mindwrecking!
/*
* Created on jan 23, 2005
*
*/
package com.skp.kaak.ui.auth;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
import javax.servlet.*;
import javax.servlet.http.*;
import com.skp.kaak.*;
import com.skp.kaak.ui.cache.*;
import com.skp.kaak.users.*;
/**
* @author fadhli
*
* The filter class that intercepts all request to protected resource in the
* web application. Those who are not authenticated are redirected to login.
*/
public class AuthFilter implements Filter{
public static final String SESSION_USER = "SESSION_USER";
// WARNING: the login path must be somewhere that don't need authentication!
public static final String CONFIG_LOGIN_PAGE = "auth.login.uri";
public static final String GROUP_ADMINISTRATORS = "administrators";
public final static String AMP_REPLACEMENT = "_____";
private static String CONTEXT_PATH;
private static String PUBLIC_URI = "/pub/";
private static String ADMIN_FOLDER = "/admin/";
private FilterConfig fc;
/* (non-Javadoc)
* @see javax.servlet.Filter#init(javax.servlet.FilterConfig)
*/
public void init(FilterConfig fc) throws ServletException {
this.fc = fc;
URL url = null;
try {
url = fc.getServletContext().getResource("/");
} catch (MalformedURLException e) {
e.printStackTrace();
}
System.out.println("\nAuthFilter:init:path=" + url.getPath());
String path = url.getPath();
// get just the URI
int pos = path.indexOf('/', 5);
if (path.endsWith("/")){
path = path.substring(pos, path.length() - 1);
} else{
path = path.substring(pos, path.length());
}
CONTEXT_PATH = path;
System.out.println("AuthFilter:init:CONTEXT_PATH=" + CONTEXT_PATH);
PUBLIC_URI = path + PUBLIC_URI;
System.out.println("AuthFilter:init:PUBLIC_URI=" + PUBLIC_URI);
ADMIN_FOLDER = path + ADMIN_FOLDER;
System.out.println("AuthFilter:init:ADMIN_FOLDER=" + ADMIN_FOLDER);
}
public String getPublicURI(){
return PUBLIC_URI;
}
public String getAdminFolderURI(){
return ADMIN_FOLDER;
}
/* (non-Javadoc)
* @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain)
*/
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
throws IOException, ServletException {
// check if the page doesn't need to be authenticated
HttpServletRequest hReq = (HttpServletRequest) req;
String reqUrl = hReq.getRequestURI();
//System.out.println("AuthFilter.doFilter:requested uri=" + reqUrl);
String qs = hReq.getQueryString();
//System.out.println("AuthFilter.doFilter:query string=" + qs);
if (reqUrl.startsWith(PUBLIC_URI)){
chain.doFilter(req, res);
} else{
// check if the user has been authenticated
HttpSession sess = hReq.getSession();
UserCache user = (UserCache) sess.getAttribute(SESSION_USER);
if (user == null){
// redirect to do login first
HttpServletResponse hRes = (HttpServletResponse) res;
String loginPage = SystemConfig.getValue(CONFIG_LOGIN_PAGE);
String qString = hReq.getQueryString();
if (reqUrl.length() > 1){
loginPage += "?redirect=" + reqUrl;
if (qString != null){
loginPage += "&qs=" + qString.replaceAll("\\&", AMP_REPLACEMENT);
}
}
hRes.sendRedirect(loginPage);
return;
} else{
if (reqUrl.startsWith(ADMIN_FOLDER)){
// check if user is System Administrators group
if (!UserManager.isUserInGroup(user.userId, GROUP_ADMINISTRATORS)){
HttpServletResponse hRes = (HttpServletResponse) res;
hRes.sendRedirect(CONTEXT_PATH + "/exception/access-denied.jsp");
return;
}
}
chain.doFilter(req, res);
}
}
}
/* (non-Javadoc)
* @see javax.servlet.Filter#destroy()
*/
public void destroy() {
// TODO Auto-generated method stub
}
}
/*
* Created on Jan 23, 2005
*
* To change the template for this generated file go to
* Window>Preferences>Java>Code Generation>Code and Comments
*/
package com.skp.mcms.ui.auth;
import java.io.*;
import javax.servlet.http.*;
import com.skp.kaak.*;
import com.skp.kaak.ui.utils.*;
import com.skp.kaak.users.*;
import com.skp.kaak.ui.cache.*;
/**
* @author fadhli
*
* Controller object to authenticate user.
