com.jalios.jcms.servlet
Class InitFilter

java.lang.Object
  com.jalios.jcms.servlet.JcmsServletFilter
      com.jalios.jcms.servlet.InitFilter

All Implemented Interfaces:

JcmsConstants, JaliosConstants, javax.servlet.Filter

public class InitFilter
extends JcmsServletFilter
implements javax.servlet.Filter, JcmsConstants

Since:

jcms-5.5.0

Version:

$Revision: 30271 $

Author:

Olivier Dedieu

Field Summary

protected String[]	authorizedServlets
protected static Channel	channel
protected javax.servlet.ServletContext	context
protected static org.apache.log4j.Logger	logger
static String	REVISION

Fields inherited from interface com.jalios.jcms.JcmsConstants

ADATE_SEARCH, ADMIN_NOTES_PROP, ADVANCED_TAB, ARCHIVES_DIR, ASCII_WIDTH, CATEGORY_TAB, CDATE_SEARCH, COMMON_ALARM, CONTENT_TAB, COOKIE_MAX_AGE, CRYPT_MD5, CRYPT_UNDEFINED, CRYPT_UNIX, CTRL_TOPIC_INTERNAL, CTRL_TOPIC_REF, CTRL_TOPIC_VALUE, CTRL_TOPIC_WRITE, CUSTOM_PROP, DOCCHOOSER_HEIGHT, DOCCHOOSER_WIDTH, DOCS_DIR, EDATE_SEARCH, EMAIL_REGEXP, ERROR_MSG, FORBIDDEN_FILE_ACCESS, FORBIDDEN_REDIRECT, FORCE_REDIRECT, ICON_ARCHIVE, ICON_LOCK, ICON_LOCK_STRONG, ICON_WARN, ICON_WH_BOOK_CLOSED, ICON_WH_BOOK_OPEN, INFORMATION_MSG, JALIOS_JUNIT_PROP, JCMS_CADDY, JCMS_MSG_LIST, JSYNC_DOWNLOAD_DIR, JSYNC_SYNC_ALARM, LOG_FILE, LOG_TOPIC_SECURITY, LOGGER_PROP, LOGGER_XMLPROP, MBR_PHOTO_DIR, MDATE_SEARCH, MONITOR_XML, OP_CREATE, OP_DEEP_COPY, OP_DEEP_DELETE, OP_DELETE, OP_MERGE, OP_UPDATE, PDATE_SEARCH, PHOTO_DIR, PHOTO_ICON, PHOTO_ICON_HEIGHT, PHOTO_ICON_WIDTH, PHOTO_LARGE, PHOTO_LARGE_HEIGHT, PHOTO_LARGE_WIDTH, PHOTO_NORMAL, PHOTO_NORMAL_HEIGHT, PHOTO_NORMAL_WIDTH, PHOTO_SMALL, PHOTO_SMALL_HEIGHT, PHOTO_SMALL_WIDTH, PHOTO_TINY, PHOTO_TINY_HEIGHT, PHOTO_TINY_WIDTH, PREVIOUS_TAB, PRINT_VIEW, PRIVATE_FILE_ACCESS, PUBLIC_FILE_ACCESS, READ_RIGHT_TAB, SDATE_SEARCH, SEARCHENGINE_ALARM, SESSION_AUTHORIZED_FILENAMES_SET, STATS_REPORT_DIR, STATUS_PROP, STORE_XML, TEMPLATE_TAB, THUMBNAIL_LARGE_HEIGHT, THUMBNAIL_LARGE_WIDTH, THUMBNAIL_SMALL_HEIGHT, THUMBNAIL_SMALL_WIDTH, UDATE_SEARCH, UPDATE_RIGHT_TAB, UPLOAD_DIR, URL_REGEXP, WARNING_MSG, WEBAPP_PROP, WFEXPRESS_ALARM, WFREMINDER_ALARM, WORKFLOW_TAB, WORKFLOW_XML

Fields inherited from interface com.jalios.util.JaliosConstants

CRLF, MILLIS_IN_ONE_DAY, MILLIS_IN_ONE_HOUR, MILLIS_IN_ONE_MINUTE, MILLIS_IN_ONE_MONTH, MILLIS_IN_ONE_SECOND, MILLIS_IN_ONE_WEEK, MILLIS_IN_ONE_YEAR

