securityfilter.java

Some common function write by java

/*
 * SecurityFilter.java
 * 
 * Created on 2007-10-30, 10:25:50
 * 
 * To change this template, choose Tools | Templates
 * and open the template in the editor.
 */

package com.s7turn.jaas.webapps;

import com.s7turn.jaas.AuthorityException;
import com.s7turn.jaas.Identity;
import com.s7turn.jaas.LoginException;
import com.s7turn.jaas.SecurityHelper;
import com.s7turn.sdk.content.ContentException;
import com.s7turn.sdk.content.ContentFactory;
import com.s7turn.sdk.content.ContentInfo;
import com.s7turn.sdk.content.ContentProvider;
import com.s7turn.sdk.content.Metadata;
import com.s7turn.sdk.utils.CodecUtils;
import java.io.*;
import java.net.*;
import java.util.*;
import java.text.*;
import javax.faces.application.FacesMessage;
import javax.servlet.*;
import javax.servlet.http.*;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import org.apache.commons.codec.digest.DigestUtils;
import org.apache.commons.fileupload.FileItem;
import org.apache.commons.fileupload.FileUpload;

/**
 *
 * @author Long
 */
public class SecurityFilter implements Filter {
    
    public final static String ROLE_CONTENT_ADMIN = "ContentAdmin";

    // The filter configuration object we are associated with.  If
    // this value is null, this filter instance is not currently
    // configured. 
    private FilterConfig filterConfig = null;
    private SecurityHelper securityMgr;
    
    private int _uploadMaxFileSize = 100 * 1024 * 1024; // 10 MB

    private int _uploadThresholdSize = 1 * 1024 * 1024; // 1 MB
    
    private String _uploadRepositoryPath = null; //standard temp directory
        
    public SecurityFilter() {
        securityMgr = SecurityHelper.getInstance();
    } 

    private boolean doBeforeProcessing(ServletRequest request, ServletResponse response)
	throws IOException, ServletException, LoginException, AuthorityException, ContentException {
	if (debug) log("SecurityFilter:DoBeforeProcessing");
        //request.get
        HttpServletRequest hsr = (HttpServletRequest) request;
        String page = hsr.getRequestURI();
        String contentPath = hsr.getContextPath();
        //this.getFilterConfig().getServletContext();
        if( page.startsWith(contentPath) )
        {
            page = page.substring(contentPath.length());
        }
        
        boolean permed = securityMgr.hasPermission( Identity.getCurrentIdentity(request), page );
        
        if( permed == false )
        {
            throw new AuthorityException( page + " is not allowed to access by your creditance.");
        }
        
        String template = securityMgr.getContentTemplate( page, contentPath );
        if( template != null )
        {
            ContentFactory contentFactory = securityMgr.getContentProviderFactory();
            ContentProvider provider = contentFactory.createProvider();
            
            ContentInfo info = provider.loadContent( page, hsr );
            Map inlineContents = provider.loadInlineContent( page, hsr );
            request.setAttribute( "content", info );
            if( inlineContents != null && inlineContents.size() > 0 )
            {
                request.setAttribute( "inlines", inlineContents );
            }
            
            if( info == null && ( inlineContents == null || inlineContents.size() == 0 ) )
            {
                String editTemplate = securityMgr.getEditTemplate(page, contentPath);
                if( editTemplate != null )
                {
                    ///if the content administrator had logged in, the system will redirect to the edit 
                    ///content's page.
                    if( Identity.getCurrentIdentity( request ).isUserInRole ( ROLE_CONTENT_ADMIN ) )
                    {
                        ////dispatch the request to create a new pages.
                        request.setAttribute( "viewId", page );
                        request.getRequestDispatcher( editTemplate ).forward(request, response );
                        return true;                    
                    }
                }
            }
            
            if( !template.equals( page ) )
            {
                request.getRequestDispatcher( template ).forward(request, response );
                return true;
            }
            
        }
        
        return false;
        
    } 

    private void doAfterProcessing(ServletRequest request, ServletResponse response)
	throws IOException, ServletException {
	if ( debug )
            log( "SecurityFilter:DoAfterProcessing" );
    }

    /**
     *
     * @param request The servlet request we are processing
     * @param result The servlet response we are creating
     * @param chain The filter chain we are processing
     *
     * @exception IOException if an input/output error occurs
     * @exception ServletException if a servlet error occurs
     */
    public void doFilter(ServletRequest request, ServletResponse response,
                         FilterChain chain)
	throws IOException, ServletException {

        if( !(request instanceof HttpServletRequest) )
        {
            chain.doFilter(request, response);
            return;
        }
        
        //if (debug) log("SecurityFilter:doFilter()");
        
	Throwable problem = null;

	try {
            if( !doBeforeProcessing( request, response ) )
            {
                ServletRequest requestWrapper = request;
                if( FileUpload.isMultipartContent( (HttpServletRequest) request ) )
                {
                    MultipartRequestWrapper mrw = new MultipartRequestWrapper( (HttpServletRequest)request, _uploadMaxFileSize, 
                            _uploadThresholdSize, _uploadRepositoryPath );
                    processUpload( mrw );
                    requestWrapper = mrw;
                }
                chain.doFilter( requestWrapper, response );
            }
	}
	catch(Throwable t) {
	    //
	    // If an exception is thrown somewhere down the filter chain,
	    // we still want to execute our after processing, and then
	    // rethrow the problem after that.
	    //
	    problem = t;
	    t.printStackTrace();
	}

	doAfterProcessing(request, response);

