📄 servicesecurityfilter.java
字号:
/*
* ServiceSecurityFilter.java
*
* Created on 2004/04/23, 12:00:00
*/
package jp.co.intra_mart.framework.base.service;
import java.io.IOException;
import java.util.MissingResourceException;
import java.util.ResourceBundle;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import jp.co.intra_mart.framework.base.session.SessionManager;
import jp.co.intra_mart.framework.base.session.SessionManagerException;
import jp.co.intra_mart.framework.base.session.SessionPropertyException;
import jp.co.intra_mart.framework.base.session.SessionPropertyHandler;
import jp.co.intra_mart.framework.system.log.LogConstant;
import jp.co.intra_mart.framework.system.log.LogManager;
import jp.co.intra_mart.framework.util.SecurityUtil;
/**
* intra-mart夋柺傪昞帵偡傞URL偺嵓徧傪僠僃僢僋偡傞偨傔偺僼傿儖僞偱偡丅
* 偙偺僼傿儖僞偼師偺弶婜壔僷儔儊乕僞傪愝掕偡傞昁梫偑偁傝傑偡丅
* <table border="1">
* <tr>
* <th>僷儔儊乕僞柤</th>
* <th>抣</th>
* </tr>
* <tr>
* <td>error-page</td>
* <td>僙僉儏儕僥傿堘斀帪偵慗堏偡傞儁乕僕偺僷僗丅<br>
* 僐儞僥僉僗僩僷僗偐傜偺憡懳僷僗偱巜掕偡傞昁梫偑偁傞丅<br>
* 僷僗偺愭摢偼"/"偱巜掕偡傞丅</td>
* </tr>
* </table>
* <br><br>
* 偙偺僼傿儖僞傪愝掕偡傞応崌丄{@link ServiceServlet}偼奼挘巕偵傛傞儅僢僺儞僌偑峴傢傟傞昁梫偑偁傝傑偡丅
*
* @author INTRAMART
* @since 4.3
*/
public class ServiceSecurityFilter implements Filter {
/**
* FilterConfig
*/
private FilterConfig filterConfig;
/**
* 僒乕價僗儅僱乕僕儍
*/
private ServiceManager serviceManager;
/**
* 僒乕價僗僾儘僷僥傿僴儞僪儔
*/
private ServicePropertyHandler serviceHandler;
/**
* 僙僢僔儑儞儅僱乕僕儍
*/
private SessionManager sessionManager;
/**
* 僙僢僔儑儞僾儘僷僥傿僴儞僪儔
*/
private SessionPropertyHandler sessionHandler;
/**
* 傾僾儕働乕僔儑儞ID偺僷儔儊乕僞柤
*/
private String applicationParameterName;
/**
* 僒乕價僗ID偺僷儔儊乕僞柤
*/
private String serviceParameterName;
/**
* 儕僋僄僗僩偵搊榐偡傞ServiceServletFilter偺懏惈柤
*/
public static final String ID_SERVICE_SECURITY_FILTER =
"jp.co.intra_mart.framework.base.service.ServiceSecurityFilter";
/**
* 僄儔乕儁乕僕僷僗偺僷儔儊乕僞柤
*/
public static final String PARAM_ERROR_PAGE = "error-page";
/**
* 僄儔乕儁乕僕僷僗
*/
private String errorPagePath;
/**
* 偙偺僼傿儖僞傪弶婜壔偟傑偡丅
*
* @param filterConfig FilterConfig
* @throws ServletException 僼傿儖僞撪偱椺奜偑敪惗
*/
public void init(FilterConfig filterConfig) throws ServletException {
this.filterConfig = filterConfig;
// 僒乕價僗儅僱乕僕儍偺愝掕
try {
this.serviceManager = ServiceManager.getServiceManager();
} catch (ServiceManagerException e) {
throw new ServletException(e.getMessage(), e);
}
// 僒乕價僗僾儘僷僥傿僴儞僪儔偺愝掕
this.serviceHandler = this.serviceManager.getServicePropertyHandler();
// 僙僢僔儑儞儅僱乕僕儍偺愝掕
try {
this.sessionManager = SessionManager.getSessionManager();
} catch (SessionManagerException e) {
throw new ServletException(e.getMessage(), e);
}
// 僙僢僔儑儞僾儘僷僥傿僴儞僪儔偺愝掕
this.sessionHandler = this.sessionManager.getSessionPropertyHandler();
// 傾僾儕働乕僔儑儞ID偺僷儔儊乕僞柤偺愝掕
try {
this.applicationParameterName =
this.serviceHandler.getApplicationParamName();
} catch (ServicePropertyException e) {
throw new ServletException(e.getMessage(), e);
}
// 僒乕價僗ID偺僷儔儊乕僞柤偺愝掕
try {
this.serviceParameterName =
this.serviceHandler.getServiceParamName();
} catch (ServicePropertyException e) {
throw new ServletException(e.getMessage(), e);
}
// 僼傿儖僞乕偺堷悢傛傝僄儔乕儁乕僕僷僗傪庢摼
this.errorPagePath =
this.filterConfig.getInitParameter(PARAM_ERROR_PAGE);
if (this.errorPagePath == null || this.errorPagePath.equals("")) {
String errorMessage = null;
try {
errorMessage =
ResourceBundle
.getBundle("jp.co.intra_mart.framework.base.service.i18n")