Constructor Summary

InitFilter()

Method Summary

protected boolean	authenticate(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) Call the authentication manager to authenticate member.
protected boolean	blockSiteAccess(String uri, String warningMsg, String[] authJSP, Member loggedMember, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
protected boolean	checkChannelAvailability(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, javax.servlet.FilterChain chain) Check if the channel is available and redirect to the proper JSP on error.
protected static String	checkLang(javax.servlet.http.HttpServletRequest request, String lang) Check if the given language is a valid choice for the current request.
protected boolean	checkSiteAccess(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) Check basic parameter required by JCMS to allow acces to the site: - Private Site and member not logged - URID Missing - Default Workspace missing - Default Portal missing
protected void	clearThreadRequest() Clear the current HttpServletRequest from the ThreadLocal.
protected void	clearThreadResponse() Clear the current HttpServletResponse from the ThreadLocal.
void	destroy()
void	doFilter(javax.servlet.ServletRequest req, javax.servlet.ServletResponse res, javax.servlet.FilterChain chain)
protected void	endRequest(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
static String	getUserLang(javax.servlet.http.HttpServletRequest request, Member loggedMember) Retrieve the user lang to use for the current request given the currently loggedMember.
void	init(javax.servlet.FilterConfig config)
protected void	initLogging(javax.servlet.http.HttpServletRequest request) Initialize log4j MDC and NDC with available value, that is Channel Name and unauthenticated user
static void	initMemberRequest(javax.servlet.http.HttpServletRequest request, Member loggedMember, String userLang) Initializes tracking of the given member using JcmsSessionTracker and add request attributes ("loggedMember", "userLang", "userLocale") used in jsp and in JcmsContext.
protected boolean	isPublicPath(String path) Check if the specified path is allowed to be accessed without authentication when the site is private.
static boolean	isRest(javax.servlet.http.HttpServletRequest request)
protected boolean	isValidJSyncFileAccess(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) Check if the request is a JSync file access.
protected void	storeBrowserInformation(javax.servlet.http.HttpServletRequest request) Store browser in current HttpSession to be later accessible by JcmsContext and JcmsSessionTracker.
protected void	storeThreadRequest(javax.servlet.http.HttpServletRequest request) Store the current HttpServletRequest in a ThreadLocal later accessible through Channel.getCurrentServletRequest()
protected void	storeThreadResponse(javax.servlet.http.HttpServletResponse response) Store the current HttpServletResponse in a ThreadLocal later accessible through Channel.getCurrentServletResponse()

Methods inherited from class com.jalios.jcms.servlet.JcmsServletFilter

initJSONBridge, processFilter

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

REVISION

public static final String REVISION

See Also:

Constant Field Values

logger

protected static final org.apache.log4j.Logger logger

channel

protected static Channel channel

context

protected javax.servlet.ServletContext context

authorizedServlets

protected String[] authorizedServlets

Constructor Detail

InitFilter

public InitFilter()

Method Detail

init

public void init(javax.servlet.FilterConfig config)

Specified by:

init in interface javax.servlet.Filter

destroy

public void destroy()

Specified by:

destroy in interface javax.servlet.Filter

isRest

public static final boolean isRest(javax.servlet.http.HttpServletRequest request)

doFilter

public void doFilter(javax.servlet.ServletRequest req,
                     javax.servlet.ServletResponse res,
                     javax.servlet.FilterChain chain)
              throws IOException,
                     javax.servlet.ServletException

Specified by:

doFilter in interface javax.servlet.Filter

Throws:

IOException

javax.servlet.ServletException

endRequest

protected void endRequest(javax.servlet.http.HttpServletRequest request,
                          javax.servlet.http.HttpServletResponse response)

checkChannelAvailability

protected boolean checkChannelAvailability(javax.servlet.http.HttpServletRequest request,
                                           javax.servlet.http.HttpServletResponse response,
                                           javax.servlet.FilterChain chain)
                                    throws javax.servlet.ServletException,
                                           IOException

Check if the channel is available and redirect to the proper JSP on error.

Parameters:

request - the current HttpServletRequest

response - the current HttpServletResponse

Returns:

true if a redirect occured or if the chaining process is being manage by this fonction, and nothing should be done above.

