initsessionfilter.java

一个实用工具类

/*
 * Copyright (C) butor.com. All rights reserved.
 *
 * This software is published under the terms of the GNU Library General
 * Public License (GNU LGPL), a copy of which has been included with this
 * distribution in the LICENSE.txt file. 
 */


package org.butor.web.filter;

import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.Principal;
import java.util.Date;
import java.util.List;
import java.util.Locale;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import org.apache.commons.beanutils.PropertyUtils;
import org.butor.helper.UniqueIDGenerator;
import org.butor.log.Log;
import org.butor.profile.IProfile;
import org.butor.profile.Profile;
import org.butor.security.ButorSecurityChecker;
import org.butor.web.Constants;
import org.butor.web.context.IWebContext;
import org.butor.web.context.WebContext;
import org.butor.web.context.WebContextService;
import org.butor.web.helper.RequestHelper;
import org.butor.web.helper.StandardAttributes;

/**
 * Creates and initializes the session.
 * Perform the following calls:
 * - Get user profile
 * - Find application servers
 * - Get security list
 * - Checks password expiry date
 * 
 * @author 	mateusfi
 * @version $Revision: 754 $
 */
public class InitSessionFilter implements Filter {
	
	/**
	 * Initialize the context of the current request.
	 * This context will be released at the end of the jsp execution.
	 * Normally that happen in the footer.jsp using the contextreleaser TagLib.
	 */
	public static void initContext(HttpServletRequest request, HttpServletResponse response) {
		WebContext context = new WebContext();
		HttpSession session = request.getSession();
		
		// set the request at first. all other properties may
		// be set in the request if available in the web context implementation.
		context.setRequest(request);
		context.setResponse(response);
		context.setSession(request.getSession());

		context.setLocale((Locale)session.getAttribute(StandardAttributes.LOCALE_KEY));

		IProfile userProfile = (IProfile)session.getAttribute(StandardAttributes.USER_PROFILE);
		if (userProfile != null) {
			context.setLogSuffix("sid=[" + userProfile.getId() +"]");
			context.setProfile(userProfile);
			
			List roles = userProfile.getRoles();
			if (roles != null) {
				ButorSecurityChecker secProvider = new ButorSecurityChecker(roles);
				context.setSecurityChecker(secProvider);
			}
			
		} else {
			if (Log.shouldLog(InitSessionFilter.class.getName(), Log.LOG_LEVEL_MEDIUM)) {		
				Log.logStr(InitSessionFilter.class, Log.LOG_TYPE_WARN, "initContext()", "Got null user profile!");
			}
		}
		
		context.setContextName(context.getLogSuffix());
		
		WebContextService.setContext(context);

		Log.logStr(Log.LOG_LEVEL_MEDIUM, InitSessionFilter.class, Log.LOG_TYPE_INFO, "initContext()", "Done.");
	}
	
	/**
	 * Releases the context of the current thread.
	 */
	protected void releaseContext(HttpServletRequest request) {
		IWebContext context = WebContextService.getContext();
		long age = 0;
		if (context != null) {
			age = context.getAge();
		}
		
		Log.logStr(this, Log.LOG_TYPE_INFO, "doFilter", 
			"End request: " + request.getRequestURI()  +"?" +request.getQueryString() +", time: " + age +" ms");
							
		WebContextService.releaseContext();	
	}
			
	/**
	 * - If no session exists, creates one and initializes the user profile.
	 * -  Does a special check about the validity of the password.  If the 
	 * 	password is expired or has a bad format, it places a flag in the session
	 *  which indicates to any action, that the use must change his password 
	 *  before going further.
	 */
	public void doFilter(ServletRequest request, ServletResponse response,
			FilterChain filterChain)
		throws IOException, ServletException {
				
		HttpServletRequest sRequest = (HttpServletRequest)request;
		HttpServletResponse sResponse = (HttpServletResponse)response;

		//Set default CharacterEncoding
		if (request.getCharacterEncoding() == null) {
            request.setCharacterEncoding(System.getProperty(Constants.PROPERTY_CHARACTER_ENCODING,
            		Constants.DEFAULT_CHARACTER_ENCODING));
		}
		
