package org.appfuse.webapp.filter;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.appfuse.Constants;
import org.appfuse.model.User;
import org.appfuse.service.UserManager;
import org.appfuse.util.StringUtil;
import org.appfuse.webapp.util.RequestUtil;
import org.springframework.web.context.WebApplicationContext;
public final class LoginFilter implements Filter {
private Log log = LogFactory.getLog(LoginFilter.class);
private FilterConfig config = null;
private boolean enabled = true;
public void doFilter(ServletRequest req, ServletResponse resp,
FilterChain chain)
throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) resp;
Cookie c = RequestUtil.getCookie(request, Constants.LOGIN_COOKIE);
WebApplicationContext context =
(WebApplicationContext) config.getServletContext().getAttribute
(WebApplicationContext.ROOT_WEB_APPLICATION_CONTEXT_ATTRIBUTE);
UserManager mgr = (UserManager) context.getBean("userManager");
if (request.getRequestURL().indexOf("logout") != -1) {
if (log.isDebugEnabled()) {
log.debug("logging out '" + request.getRemoteUser() + "'");
}
mgr.removeLoginCookies(request.getRemoteUser());
RequestUtil.deleteCookie(response, c, request.getContextPath());
request.getSession().invalidate();
} else if (c != null && enabled) {
try {
String loginCookie = mgr.checkLoginCookie(c.getValue());
if (loginCookie != null) {
RequestUtil.setCookie(response, Constants.LOGIN_COOKIE,
loginCookie,
request.getContextPath());
loginCookie = StringUtil.decodeString(loginCookie);
String[] value = StringUtils.split(loginCookie, '|');
User user = (User) mgr.getUser(value[0]);
String route = "/authorize?j_username=" +
user.getUsername() + "&j_password=" +
user.getPassword();
request.setAttribute("encrypt", "false");
request.getSession(true).setAttribute("cookieLogin",
"true");
if (log.isDebugEnabled()) {
log.debug("I remember you '" + user.getUsername() +
"', attempting to authenticate...");
}
RequestDispatcher dispatcher =
request.getRequestDispatcher(route);
dispatcher.forward(request, response);
return;
}
} catch (Exception e) {
log.warn(e.getMessage());
}
}
chain.doFilter(req, resp);
}
public void init(FilterConfig config) {
this.config = config;
String param = config.getInitParameter("enabled");
enabled = Boolean.valueOf(param).booleanValue();
if (log.isDebugEnabled()) {
log.debug("Remember Me enabled: " + enabled);
}
config.getServletContext()
.setAttribute("rememberMeEnabled",
config.getInitParameter("enabled"));
}
public void destroy() {
}
}