); + } + return; + } + + } else { + //check login Daten + if (MiscUtil.isNotEmpty(getAuthenticatedPage())) { + log.debug("Unable to find authentication data. Authenticated page is given so there is no need to save original request url. " + (loginPageForward ? "Forwarding" : "Redirecting") + " to login page \"" + loginPage + "\"."); + + } + else { + log.debug("Unable to find authentication data. Storing request url and " + (loginPageForward ? "forwarding" : "redirecting") + " to login page \"" + loginPage + "\"."); + // TODO: save HttpServletRequest + // log.debug("new CustomHttpServletRequest(request).toString() = + // {}", new + // CustomHttpServletRequest(httpServletRequest).toString()); + session.setAttribute(STORED_REQUEST_URL_ID, requestURL); + } + + if (loginPageForward) { + RequestDispatcher dispatcher = req.getRequestDispatcher(loginPage); + dispatcher.forward(httpServletRequest, httpServletResponse); + + } else { + httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL(loginPage)); + + } + + } + } + + filterchain.doFilter(req, resp); + + } + + public void init(FilterConfig filterConfig) throws ServletException { + log.debug("Starting init of " + this.getClass().getName() + "."); + + // login page + loginPage = StringUtils.trim(filterConfig.getInitParameter(WEB_XML_INIT_PARAM_LOGIN_PAGE)); + if (MiscUtil.isEmpty(loginPage)) { + throw new ServletException("ServletInitParameter \"" + WEB_XML_INIT_PARAM_LOGIN_PAGE + "\" must not be empty."); + } + loginPageForward = false; //!WebAppUtil.isFullQualifiedURL(loginPage); + + // error page + errorPage = StringUtils.trim(filterConfig.getInitParameter(WEB_XML_INIT_PARAM_ERROR_PAGE)); + if (MiscUtil.isEmpty(errorPage)) { + throw new ServletException("ServletInitParameter \"" + WEB_XML_INIT_PARAM_ERROR_PAGE + "\" must not be empty."); + } + + // session lost page + sessionLostPage = StringUtils.trim(filterConfig.getInitParameter(WEB_XML_INIT_PARAM_SESSION_LOST_PAGE)); + if (MiscUtil.isEmpty(sessionLostPage)) { + log.warn("ServletInitParameter \"" + WEB_XML_INIT_PARAM_SESSION_LOST_PAGE + + "\" is empty. This parameter defines a failsafe url the browser is redirected to if the original url has been lost due to session timeout."); + } + + // authenticated page + authenticatedPage = StringUtils.trim(filterConfig.getInitParameter(WEB_XML_INIT_PARAM_AUTHENTICATED_PAGE)); + if (MiscUtil.isEmpty(authenticatedPage)) { + log.debug("ServletInitParameter \"" + WEB_XML_INIT_PARAM_AUTHENTICATED_PAGE + + "\" is empty. This parameter defines the url the user is redirected to (instead of the original url) on successful authentication."); + } + String excluded = filterConfig.getInitParameter(WEB_XML_INIT_PARAM_ALLOWED_LIST); + ArrayList<String> excludedList = new ArrayList<String>(); + if (MiscUtil.isNotEmpty(excluded)) { + StringTokenizer tokenizer = new StringTokenizer(excluded, WEB_XML_INIT_PARAM_EXCLUDED_PAGES_DELIMITER); + while (tokenizer.hasMoreTokens()) { + String ex = StringUtils.trim(tokenizer.nextToken()); + if (MiscUtil.isNotEmpty(ex)) { + excludedList.add(ex); + } + } + } + excludedList.add(loginPage); + excludedList.add(errorPage); + excludedPages = new String[excludedList.size()]; + excludedPages = excludedList.toArray(excludedPages); + + String excludedRegExString = StringUtils.trim(filterConfig.getInitParameter(WEB_XML_INIT_PARAM_ALLOWED_REGEX)); + if (MiscUtil.isNotEmpty(excludedRegExString)) { + excludedRegEx = Pattern.compile(excludedRegExString); + } + + log.debug(WEB_XML_INIT_PARAM_LOGIN_PAGE + " [" + (loginPageForward ? "forward" : "redirect") + "] = \"" + loginPage + "\""); + log.debug(WEB_XML_INIT_PARAM_AUTHENTICATED_PAGE + " = \"" + (MiscUtil.isNotEmpty(authenticatedPage) ? authenticatedPage : "<n/a>") + "\""); + log.debug(WEB_XML_INIT_PARAM_ERROR_PAGE + " = \"" + errorPage + "\""); + log.debug(WEB_XML_INIT_PARAM_SESSION_LOST_PAGE + " = \"" + (MiscUtil.isNotEmpty(sessionLostPage) ? sessionLostPage : "<n/a>") + "\""); + log.debug(WEB_XML_INIT_PARAM_ALLOWED_LIST + " = " + ToStringUtil.toString(excludedPages, ", ", "\"")); + log.debug(WEB_XML_INIT_PARAM_ALLOWED_REGEX + " = \"" + (excludedRegEx != null ? excludedRegEx.pattern() : "<n/a>") + "\""); + } + +} |