*/
public class DoLogin extends HttpServlet {
public void doPost(HttpServletRequest req, HttpServletResponse res){
String userId = req.getParameter("userId");
String password = req.getParameter("password");
String redirect = req.getParameter("redirect");
String qs = req.getParameter("qs");
if (UserManager.authenticate(userId, password)){
// create UserCache and store in session
UserCache user = new UserCache();
user.userId = userId;
user.name = UserManager.getName(userId);
HttpSession sess = req.getSession();
sess.setAttribute(AuthFilter.SESSION_USER, user);
try{
if (redirect != null && redirect.length() > 0){
redirect = redirect + (qs == null? "" : "?" + qs.replaceAll(AuthFilter.AMP_REPLACEMENT, "&"));
res.sendRedirect(redirect);
} else{
Util.Web.sendRedirect(req, res, null);
}
} catch (IOException e){
e.printStackTrace();
}
} else{
try {
res.sendRedirect(SystemConfig.getValue(AuthFilter.CONFIG_LOGIN_PAGE));
} catch (IOException e) {
e.printStackTrace();
}
}
}
}
/*
* Created on Jan 23, 2005
*
* To change the template for this generated file go to
* Window>Preferences>Java>Code Generation>Code and Comments
*/
package com.skp.mcms.ui.auth;
import java.io.*;
import javax.servlet.http.*;
import com.skp.kaak.*;
/**
* @author fadhli
*
* Controller object to authenticate user.
*/
public class DoLogout extends HttpServlet {
public void doGet(HttpServletRequest req, HttpServletResponse res){
HttpSession sess = req.getSession();
sess.invalidate();
try {
res.sendRedirect(SystemConfig.getValue(AuthFilter.CONFIG_LOGIN_PAGE));
} catch (IOException e) {
e.printStackTrace();
}
}
}
and this is just 1/100 of all of it...
it's time like this i feel like i have no life.... ~~~sob
wishing for all of this to end quickly.
* Created on jan 23, 2005
*
*/
package com.skp.kaak.ui.auth;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
import javax.servlet.*;
import javax.servlet.http.*;
import com.skp.kaak.*;
import com.skp.kaak.ui.cache.*;
import com.skp.kaak.users.*;
/**
* @author fadhli
*
* The filter class that intercepts all request to protected resource in the
* web application. Those who are not authenticated are redirected to login.
*/
public class AuthFilter implements Filter{
public static final String SESSION_USER = "SESSION_USER";
// WARNING: the login path must be somewhere that don't need authentication!
public static final String CONFIG_LOGIN_PAGE = "auth.login.uri";
public static final String GROUP_ADMINISTRATORS = "administrators";
public final static String AMP_REPLACEMENT = "_____";
private static String CONTEXT_PATH;
private static String PUBLIC_URI = "/pub/";
private static String ADMIN_FOLDER = "/admin/";
private FilterConfig fc;
/* (non-Javadoc)
* @see javax.servlet.Filter#init(javax.servlet.FilterConfig)
*/
public void init(FilterConfig fc) throws ServletException {
this.fc = fc;
URL url = null;
try {
url = fc.getServletContext().getResource("/");
} catch (MalformedURLException e) {
e.printStackTrace();
}
System.out.println("\nAuthFilter:init:path=" + url.getPath());
String path = url.getPath();
// get just the URI
int pos = path.indexOf('/', 5);
if (path.endsWith("/")){
path = path.substring(pos, path.length() - 1);
} else{
path = path.substring(pos, path.length());
}
CONTEXT_PATH = path;
System.out.println("AuthFilter:init:CONTEXT_PATH=" + CONTEXT_PATH);
PUBLIC_URI = path + PUBLIC_URI;
System.out.println("AuthFilter:init:PUBLIC_URI=" + PUBLIC_URI);
ADMIN_FOLDER = path + ADMIN_FOLDER;
System.out.println("AuthFilter:init:ADMIN_FOLDER=" + ADMIN_FOLDER);
}
public String getPublicURI(){
return PUBLIC_URI;
}
public String getAdminFolderURI(){
return ADMIN_FOLDER;
}
/* (non-Javadoc)
