// Implement a simple security model for now.
// Programtic security is needed to match submitters with their events.
HttpServletRequest httpRequest=(HttpServletRequest)request;
HttpServletResponse httpResponse=(HttpServletResponse)response;
SecurityHandler securityHandler=SecurityHandler.getInstance();
String resource=httpRequest.getServletPath();
logger.finer("\nEntity Filter - Have servletpath = " + resource);
if(resource.equals("/login.jsp")) {
// login page either being accessed or submitted
logger.finer("Entity Filter - have login page request or submission");
// see if parameters are submitted
String userName=request.getParameter(WebConstants.USER_NAME_PARAM);
String password=request.getParameter(WebConstants.PASSWORD_PARAM);
String accessingURL=request.getParameter("accessingURL");
if(userName != null) {
// login action
Person person=securityHandler.login(getFilterConfig().getServletContext(), httpRequest, httpResponse, userName, password);
if(person != null) {
// login successful, return originally requested resource
// don't like showing login in url because can't bookmark so redirect to it
httpResponse.sendRedirect(httpRequest.getContextPath() + accessingURL);
} else {
// error on login, populate error and go to login page again
// make sure to set hidden accessingURL again
// set response header to alert ajax calls of a login error.
httpResponse.addHeader("LogginError", WebappUtil.getMessage("login_error"));
RequestDispatcher requestDispatcher=httpRequest.getRequestDispatcher("/login.jsp?accessingURL=" +
httpResponse.encodeURL(accessingURL) + "&loginError=" +
httpResponse.encodeURL(WebappUtil.getMessage("login_error")));
requestDispatcher.forward(httpRequest, httpResponse);
return;
}
}
} else if(!securityHandler.isPersonLoggedIn(httpRequest)) {
// the person isn't logged in, see if they are accessing a protected resource
// since we have a rest type of url, need to get path info to decide if path protected
String pathInfo=httpRequest.getPathInfo();
if(pathInfo != null) {