📄 securityfilter.java.svn-base
字号:
/* * SecurityFilter.java * * Created on 2007-10-30, 10:25:50 * * To change this template, choose Tools | Templates * and open the template in the editor. */package com.s7turn.jaas.webapps;import com.s7turn.jaas.AuthorityException;import com.s7turn.jaas.Identity;import com.s7turn.jaas.LoginException;import com.s7turn.jaas.SecurityHelper;import com.s7turn.sdk.content.ContentException;import com.s7turn.sdk.content.ContentFactory;import com.s7turn.sdk.content.ContentInfo;import com.s7turn.sdk.content.ContentProvider;import com.s7turn.sdk.content.Metadata;import com.s7turn.sdk.utils.CodecUtils;import java.io.*;import java.net.*;import java.util.*;import java.text.*;import javax.faces.application.FacesMessage;import javax.servlet.*;import javax.servlet.http.*;import javax.servlet.Filter;import javax.servlet.FilterChain;import javax.servlet.FilterConfig;import javax.servlet.ServletContext;import javax.servlet.ServletException;import javax.servlet.ServletRequest;import javax.servlet.ServletResponse;import org.apache.commons.codec.digest.DigestUtils;import org.apache.commons.fileupload.FileItem;import org.apache.commons.fileupload.FileUpload;/** * * @author Long */public class SecurityFilter implements Filter { public final static String ROLE_CONTENT_ADMIN = "ContentAdmin"; // The filter configuration object we are associated with. If // this value is null, this filter instance is not currently // configured. private FilterConfig filterConfig = null; private SecurityHelper securityMgr; private int _uploadMaxFileSize = 100 * 1024 * 1024; // 10 MB private int _uploadThresholdSize = 1 * 1024 * 1024; // 1 MB private String _uploadRepositoryPath = null; //standard temp directory public SecurityFilter() { securityMgr = SecurityHelper.getInstance(); } private boolean doBeforeProcessing(ServletRequest request, ServletResponse response) throws IOException, ServletException, LoginException, AuthorityException, ContentException { if (debug) log("SecurityFilter:DoBeforeProcessing"); //request.get HttpServletRequest hsr = (HttpServletRequest) request; String page = hsr.getRequestURI(); String contentPath = hsr.getContextPath(); //this.getFilterConfig().getServletContext(); if( page.startsWith(contentPath) ) { page = page.substring(contentPath.length()); } boolean permed = securityMgr.hasPermission( Identity.getCurrentIdentity(request), page ); if( permed == false ) { throw new AuthorityException( page + " is not allowed to access by your creditance."); } String template = securityMgr.getContentTemplate( page, contentPath ); if( template != null ) { ContentFactory contentFactory = securityMgr.getContentProviderFactory(); ContentProvider provider = contentFactory.createProvider(); ContentInfo info = provider.loadContent( page, hsr ); Map inlineContents = provider.loadInlineContent( page, hsr ); request.setAttribute( "content", info ); if( inlineContents != null && inlineContents.size() > 0 ) { request.setAttribute( "inlines", inlineContents ); } if( info == null && ( inlineContents == null || inlineContents.size() == 0 ) ) { String editTemplate = securityMgr.getEditTemplate(page, contentPath); if( editTemplate != null ) { ///if the content administrator had logged in, the system will redirect to the edit ///content's page. if( Identity.getCurrentIdentity( request ).isUserInRole ( ROLE_CONTENT_ADMIN ) ) { ////dispatch the request to create a new pages. request.setAttribute( "viewId", page ); request.getRequestDispatcher( editTemplate ).forward(request, response ); return true; } } } if( !template.equals( page ) ) { request.getRequestDispatcher( template ).forward(request, response ); return true; } } return false; } private void doAfterProcessing(ServletRequest request, ServletResponse response) throws IOException, ServletException { if ( debug ) log( "SecurityFilter:DoAfterProcessing" ); } /** * * @param request The servlet request we are processing * @param result The servlet response we are creating * @param chain The filter chain we are processing * * @exception IOException if an input/output error occurs * @exception ServletException if a servlet error occurs */ public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { if( !