LoginCheckFilter is a servlet filter that intercepts all inbound request to make sure the
* access is authenticated.
*
* This work is licensed under a Creative Commons License. More information at
* http://creativecommons.org/licenses/by/1.0/
*
* @version 1.0
* @since 03/10/2004
* @author (Vinny Carpenter
*/
public class LoginCheckFilter implements javax.servlet.Filter {
/** Private logger instance */
private static final Log log = LogFactory.getLog(LoginCheckFilter.class);
/** The servlet context that includes set of methods that a servlet uses to communicate with its servlet container */
private ServletContext ctx;
/** A filter configuration object used by the web container to pass information to a filter during initialization */
private FilterConfig filterConfig;
/**
* Called by the web container to indicate to a filter that it is being placed into service. The servlet container
* calls the init method exactly once after instantiating the filter. The init method must complete successfully
* before the filter is asked to do any filtering work.
* * The web container cannot place the filter into service if the init method either *
doFilter() method performs the actual filtering work. In its doFilter() method, each filter
* receives the current request and response, as well as a FilterChain containing the filters that still must be
* processed.
* * This filter is just used to capture and log information about the user being passed in to the login servlet * for tracking purposes. * * @param request Servlet request object * @param response Servlet response object * @param chain Filter chain * @exception IOException * @exception ServletException */ public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException { if (req != null) { HttpServletRequest request = (HttpServletRequest) req; //could pass in false in the getSession() to return null for new session. HttpSession mySession = request.getSession(); String loginStatus = (String) mySession.getAttribute("LOGIN"); if ((loginStatus != null) && (loginStatus.equals(Boolean.TRUE.toString()))) { log.debug("FOUND A LOGGED IN USER - PASSING THRU"); //Logged in - Let's pass thru the user chain.doFilter(req, res); } else { log.debug("FOUND A NEW USER - CHECKING STATUS"); if ((request.getRequestURI().indexOf("login") != -1) || (request.getRequestURI().indexOf("index.jsp") != -1) || (request.getRequestURI().indexOf("images") != -1) || (request.getRequestURI().indexOf("ipo.css") != -1)) { //User is going to or being redirected to login page or loading images - Let's pass thru the user log.debug("NEW USER -> LOADING CSS, IMAEGS or BEING REDIRECTED TO THE INDEX OR LOGIN PAGE"); log.debug("request.getRequestURI() = " + request.getRequestURI()); chain.doFilter(req, res); } else { log.debug("NEW USER - LET's FORWARD TO THE INDEX JSP AGE"); log.debug("request.getRequestURI() = " + request.getRequestURI()); RequestDispatcher ds = ctx.getRequestDispatcher("/index.jsp?timeout=true"); ds.forward(request, res); } } } } public void setFilterConfig(FilterConfig filterConfig) { } /** * Called by the web container to indicate to a filter that it is being taken out of service. This method is only * called once all threads within the filter's doFilter method have exited or after a timeout period has passed. * After the web container calls this method, it will not call the doFilter method again on this instance of the * filter. *
* This method gives the filter an opportunity to clean up any resources that are being held (for example, memory, * file handles, threads) and make sure that any persistent state is synchronized with the filter's current state * in memory. */ public void destroy() { this.filterConfig = null; } }