	//
	// If there was a problem, we want to rethrow it if it is
	// a known type, otherwise log it.
	//
	if (problem != null) {
	    if (problem instanceof ServletException) throw (ServletException)problem;
	    if (problem instanceof IOException) throw (IOException)problem;
	    
            String exceptionPage = securityMgr.getExceptionMappedPage( problem.getClass().getName() );
            
            if( exceptionPage == null || exceptionPage.trim().length() == 0 )
            {
                throw new ServletException( problem.getMessage(), problem );
            }
            
            if( response instanceof HttpServletResponse )
            {
                //FacesMessage fm;
                String contextPath = ((HttpServletRequest)request).getContextPath();
                HttpServletResponse hsr = (HttpServletResponse) response;
                if( exceptionPage.startsWith("~/") )
                {
                    exceptionPage = contextPath + exceptionPage.substring(1);
                }
                hsr.sendRedirect( exceptionPage );
            }
            
	}
    }

    
    /**
     * Return the filter configuration object for this filter.
     */
    public FilterConfig getFilterConfig() {
	return (this.filterConfig);
    }


    /**
     * Set the filter configuration object for this filter.
     *
     * @param filterConfig The filter configuration object
     */
    public void setFilterConfig(FilterConfig filterConfig) {

	this.filterConfig = filterConfig;
    }

    /**
     * Destroy method for this filter 
     *
     */
    public void destroy() { 
    }
    
    
    protected void processUpload( MultipartRequestWrapper mrw ) throws IOException
    {
        
       Map fileItems = mrw.getFileItems();
       Iterator entries = fileItems.entrySet().iterator();
       while( entries.hasNext() )
       {
           Map.Entry entry = (Map.Entry) entries.next();
           FileItem fileItem = (FileItem) entry.getValue();
           Metadata metadata = new Metadata();
           metadata.setMetaType( fileItem.getContentType() );
           metadata.setPath( fileItem.getName() );
           metadata.setName( fileItem.getName() );
           //metadata.setSize( fileItem.getSize() );
           InputStream stream = null;
           String md5 = null;
           if( fileItem.isInMemory() )
           {
                md5 = CodecUtils.md5( fileItem.get() );
                //stream = new ByteArrayInputStream(fileItem.get());
                metadata.setContent( fileItem.get() );
           }
           else
           {
               stream = new BufferedInputStream( fileItem.getInputStream() );
               metadata.setContentStream( stream );
               md5 = CodecUtils.md5( metadata.getContent() );
               stream.close();
               metadata.setContentStream( null );
           }
           
           metadata.setMd5( md5 );
           mrw.setAttribute( fileItem.getFieldName(), metadata );
       }
        
    }


    /**
     * Init method for this filter 
     *
     */
    public void init(FilterConfig filterConfig) { 

	this.filterConfig = filterConfig;
	if (filterConfig != null) {
	    if (debug) { 
		log("SecurityFilter:Initializing filter");
	    }

            String param = filterConfig.getInitParameter("uploadMaxFileSize");

            _uploadMaxFileSize = resolveSize(param, _uploadMaxFileSize);

            param = filterConfig.getInitParameter("uploadThresholdSize");

            _uploadThresholdSize = resolveSize(param, _uploadThresholdSize);

            _uploadRepositoryPath = filterConfig.getInitParameter("uploadRepositoryPath");
        
            securityMgr.init( filterConfig );
            
            
	}
    }

    /**
     * Return a String representation of this object.
     */
    public String toString() {

	if (filterConfig == null) return ("SecurityFilter()");
	StringBuffer sb = new StringBuffer("SecurityFilter(");
	sb.append(filterConfig);
	sb.append(")");
	return (sb.toString());

    }



    public static String getStackTrace(Throwable t) {

	String stackTrace = null;
	    
	try {
	    StringWriter sw = new StringWriter();
	    PrintWriter pw = new PrintWriter(sw);
	    t.printStackTrace(pw);
	    pw.close();
	    sw.close();
	    stackTrace = sw.getBuffer().toString();
	}
	catch(Exception ex) {}
	return stackTrace;
    }

    public void log(String msg) {
	filterConfig.getServletContext().log(msg); 
    }

    private int resolveSize(String param, int defaultValue) {
        int numberParam = defaultValue;

        if (param != null) {
            param = param.toLowerCase();
            int factor = 1;
            String number = param;

            if (param.endsWith("g")) {
                factor = 1024 * 1024 * 1024;
                number = param.substring(0, param.length() - 1);
            } else if (param.endsWith("m")) {
                factor = 1024 * 1024;
                number = param.substring(0, param.length() - 1);
            } else if (param.endsWith("k")) {
                factor = 1024;
                number = param.substring(0, param.length() - 1);
            }

            numberParam = Integer.parseInt(number) * factor;
        }
        return numberParam;
    }
    
    private static final boolean debug = true;
    
    
    
}