68 lines
2.3 KiB
Java
68 lines
2.3 KiB
Java
package de.hsel.spm.baudas.web;
|
|
|
|
import org.jetbrains.annotations.NotNull;
|
|
|
|
import javax.servlet.Filter;
|
|
import javax.servlet.FilterChain;
|
|
import javax.servlet.FilterConfig;
|
|
import javax.servlet.ServletContext;
|
|
import javax.servlet.ServletException;
|
|
import javax.servlet.ServletRequest;
|
|
import javax.servlet.ServletResponse;
|
|
import javax.servlet.annotation.WebFilter;
|
|
import javax.servlet.http.HttpServletRequest;
|
|
import javax.servlet.http.HttpServletResponse;
|
|
import javax.servlet.http.HttpSession;
|
|
import java.io.IOException;
|
|
|
|
/**
|
|
* handles all authorisation filtering.
|
|
*
|
|
* @author Edgar Schkrob
|
|
* @version 0.1
|
|
* @since 0.4
|
|
*/
|
|
|
|
@WebFilter(urlPatterns = {"/*"})
|
|
public class AuthorizationFilter implements Filter {
|
|
|
|
private ServletContext context;
|
|
|
|
/**
|
|
* initialize this filter.
|
|
*
|
|
* @param filterConfig configuration
|
|
*/
|
|
@Override
|
|
public void init(@NotNull FilterConfig filterConfig) {
|
|
this.context = filterConfig.getServletContext();
|
|
this.context.log("AuthorizationFilter initialized");
|
|
}
|
|
|
|
/**
|
|
* filter all unauthorized requests.
|
|
*
|
|
* @param request request object
|
|
* @param response response object
|
|
* @param chain filter chain
|
|
* @throws ServletException something failed inside the filter chain
|
|
* @throws IOException failed to redirect
|
|
*/
|
|
@Override
|
|
public void doFilter(@NotNull ServletRequest request, @NotNull ServletResponse response, @NotNull FilterChain chain) throws IOException, ServletException {
|
|
HttpServletRequest req = (HttpServletRequest) request;
|
|
HttpServletResponse res = (HttpServletResponse) response;
|
|
HttpSession session = req.getSession(false);
|
|
String url = req.getRequestURI();
|
|
if (url.contains("login") || url.contains("logo") || url.contains("js/")) {
|
|
chain.doFilter(request, response);
|
|
} else if (session == null || session.getAttribute("authentication") == null
|
|
|| !((boolean) session.getAttribute("authentication"))) { //checking whether the session exists and if authentication succeed
|
|
this.context.log("Unauthorized access request");
|
|
res.sendRedirect(req.getContextPath() + "/login.jsp");
|
|
} else {
|
|
chain.doFilter(request, response);
|
|
|
|
}
|
|
}
|
|
} |