securityfilter.java

icsamples目录中有icsamples网络程序。 这个程序包括J2EE网络层的范例程序

/*
 */

package jwadbook.filter;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.RequestDispatcher;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpServletRequestWrapper;
import javax.servlet.http.HttpServletResponseWrapper;
import java.io.*;
import java.util.*;

/**
 *
 * @author Jian (James) Cai
 */


public class SecurityFilter implements Filter{

    /** Creates new Filter extends GenericFilter */
     /** HttpServletRequestWrapper modifies the request header and data */
    
    FilterConfig filterConfig;
    public SecurityFilter() {
    }
    
    
    public void init(final FilterConfig fConf) 
    {
        filterConfig = fConf;
    }

    public void destroy()
    {

    }
    
    public void doFilter(final ServletRequest request,
			 final ServletResponse response,
			 FilterChain chain) 
	throws java.io.IOException, javax.servlet.ServletException 
    {
	Vector emptyprameters = new Vector();
	HttpServletRequest httprequest = (HttpServletRequest)request;
	GenericRequestWrapper wrapper = new GenericRequestWrapper(httprequest);
	
	//to examine the request if there are empty values, fill the default one
	Enumeration paramNames = httprequest.getParameterNames();
     String rightpass = filterConfig.getInitParameter("rightpass");
	while (paramNames.hasMoreElements()) {
	    String paramName = (String)paramNames.nextElement();
	    String[] paramValues = httprequest.getParameterValues(paramName);
	    if(paramName.equals("Password"))
		{
			    String paramValue = paramValues[0];
			    if (!(paramValue.equals(rightpass)))
				{
				    wrapper.setParameterValue(paramName, "wrong");
				    PrintWriter out = response.getWriter();
                         out.println(" <FONT COLOR='#009999' SIZE='4' face='Arial'> ");
                         out.println(" <STRONG>This table is generated from the SecurityFilter</STRONG> ");
                         out.println(" </FONT> ");
                         out.println(" <HR> ");
                         out.println(" <H2></H2> ");
                         out.println("<CENTER>");
				     out.println("Wrong Password! Please Try Again");                         
                         out.println("</CENTER>");                        
                         out.flush();
				}
			    else
				{
				    wrapper.setParameterValue(paramName, paramValue);
				}			   
		}
	    else //no Password appear, assume no security protection
		{
		    if (paramValues.length== 1)
			{
			    String paramValue = paramValues[0];
			    wrapper.setParameterValue(paramName, paramValue);
			}
		}
       }
			    chain.doFilter(wrapper, response);
    }

}