rolecheckfilter.java

J2EE & Tomcat books published by hope

package com.sun.j2ee.workflow.control.filters;

import java.io.*;
import java.util.*;
import javax.servlet.*;
import javax.servlet.http.*;

import com.sun.j2ee.workflow.util.Debug;
import com.sun.j2ee.workflow.util.WebKeys;
import com.sun.j2ee.workflow.control.web.UserBean;

/**
 * @author Jian (James) Cai
 */
public class RoleCheckFilter implements Filter {
  private ServletContext ctx;
  private String denyrole;
  public void init(javax.servlet.FilterConfig filterConfig) 
         throws ServletException {
    ctx = filterConfig.getServletContext();
    denyrole = filterConfig.getInitParameter("DenyRole");
    ctx.log("Filter " + filterConfig.getFilterName() + 
                                                " initialized.");
  }
    public void doFilter(javax.servlet.ServletRequest servletRequest,
                       javax.servlet.ServletResponse servletResponse,
                       javax.servlet.FilterChain filterChain)
         throws java.io.IOException, javax.servlet.ServletException {
    HttpServletRequest hsr = (HttpServletRequest)servletRequest;
    final HttpServletResponse resp = (HttpServletResponse)servletResponse;
    boolean block = false;
    String message = null;

     UserBean user = (UserBean)
        hsr.getSession().getAttribute(WebKeys.UserBeanKey);
    if (user ==null)
    {
       hsr.getRequestDispatcher("control/signin").forward(hsr, resp);
       return;
    }
     
    else 
    {
        if (user.getUserRole().equals(denyrole))
        {
            block = true;
        }
    }

    if (block==true)
      {
          hsr.setAttribute("ErrorCause", "You don't have the role to access.");
                 hsr.getRequestDispatcher("control/error").forward(hsr, resp);
    }
    else
      {
    filterChain.doFilter(hsr, resp);
      }
    }
  public void destroy() {
  }
}