Package com.centraview.filter

Source Code of com.centraview.filter.PopulateUserObject

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
/*
* $RCSfile: PopulateUserObject.java,v $    $Revision: 1.4 $  $Date: 2005/09/01 17:55:12 $ - $Author: mcallist $
*
* The contents of this file are subject to the Open Software License
* Version 2.1 (the "License"); you may not use this file except in
* compliance with the License. You may obtain a copy of the License at
* http://www.centraview.com/opensource/license.html
*
* Software distributed under the License is distributed on an "AS IS"
* basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the
* License for the specific language governing rights and limitations
* under the License.
*
* The Original Code is: CentraView Open Source.
*
* The developer of the Original Code is CentraView.  Portions of the
* Original Code created by CentraView are Copyright (c) 2004 CentraView,
* LLC; All Rights Reserved.  The terms "CentraView" and the CentraView
* logos are trademarks and service marks of CentraView, LLC.
*/

package com.centraview.filter;

import java.io.IOException;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import com.centraview.common.UserObject;

public class PopulateUserObject implements Filter
{
  // Collection of URLs for which we do not require a valid logged-in session
  private static String[] validUrls;
  static
  {
    PopulateUserObject.validUrls = new String[7];
    PopulateUserObject.validUrls[0] = "/CustomerLogin.do";
    PopulateUserObject.validUrls[1] = "/customer_login.do";
    PopulateUserObject.validUrls[2] = "/monitor.do";
    PopulateUserObject.validUrls[3] = "/show_terms.do";
    PopulateUserObject.validUrls[4] = "/start.do";
    PopulateUserObject.validUrls[5] = "/forgot.do";
    PopulateUserObject.validUrls[6] = "/customer/login.do";
  }

  /**
   * Check if user object resides in session on each request.
   * If not present, will forward to login JSP.
   * @param request   The ServletRequest object passed in from the container.
   * @param response  The ServletResponse object passed in from the container.
   * @param chain     The Filterchain object passed in from the container.
   * @return          void
   */
  public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws ServletException, IOException
  {
    HttpServletRequest req = (HttpServletRequest)request;
    HttpServletResponse res = (HttpServletResponse)response;

    // Check to see if we are currently trying to log in.  If so, then let the request go.
    if ((request.getParameter("username") == null) && (request.getParameter("password") == null)) {
      // well we aren't trying to login in an obvious way, so check the session for a null UserObject
      HttpSession session = req.getSession(true);
      if ((UserObject)session.getAttribute("userobject") == null) {
        // Apparently we don't have a userObject.  Is this request trying to go to
        // a screen which doesn't require a valid logged-in user with a session?
        String servletPath = req.getServletPath();

        boolean isValidUrl = false;
        for (int i = 0; i < PopulateUserObject.validUrls.length; i++) {
          if (servletPath.equals(PopulateUserObject.validUrls[i])) {
            isValidUrl = true;
          }
        }

        if (! isValidUrl) {
          // nope.  Go Directly to Jail. Do not pass Go. Do not collect $200.
          req.getRequestDispatcher(res.encodeURL("/start.do")).forward(req, res);
        }
      } else if (session.getAttribute("expiredLicense") != null) {
        // okay, so we have a non null userobject on the session, BUT the license is expired
        // So the admin may be trying to dance without paying the piper.  But the chisler
        // didn't count on this filter.  He had better be trying to view or save the license and
        // that is all, or else there will be a repeat of that business that occurred in Hamelin.
        String requestURL = req.getServletPath();
        // SaveLicense.do or DisplayLicense.do or logout.do
        if (!(requestURL.matches("^/\\S+License.do$") || requestURL.matches("^/logout.do$"))) {
          // get back there and pay me!
          req.getRequestDispatcher(res.encodeURL("/DisplayLicense.do")).forward(req, res);
        }
      }
    }
    chain.doFilter(req, res);
  }   // end doFilter()

  public void init(FilterConfig filterconfigthrows ServletException { }

  public void destroy() { }

}   // end class definition
TOP

Related Classes of com.centraview.filter.PopulateUserObject

  • javax.servlet.http.HttpServletResponse
  • javax.servlet.http.HttpServletRequest
  • javax.servlet.http.HttpSession
    • TOP
    Copyright © 2018 www.massapi.com. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.