		// Process only if the user has been authenticated.
		//TODO String username = sRequest.getRemoteUser();
		/*
		HttpSession session = sRequest.getSession();
		IProfile userProfile = null; 
		if (session != null) {
			userProfile = (IProfile) session.getAttribute(StandardAttributes.USER_PROFILE);
		}
		if (userProfile == null) {
			filterChain.doFilter(request, response);
			return;
		}
		*/

		
		try {
			//TODO initSession(sRequest, sResponse);
			
			initContext(sRequest, sResponse);				

			Log.logStr(this, Log.LOG_TYPE_INFO, "doFilter", 
				"Start request: " + sRequest.getRequestURI() +"?" +sRequest.getQueryString());

			filterChain.doFilter(request, response);
			
		} finally {
			// Be sure to release the context even if an 
			// exception occured in doFilter.
			releaseContext(sRequest);
		}
	}

 	/**
 	 * Code executed for a freshly created session.
 	 */
	protected void initSession(HttpServletRequest request, HttpServletResponse response) {
		HttpSession session = request.getSession();

		if (session.getAttribute(StandardAttributes.USER_PROFILE) != null) {
			// already done
			return;
		}
		
		assignSID(request);
		
		// keep profile in context.
		IProfile userProfile = loadUserProfile(request);
		Principal principal = request.getUserPrincipal();

		try {
			// Tries to get lastLoginDate from Principal object.  Reflection must
			// be used here because, UserPrincipal defined in Realm is not in same
			// classloader than InitSessionFilter.
			Object property = PropertyUtils.getProperty(principal, "lastLoginDate");
			if (property != null) {
				if (property instanceof Date) {
					Date lastLogin = (Date)property;
//TODO					userProfile.setLastLogin(lastLogin);				
				}
			}
		} catch (Exception e) {
			Log.logException(this, Log.LOG_TYPE_WARN, "initSession", e);
		}
		
		session.setAttribute(StandardAttributes.USER_PROFILE, userProfile);
		
		Locale locale = findLocale(request, response);
		session.setAttribute(StandardAttributes.LOCALE_KEY, locale);
		
		// Checks if user must change his password.
/*TODO		if (isPasswordExpired(userProfile.getUsername(), locale, userProfile.getServerList())) {
			session.setAttribute(StandardAttributes.MUST_CHANGE_PASSWORD, request.getServletPath());
		}
*/
	}
	
	/**
	 * Loads an instance of IUserProfile object.
	 */
	protected IProfile loadUserProfile(HttpServletRequest request) {
		// The UserProfile object contains all the information
		// about a user.
		Profile userProfile = new Profile(request.getRemoteUser(), null);		
		
		return userProfile;
	}

	/**
	 * Checks if the user must change his password.
	 * 
	 * @return true if he must change his password
	 */
	protected boolean isPasswordExpired(String username, Locale locale) {
		String language = Locale.ENGLISH.getCountry();
		if (locale != null) {
			language = locale.getCountry();
		} else {
			Log.logStr(this, Log.LOG_TYPE_WARN, "isPasswordExpired", "Got null locale!");
		}

		return false;
	}
	
	protected synchronized void assignSID(HttpServletRequest request) {
		if (request == null) {
			throw new NullPointerException("assignSID: request can't be null");
		}
		long sid = UniqueIDGenerator.getNewId();
		Log.logStr(this, Log.LOG_TYPE_INFO, "assignSID", "sid #" + sid + " got for client at " + request.getRemoteAddr());
				
		HttpSession session = request.getSession();
		session.setAttribute(UniqueIDGenerator.ID, new Long(sid));
	}
	
	protected Locale findLocale(HttpServletRequest request, HttpServletResponse response) {
		// Reset LOCAL_KEY value from language cookie at every request.
		// This is necessary to communicate the language change from a 
		// webapp to another.
		Locale locale = null;
		
		locale = (Locale) request.getAttribute(StandardAttributes.LOCALE_KEY);
		
		if (locale == null) {
			Cookie languageCookie = RequestHelper.getCookie(request, Constants.LANGUAGE);
			if (languageCookie != null) {
				locale = new Locale(languageCookie.getValue(), "");
			} 
		}
		
		if (locale == null) {
			locale = Locale.ENGLISH;
		}
		
		return locale;
	}
	/**
	 * @see javax.servlet.Filter#init(FilterConfig)
	 */
	public void init(FilterConfig config) throws ServletException {
	}

	/**
	 * @see Filter#destroy()
	 */
	public void destroy() {		
	}
}