* @param chain The Filterchain object passed in from the container.
* @return void
*/
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws ServletException, IOException
{
HttpServletRequest req = (HttpServletRequest)request;
HttpServletResponse res = (HttpServletResponse)response;
// Check to see if we are currently trying to log in. If so, then let the request go.
if ((request.getParameter("username") == null) && (request.getParameter("password") == null)) {
// well we aren't trying to login in an obvious way, so check the session for a null UserObject
HttpSession session = req.getSession(true);
if ((UserObject)session.getAttribute("userobject") == null) {
// Apparently we don't have a userObject. Is this request trying to go to
// a screen which doesn't require a valid logged-in user with a session?
String servletPath = req.getServletPath();
boolean isValidUrl = false;
for (int i = 0; i < PopulateUserObject.validUrls.length; i++) {
if (servletPath.equals(PopulateUserObject.validUrls[i])) {
isValidUrl = true;
}
}
if (! isValidUrl) {
// nope. Go Directly to Jail. Do not pass Go. Do not collect $200.
req.getRequestDispatcher(res.encodeURL("/start.do")).forward(req, res);
}
} else if (session.getAttribute("expiredLicense") != null) {
// okay, so we have a non null userobject on the session, BUT the license is expired
// So the admin may be trying to dance without paying the piper. But the chisler
// didn't count on this filter. He had better be trying to view or save the license and
// that is all, or else there will be a repeat of that business that occurred in Hamelin.
String requestURL = req.getServletPath();
// SaveLicense.do or DisplayLicense.do or logout.do
if (!(requestURL.matches("^/\\S+License.do$") || requestURL.matches("^/logout.do$"))) {
// get back there and pay me!
req.getRequestDispatcher(res.encodeURL("/DisplayLicense.do")).forward(req, res);
}
}
}
chain.doFilter(req, res);
} // end doFilter()