.getString("ServiceSecurityFilter.SecurityErrorPageRequired");
} catch (MissingResourceException e) {
}
ServletException exception = new ServletException(errorMessage);
LogManager.getLogManager().getLogAgent().sendMessage(
ServiceServlet.class.getName(),
LogConstant.LEVEL_ERROR,
ServiceManager.LOG_HEAD + errorMessage,
exception);
throw exception;
}
}
/**
* session偵搊榐偝傟偨忣曬偲丄parameter偺忣曬傪斾妑偟傑偡丅
*
* @param servletRequest 儕僋僄僗僩
* @param servletResponse 儗僗億儞僗
* @param filterChain 僼傿儖僞僠僃僀儞
* @throws IOException 僼傿儖僞張棟幚峴帪偵IOException偑敪惗
* @throws ServletException 僼傿儖僞張棟幚峴帪偵ServletException偑敪惗
*/
public void doFilter(
ServletRequest servletRequest,
ServletResponse servletResponse,
FilterChain filterChain)
throws ServletException, IOException {
HttpServletRequest request = (HttpServletRequest)servletRequest;
HttpServletResponse response = (HttpServletResponse)servletResponse;
HttpSession httpSession = null;
String applicationID = null;
String serviceID = null;
String requestQuery = null;
String strCode = null;
String errorPage = null;
// 傾僾儕働乕僔儑儞ID偺庢摼
applicationID = request.getParameter(this.applicationParameterName);
if (applicationID == null || applicationID.equals("")) {
try {
errorPage = this.sessionHandler.getSessionErrorPagePath();
} catch (SessionPropertyException e) {
throw new ServletException(e.getMessage(), e);
}
request.getRequestDispatcher(errorPage).forward(request, response);
return;
}
// 僒乕價僗ID偺庢摼
serviceID = request.getParameter(this.serviceParameterName);
if (serviceID == null || serviceID.equals("")) {
String errorMessage = null;
try {
errorPage = this.sessionHandler.getSessionErrorPagePath();
} catch (SessionPropertyException e) {
throw new ServletException(e.getMessage(), e);
}
request.getRequestDispatcher(errorPage).forward(request, response);
return;
}
// 僙僢僔儑儞庢摼
httpSession = request.getSession(false);
if (httpSession == null) {
try {
errorPage = this.sessionHandler.getSessionErrorPagePath();
} catch (SessionPropertyException e) {
throw new ServletException(e.getMessage(), e);
}
request.getRequestDispatcher(errorPage).forward(request, response);
return;
}
String servletPath = request.getServletPath();
String pathInfo = request.getPathInfo();
String securePath = null;
String suffix = null;
if (pathInfo == null) {
int periodIndex = servletPath.lastIndexOf('.');
securePath = servletPath.substring(1, periodIndex);
suffix = servletPath.substring(periodIndex + 1);
} else {
// 奼挘巕儅僢僺儞僌偱側偄応崌偼僄儔乕
request.getRequestDispatcher(this.errorPagePath).forward(
request,
response);
return;
}
// 僙僢僔儑儞ID丄傾僾儕働乕僔儑儞ID丄僙僢僔儑儞傛傝埫崋壔
strCode =
SecurityUtil.createCheckSum(applicationID, serviceID, httpSession);
// 僋僄儕乕偺専徹
if (!securePath.equalsIgnoreCase(strCode)) {
// request偺僋僄儕乕偲埫崋壔偟偨忣曬偑堦抳偟側偄応崌僄儔乕
request.getRequestDispatcher(this.errorPagePath).forward(
request,
response);
return;
}
// ServiceSecurityFilter偺僼儔僌俷俶
request.setAttribute(ID_SERVICE_SECURITY_FILTER, suffix);
filterChain.doFilter(request, response);
}
/**
* 僼傿儖僞傪攋婞偟傑偡丅
*/
public void destroy() {
this.filterConfig = null;
// 僒乕價僗儅僱乕僕儍偺愝掕
this.serviceManager = null;
// 僒乕價僗僾儘僷僥傿僴儞僪儔偺愝掕
this.serviceHandler = null;
// 僙僢僔儑儞儅僱乕僕儍偺愝掕
this.sessionManager = null;
// 僙僢僔儑儞僾儘僷僥傿僴儞僪儔偺愝掕
this.sessionHandler = null;
this.applicationParameterName = null;
this.serviceParameterName = null;
}
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -