accesscontrolfilter.java

Oracle的J2EE Sample

/*
 * @author                        : Elangovan
 * @Version                       : 1.0
 *
 * Development Environment        :  Oracle9i JDeveloper
 * Name of the File               :  AccessControlFilter.java
 * Creation/Modification History  :
 *
 *    Elangovan    17-APR-2002     Created
 *
 */

package oracle.otnsamples.ibfbs.control;

// Java Utility classes
import java.util.HashMap;

import java.io.IOException;

// Servlet related classes

import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpSession;

// Servlet Filter classes
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;

/**
 * This class implements the Filter interface. Each request is passed through
 * filter class when the URL corresponds to the URL configured in web.xml.
 * If any invalid access is attempted, the request attribute is set so that
 * the controllerservlet redirects the user to login page. Thus this filter 
 * acts as a single point of control, restricting invalid access in the 
 * application. @see http://java.sun.com/products/servlet/Filters.html
 *
 */

public final class AccessControlFilter implements Filter {

  /** Filter configuration */
  private FilterConfig filterConfig = null;

  /** Hashmap to hold URLMappings */
  private HashMap      urlMap       = null;

  /**
   * This method is called by the server before the filter goes into service,
   * and here it initializes the filter config and the URL Mappings
   *
   * @param config Filter configuration
   * @exception ServletException 
   * @since 1.0
   */
  public void init(FilterConfig config)
    throws ServletException {

    this.filterConfig = config;

    urlMap = (HashMap) config.getServletContext().getAttribute(FBSKeys.URLMAPPINGS);

  }

  /**
   * This method performs the actual filtering work .In its doFilter() method,
   * each filter receives the current request and response, as well as a
   * FilterChain containing the filters that still must be processed. Here
   * the doFilter() method examines the request URI, if the URI is protected, and
   * the session does not have the required privileges, redirects to Login page.
   *
   * @param request Servlet request object
   * @param response Servlet response object
   * @param chain Filer chain
   * @exception IOException
   * @exception ServletException
   * @since 1.0
   */
  public void doFilter(ServletRequest request, ServletResponse response,
                       FilterChain chain)
      throws IOException, ServletException {

    HttpSession session   = ((HttpServletRequest) request).getSession();

    String      eventName = request.getParameter("EVENTNAME");

    if (eventName != null && urlMap != null ) {
      String role = (String) session.getAttribute("ROLE");

      if (role == null)    role = "DEFAULT";

      URLMapping event = (URLMapping) urlMap.get(eventName);

      if ((event != null) && (event.getRoles() != null)
              && (event.getRoles().length > 0)) {

        // New session so not logged in yet.Redirect to login page
        if (session.isNew())
          request.setAttribute("EVENTNAME", "FIRSTPAGE");

        // If invalid access, redirect to login page
        else  if (!event.isValidRole(role))
          request.setAttribute("EVENTNAME", "LOGINPAGE");
      }
    }
    else {
      request.setAttribute("EVENTNAME", "FIRSTPAGE");
    }
    // The privileges are sufficient to invoke this URL, continue normal
    // processing of the request
    chain.doFilter(request, response);
  }

  /**
   * This method is called after the filter has been taken
   * out of service.
   *
   * @since 1.0
   */
  public void destroy() {
    this.filterConfig = null;
  }
}