Softwareprojektmanagement/src/main/java/de/hsel/spm/baudas/web/AuthorizationFilter.java

package de.hsel.spm.baudas.web;

import org.jetbrains.annotations.NotNull;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.io.IOException;

/**
 * handles all authorisation filtering.
 *
 * @author Edgar Schkrob
 * @version 0.1
 * @since 0.4
 */

@WebFilter(urlPatterns = {"/*"})
public class AuthorizationFilter implements Filter {

    private ServletContext context;

    /**
     * initialize this filter.
     *
     * @param filterConfig configuration
     */
    @Override
    public void init(@NotNull FilterConfig filterConfig) {
        this.context = filterConfig.getServletContext();
        this.context.log("AuthorizationFilter initialized");
    }

    /**
     * filter all unauthorized requests.
     *
     * @param request  request object
     * @param response response object
     * @param chain    filter chain
     * @throws ServletException something failed inside the filter chain
     * @throws IOException      failed to redirect
     */
    @Override
    public void doFilter(@NotNull ServletRequest request, @NotNull ServletResponse response, @NotNull FilterChain chain) throws IOException, ServletException {
        HttpServletRequest req = (HttpServletRequest) request;
        HttpServletResponse res = (HttpServletResponse) response;
        HttpSession session = req.getSession(false);
        String url = req.getRequestURI();
        if (url.contains("login") || url.contains("logo") || url.contains("js/")) {
            chain.doFilter(request, response);
        } else if (session == null || session.getAttribute("authentication") == null
                || !((boolean) session.getAttribute("authentication"))) {   //checking whether the session exists and if authentication succeed
            this.context.log("Unauthorized access request");
            res.sendRedirect(req.getContextPath() + "/login.jsp");
        } else {
            chain.doFilter(request, response);

        }
    }
}