(request instanceof HttpServletRequest) ) { chain.doFilter(request, response); return; } //if (debug) log("SecurityFilter:doFilter()"); Throwable problem = null; try { if( !doBeforeProcessing( request, response ) ) { ServletRequest requestWrapper = request; if( FileUpload.isMultipartContent( (HttpServletRequest) request ) ) { MultipartRequestWrapper mrw = new MultipartRequestWrapper( (HttpServletRequest)request, _uploadMaxFileSize, _uploadThresholdSize, _uploadRepositoryPath ); processUpload( mrw ); requestWrapper = mrw; } chain.doFilter( requestWrapper, response ); } } catch(Throwable t) { // // If an exception is thrown somewhere down the filter chain, // we still want to execute our after processing, and then // rethrow the problem after that. // problem = t; t.printStackTrace(); } doAfterProcessing(request, response); // // If there was a problem, we want to rethrow it if it is // a known type, otherwise log it. // if (problem != null) { if (problem instanceof ServletException) throw (ServletException)problem; if (problem instanceof IOException) throw (IOException)problem; String exceptionPage = securityMgr.getExceptionMappedPage( problem.getClass().getName() ); if( exceptionPage == null || exceptionPage.trim().length() == 0 ) { throw new ServletException( problem.getMessage(), problem ); } if( response instanceof HttpServletResponse ) { //FacesMessage fm; String contextPath = ((HttpServletRequest)request).getContextPath(); HttpServletResponse hsr = (HttpServletResponse) response; if( exceptionPage.startsWith("~/") ) { exceptionPage = contextPath + exceptionPage.substring(1); } hsr.sendRedirect( exceptionPage ); } } } /** * Return the filter configuration object for this filter. */ public FilterConfig getFilterConfig() { return (this.filterConfig); } /** * Set the filter configuration object for this filter. * * @param filterConfig The filter configuration object */ public void setFilterConfig(FilterConfig filterConfig) { this.filterConfig = filterConfig; } /** * Destroy method for this filter * */ public void destroy() { } protected void processUpload( MultipartRequestWrapper mrw ) throws IOException { Map fileItems = mrw.getFileItems(); Iterator entries = fileItems.entrySet().iterator(); while( entries.hasNext() ) { Map.Entry entry = (Map.Entry) entries.next(); FileItem fileItem = (FileItem) entry.getValue(); Metadata metadata = new Metadata(); metadata.setMetaType( fileItem.getContentType() ); metadata.setPath( fileItem.getName() ); metadata.setName( fileItem.getName() ); //metadata.setSize( fileItem.getSize() ); InputStream stream = null; String md5 = null; if( fileItem.isInMemory() ) { md5 = CodecUtils.md5( fileItem.get() ); //stream = new ByteArrayInputStream(fileItem.get()); metadata.setContent( fileItem.get() ); } else { stream = new BufferedInputStream( fileItem.getInputStream() ); metadata.setContentStream( stream ); md5 = CodecUtils.md5( metadata.getContent() ); stream.close(); metadata.setContentStream( null ); } metadata.setMd5( md5 ); mrw.setAttribute( fileItem.getFieldName(), metadata ); } } /** * Init method for this filter * */ public void init(FilterConfig filterConfig) { this.filterConfig = filterConfig; if (filterConfig != null) { if (debug) { log("SecurityFilter:Initializing filter"); } String param = filterConfig.getInitParameter("uploadMaxFileSize"); _uploadMaxFileSize = resolveSize(param, _uploadMaxFileSize); param = filterConfig.getInitParameter("uploadThresholdSize"); _uploadThresholdSize = resolveSize(param, _uploadThresholdSize); _uploadRepositoryPath = filterConfig.getInitParameter("uploadRepositoryPath"); securityMgr.init( filterConfig ); } } /** * Return a String representation of this object. */ public String toString() { if (filterConfig == null) return ("SecurityFilter()"); StringBuffer sb = new StringBuffer("SecurityFilter("); sb.append(filterConfig); sb.append(")"); return (sb.toString()); } public static String getStackTrace(Throwable t) { String stackTrace = null; try { StringWriter sw = new StringWriter(); PrintWriter pw = new PrintWriter(sw); t.printStackTrace(pw); pw.close(); sw.close(); stackTrace = sw.getBuffer().toString(); } catch(Exception ex) {} return stackTrace; } public void log(String msg) { filterConfig.getServletContext().log(msg); } private int resolveSize(String param, int defaultValue) { int numberParam = defaultValue; if (param != null) { param = param.toLowerCase(); int factor = 1; String number = param; if (param.endsWith("g")) { factor = 1024 * 1024 * 1024; number = param.substring(0, param.length() - 1); } else if (param.endsWith("m")) { factor = 1024 * 1024; number = param.substring(0, param.length() - 1); } else if (param.endsWith("k")) { factor = 1024; number = param.substring(0, param.length() - 1); } numberParam = Integer.parseInt(number) * factor; } return numberParam; } private static final boolean debug = true; }⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -