| Overview | Package | Class | Use | Tree | Deprecated | Index | Help |
|
|
|||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||
java.lang.Objectedu.nrao.sss.webapp.AuthFilter
public class AuthFilter
AuthFilter redirects users to login with the User DB before proceeding with their query (if they haven't logged in yet).
When a request is received, the session is retrieved or created if it
doesn't exist. If there is a edu.nrao.sss.webapp.User object in the session
that has a name equal to userAttributeName, then our query is
passed through unaltered. If the user object doesn't exist, the filter looks
to see if there is a paramter in the request query equal to AUTH_TOKEN.
If so, we create a user from the authentication token provided and store it
in the session. If the authentication token is invalid, an exception is thrown.
If AUTH_TOKEN was not found in the request parameters and there is no user
object, then the user needs to log in. We redirect to
the address specified in loginPage.
The only exception to the behavior described above is when the original request
parameters include a parameter that ends with "LOGOUT", in which case the current
session is ivalidated (as are the cookies) and the user is redirected to the
user db again with an address of userDB + "?action=returnUser&tok=" +
authenticationToken.
If an extraneous or unnecessary AUTH_TOKEN query parameter is in the url,
it is removed, and the user is redirected to remove the token from his/her
browser url.
| Field Summary | |
|---|---|
protected static String |
AUTH_TOKEN
The name of the query parameter to retrieve the auth token. |
protected String |
loginPage
set equal to this.userDB + "?action=login&returnAddress=" |
protected static String |
userAttributeName
The name of the attribute that will be put in the session that holds the User object. |
protected String |
userDB
The base url name for the user data base. |
| Constructor Summary | |
|---|---|
AuthFilter()
|
|
| Method Summary | |
|---|---|
void |
destroy()
This method is currently empty |
void |
doFilter(javax.servlet.ServletRequest request,
javax.servlet.ServletResponse response,
javax.servlet.FilterChain chain)
This method checks to see if request has a valid session and it has a User object in the session. |
static String |
getUserAttributeName()
|
void |
init(javax.servlet.FilterConfig conf)
This method initializes the filter from param values in the web.xml config file. |
| Methods inherited from class java.lang.Object |
|---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
| Field Detail |
|---|
protected String userDB
protected static String userAttributeName
Userprotected static final String AUTH_TOKEN
protected String loginPage
| Constructor Detail |
|---|
public AuthFilter()
| Method Detail |
|---|
public void init(javax.servlet.FilterConfig conf)
throws javax.servlet.ServletException
init in interface javax.servlet.Filterjavax.servlet.ServletExceptionFilter.init(javax.servlet.FilterConfig)public static String getUserAttributeName()
public void doFilter(javax.servlet.ServletRequest request,
javax.servlet.ServletResponse response,
javax.servlet.FilterChain chain)
throws IOException,
javax.servlet.ServletException
doFilter in interface javax.servlet.FilterIOException
javax.servlet.ServletExceptionAuthFilter(),
Filter.doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain)public void destroy()
destroy in interface javax.servlet.FilterFilter.destroy()
|
|
|||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||