examplesessionauthenticationfilter.java

网上购物系统

//----------------------------------------------------------
//$Id: SessionAuthenticationFilter.java,v 1.4 2006/09/04 14:43:18 Michael Exp $
//Copyright (c) SHSAFE 2005-2006. All Rights Reserved.
//----------------------------------------------------------
package example.common.servlet.filter;

import java.io.IOException;
import java.util.HashSet;
import java.util.Set;

import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import org.apache.commons.lang.StringUtils;

import com.shsafe.common.servlet.filter.BaseFilter;

/**
* Filter to perform the authentication job through session
* 
* @author Michael J Chane
* @version $Revision: 1.4 $ $Date: 2006/09/04 14:43:18 $
*/
public class ExampleSessionAuthenticationFilter extends BaseFilter {

/**
* Session key
*/
private String sessionKey;

/**
* Regular expression for exclusion path (case-sensitive)
*/
private String exclusions;

/**
* Exclusion set
*/
private Set<String> exclusionSet;

/**
* Initializations on the filter.
* 
* @param filterConfig
*          FilterConfig
* @throws ServletException
*           if an unexpected servlet exception occurs
*/
@Override
public void init(FilterConfig filterConfig) throws ServletException {
 super.init(filterConfig);
 sessionKey = filterConfig.getInitParameter("sessionKey");
 exclusions = filterConfig.getInitParameter("exclusions");
 exclusionSet = new HashSet<String>();
 String[] exclusionArray = StringUtils.split(exclusions, ",");
 if (exclusionArray != null) {
   for (String exclusion : exclusionArray) {
     exclusionSet.add(exclusion.trim());
   }
 }
}

/**
* Performs the filter action.
* 
* @param request
*          ServletRequest
* @param response
*          ServletResponse
* @param chain
*          FilterChain
* @throws IOException
*           if an unexpected I/O exception occurs
* @throws ServletException
*           if an unexpected servlet exception occurs
*/
public void doFilter(ServletRequest request,
                    ServletResponse response,
                    FilterChain chain) throws IOException, ServletException {

 HttpServletRequest httpRequest = (HttpServletRequest) request;
 HttpServletResponse httpResponse = (HttpServletResponse) response;

 if (isExclusion(httpRequest) && !isAuthorizedRequest(httpRequest)) {
   StringBuilder buff = new StringBuilder(
       "Unauthorized request has been denied! (Remote Addr: ").append(
       httpRequest.getRemoteAddr()).append(" Server Path: ").append(
       httpRequest.getServletPath()).append(")");
   log.info(buff);
   processFailure(httpRequest, httpResponse);
   return;
 }

 // Passes the control on to the next filter
 chain.doFilter(request, response);
}

/**
* Releases the allocated resources of the filter.
*/
@Override
public void destroy() {
 sessionKey = null;
 exclusions = null;
 exclusionSet = null;
 super.destroy();
}

/**
* /** Retrieves the sessionKey.
* 
* @return Returns the sessionKey.
*/
public String getSessionKey() {
 return sessionKey;
}

/**
* Sets the sessionKey to the given value.
* 
* @param sessionKey
*          The sessionKey to set.
*/
public void setSessionKey(String sessionKey) {
 this.sessionKey = sessionKey;
}

/**
* Retrieves the exclusions.
* 
* @return Returns the exclusions.
*/
public String getExclusions() {
 return exclusions;
}

/**
* Sets the exclusions to the given value.
* 
* @param exclusions
*          The exclusions to set.
*/
public void setExclusions(String exclusions) {
 this.exclusions = exclusions;
}

/**
* Determines whether the specified HTTP request should be excluded in this
* authentication.
* 
* @param request
*          HTTP request
* @return <code>true</code> if the request should be excluded;<br>
*         <code>false</code> otherwise
* @throws IOException
*           if an unexpected I/O exception occurs
* @throws ServletException
*           if an unexpected servlet exception occurs
*/
@SuppressWarnings( {
   "unused", "unused" // Reserved for expansion
})
protected boolean isExclusion(HttpServletRequest request) throws IOException,
   ServletException {
 String servletPath = request.getServletPath();
 return exclusionSet.contains(servletPath);
}

/**
* Determines whether the specified HTTP request is authorized.
* 
* @param request
*          HTTP request
* @return <code>true</code> if the request is valid;<br>
*         <code>false</code> otherwise
* @throws IOException
*           if an unexpected I/O exception occurs
* @throws ServletException
*           if an unexpected servlet exception occurs
*/
@SuppressWarnings( {
   "unused", "unused" // Reserved for expansion
})
protected boolean isAuthorizedRequest(HttpServletRequest request)
   throws IOException, ServletException {
 HttpSession session = request.getSession(false);
 if (session == null) {
   return false;
 }

 Object sessionObject = session.getAttribute(getSessionKey());
 return isValidSessionObject(sessionObject);
}

/**
* Determines whether the found session object is valid
* 
* @param sessionObject
*          the found session object
* @return <code>true</code> if the session object is valid;<br>
*         <code>false</code> otherwise
*/
protected boolean isValidSessionObject(Object sessionObject) {
 return sessionObject != null;
}

/**
* Process that handles the unauthorized request
* 
* @param request
*          HTTP request
* @param response
*          HTTP response
* @throws IOException
*           if an unexpected I/O exception occurs
* @throws ServletException
*           if an unexpected servlet exception occurs
*/
@SuppressWarnings("unused")
// Reserved for expansion
protected void processFailure(HttpServletRequest request,
                             HttpServletResponse response)
   throws ServletException, IOException {
 log.info("401 error sent for this unauthorized request");
 response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
}

}