Throws:

IOException

javax.servlet.ServletException

initLogging

protected void initLogging(javax.servlet.http.HttpServletRequest request)

Initialize log4j MDC and NDC with available value, that is Channel Name and unauthenticated user

See Also:

JcmsUtil.setLog4jMDC(), JcmsUtil.setLog4jNDCMemberInfo(HttpServletRequest, Member)

storeThreadRequest

protected void storeThreadRequest(javax.servlet.http.HttpServletRequest request)

Store the current HttpServletRequest in a ThreadLocal later accessible through Channel.getCurrentServletRequest()

Parameters:

request - the current HttpServletRequest

clearThreadRequest

protected void clearThreadRequest()

Clear the current HttpServletRequest from the ThreadLocal.

storeThreadResponse

protected void storeThreadResponse(javax.servlet.http.HttpServletResponse response)

Store the current HttpServletResponse in a ThreadLocal later accessible through Channel.getCurrentServletResponse()

Parameters:

response - the current HttpServletResponse

clearThreadResponse

protected void clearThreadResponse()

Clear the current HttpServletResponse from the ThreadLocal.

storeBrowserInformation

protected void storeBrowserInformation(javax.servlet.http.HttpServletRequest request)

Store browser in current HttpSession to be later accessible by JcmsContext and JcmsSessionTracker.

Parameters:

request - the current HttpServletRequest

isValidJSyncFileAccess

protected boolean isValidJSyncFileAccess(javax.servlet.http.HttpServletRequest request,
                                         javax.servlet.http.HttpServletResponse response)

Check if the request is a JSync file access.

Parameters:

request - the current HttpServletRequest

response - the current HttpServletResponse

Returns:

true if the current request contained valid JSync information to allow access.

authenticate

protected boolean authenticate(javax.servlet.http.HttpServletRequest request,
                               javax.servlet.http.HttpServletResponse response)
                        throws IOException

Call the authentication manager to authenticate member.

Parameters:

request - the current HttpServletRequest

response - the current HttpServletResponse

Returns:

true if a redirect occured, false otherwise.

Throws:

IOException

initMemberRequest

public static void initMemberRequest(javax.servlet.http.HttpServletRequest request,
                                     Member loggedMember,
                                     String userLang)

Initializes tracking of the given member using JcmsSessionTracker and add request attributes ("loggedMember", "userLang", "userLocale") used in jsp and in JcmsContext.
This method is called by do InitFilter and should only be called in other servlet if the authentication mecanism could not be integrated in AuthenticationManager, webdav is one of those.

Parameters:

request - the current HttpServletRequest

loggedMember - the Member currently logged

userLang - the user language

getUserLang

public static String getUserLang(javax.servlet.http.HttpServletRequest request,
                                 Member loggedMember)

Retrieve the user lang to use for the current request given the currently loggedMember.
It should only be called by InitFilter and other servlet wishing to add other authentication mecanism not possible through AuthenticationManager such as webdav.

Parameters:

request - the current HttpServletRequest

loggedMember - the Member currently logged

Returns:

an ISO-639 language code

checkLang

protected static String checkLang(javax.servlet.http.HttpServletRequest request,
                                  String lang)

Check if the given language is a valid choice for the current request. If not, return the default channel language.

Parameters:

request - the current HttpServletRequest

lang - the lang to check

checkSiteAccess

protected boolean checkSiteAccess(javax.servlet.http.HttpServletRequest request,
                                  javax.servlet.http.HttpServletResponse response)
                           throws IOException

Check basic parameter required by JCMS to allow acces to the site: - Private Site and member not logged - URID Missing - Default Workspace missing - Default Portal missing

Parameters:

request - the current HttpServletRequest

response - the current HttpServletResponse

Returns:

true if a redirect occured, false otherwise.

Throws:

IOException

isPublicPath

protected boolean isPublicPath(String path)

Check if the specified path is allowed to be accessed without authentication when the site is private.

Parameters:

path - the resource path of the cu

Returns:

true if the specified path can always be accessed, false if an authentication is required.

blockSiteAccess

protected boolean blockSiteAccess(String uri,
                                  String warningMsg,
                                  String[] authJSP,
                                  Member loggedMember,
                                  javax.servlet.http.HttpServletRequest request,
                                  javax.servlet.http.HttpServletResponse response)
                           throws IOException

Throws:

IOException