authfilter.java

一个非常好的FRAMWRK!是一个外国组织做的!不!

/**
 * Copyright 2003-2005 the original author or authors.
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at

       http://www.apache.org/licenses/LICENSE-2.0

  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

package com.jdon.security.web;

import javax.servlet.*;
import javax.servlet.http.*;
import java.io.IOException;

import com.jdon.util.Debug;

public class AuthFilter implements Filter {
  private final static String module = AuthFilter.class.getName();
  public void destroy() {

  }

  public void doFilter(ServletRequest sRequest, ServletResponse sResponse,
                       FilterChain chain) throws IOException, ServletException {

    HttpServletRequest request = (HttpServletRequest) sRequest;
    HttpServletResponse response = (HttpServletResponse) sResponse;

    // <form-error-page>/account/controllAction.do?login_error</form-error-page>
    boolean authFailed = false;
    if ( (request.getParameterMap().containsKey("login_error"))) {
      Debug.logVerbose("login_error", module);
      authFailed = true;
    }

    // check to see if the user is logging out, if so, remove the
    // rememberMe cookie and password Cookie
    if ( (request.getParameterMap().containsKey("logout")) || authFailed) {
      CookieUtil.deleteAllCookie(request, response);
      Debug.logVerbose("delete all cookie", module);
    }

    if ( (request.getParameterMap().containsKey("login")) && !authFailed) {
      // Check to see if we should automatically login the user
      // container is routing user to login page, check for remember me cookie
      Debug.logVerbose("---> enable cookie auto login", module);

      String username = CookieUtil.getUsername(request);
      String password = CookieUtil.getPassword(request);
      String rememberMe = CookieUtil.getRememberMe(request);
      if ( (rememberMe != null) && (password != null)) {
        // authenticate user without displaying login page
        String route =
            "j_security_check?j_username=" + username
            + "&j_password=" + password;

        /**
         *
        StringBuffer urlBuffer = new StringBuffer(route);
        java.util.Enumeration e = request.getParameterNames();
        while (e.hasMoreElements()) {
          String param = (String) e.nextElement();
          urlBuffer.append("&");
          urlBuffer.append(param).append("=").append(request.getParameter(param));

        }
                    */
//        request.getRequestDispatcher("j_security_check").forward(request, response);
        response.sendRedirect(response.encodeRedirectURL(route.toString()));

        return;
      }
    }
    chain.doFilter(sRequest, sResponse);
  }

  private void doCookie(HttpServletRequest request,
                        HttpServletResponse response) {

  }

  public void init(FilterConfig filterConfig) throws ServletException {

  }

}