* @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain)
*/
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
throws IOException, ServletException {
// check if the page doesn't need to be authenticated
HttpServletRequest hReq = (HttpServletRequest) req;
String reqUrl = hReq.getRequestURI();
//System.out.println("AuthFilter.doFilter:requested uri=" + reqUrl);
String qs = hReq.getQueryString();
//System.out.println("AuthFilter.doFilter:query string=" + qs);
if (reqUrl.startsWith(PUBLIC_URI)){
chain.doFilter(req, res);
} else{
// check if the user has been authenticated
HttpSession sess = hReq.getSession();
UserCache user = (UserCache) sess.getAttribute(SESSION_USER);
if (user == null){
// redirect to do login first
HttpServletResponse hRes = (HttpServletResponse) res;
String loginPage = SystemConfig.getValue(CONFIG_LOGIN_PAGE);
String qString = hReq.getQueryString();
if (reqUrl.length() > 1){
loginPage += "?redirect=" + reqUrl;
if (qString != null){
loginPage += "&qs=" + qString.replaceAll("\\&", AMP_REPLACEMENT);
}
}
hRes.sendRedirect(loginPage);
return;
} else{
if (reqUrl.startsWith(ADMIN_FOLDER)){
// check if user is System Administrators group
if (!UserManager.isUserInGroup(user.userId, GROUP_ADMINISTRATORS)){
HttpServletResponse hRes = (HttpServletResponse) res;
hRes.sendRedirect(CONTEXT_PATH + "/exception/access-denied.jsp");
return;
}
}
chain.doFilter(req, res);
}
}
}
/* (non-Javadoc)
* @see javax.servlet.Filter#destroy()
*/
public void destroy() {
// TODO Auto-generated method stub
}
}
/*
* Created on Jan 23, 2005
*
* To change the template for this generated file go to
* Window>Preferences>Java>Code Generation>Code and Comments
*/
package com.skp.mcms.ui.auth;
import java.io.*;
import javax.servlet.http.*;
import com.skp.kaak.*;
import com.skp.kaak.ui.utils.*;
import com.skp.kaak.users.*;
import com.skp.kaak.ui.cache.*;
/**
* @author fadhli
*
* Controller object to authenticate user.
*/
public class DoLogin extends HttpServlet {
public void doPost(HttpServletRequest req, HttpServletResponse res){
String userId = req.getParameter("userId");
String password = req.getParameter("password");
String redirect = req.getParameter("redirect");
String qs = req.getParameter("qs");
if (UserManager.authenticate(userId, password)){
// create UserCache and store in session
UserCache user = new UserCache();
user.userId = userId;
user.name = UserManager.getName(userId);
HttpSession sess = req.getSession();
sess.setAttribute(AuthFilter.SESSION_USER, user);
try{
if (redirect != null && redirect.length() > 0){
redirect = redirect + (qs == null? "" : "?" + qs.replaceAll(AuthFilter.AMP_REPLACEMENT, "&"));
res.sendRedirect(redirect);
} else{
Util.Web.sendRedirect(req, res, null);
}
} catch (IOException e){
e.printStackTrace();
}
} else{
try {
res.sendRedirect(SystemConfig.getValue(AuthFilter.CONFIG_LOGIN_PAGE));
} catch (IOException e) {
e.printStackTrace();
}
}
}
}
/*
* Created on Jan 23, 2005
*
* To change the template for this generated file go to
* Window>Preferences>Java>Code Generation>Code and Comments
*/
package com.skp.mcms.ui.auth;
import java.io.*;
import javax.servlet.http.*;
import com.skp.kaak.*;
/**
* @author fadhli
*
* Controller object to authenticate user.
*/
public class DoLogout extends HttpServlet {
public void doGet(HttpServletRequest req, HttpServletResponse res){
HttpSession sess = req.getSession();
sess.invalidate();
try {
res.sendRedirect(SystemConfig.getValue(AuthFilter.CONFIG_LOGIN_PAGE));
} catch (IOException e) {
e.printStackTrace();
}
}
}
and this is just 1/100 of all of it...
it's time like this i feel like i have no life.... ~~~sob
wishing for all of this to end quickly.
posted by Fadhli Rahim at 3:47 AM
<< Home