com.jalios.jcms.servlet
Class InitFilter

java.lang.Object
  extended by com.jalios.jcms.servlet.JcmsServletFilter
      extended by com.jalios.jcms.servlet.InitFilter
All Implemented Interfaces:
JcmsConstants, JaliosConstants, javax.servlet.Filter

public class InitFilter
extends JcmsServletFilter
implements javax.servlet.Filter, JcmsConstants

Since:
jcms-5.5.0
Version:
$Revision: 54000 $
Author:
Olivier Dedieu

Field Summary
protected  String[] authorizedServlets
           
protected static Channel channel
           
protected  javax.servlet.ServletContext context
           
protected static org.apache.log4j.Logger logger
           
static String REVISION
           
 
Fields inherited from interface com.jalios.jcms.JcmsConstants
ADATE_SEARCH, ADMIN_NOTES_PROP, ADVANCED_TAB, ARCHIVES_DIR, ASCII_WIDTH, CATEGORY_TAB, CDATE_SEARCH, COMMON_ALARM, CONTENT_TAB, COOKIE_MAX_AGE, CTRL_TOPIC_INTERNAL, CTRL_TOPIC_REF, CTRL_TOPIC_VALUE, CTRL_TOPIC_WRITE, CUSTOM_PROP, DOCCHOOSER_HEIGHT, DOCCHOOSER_WIDTH, DOCS_DIR, EDATE_SEARCH, EMAIL_REGEXP, ERROR_MSG, FORBIDDEN_FILE_ACCESS, FORBIDDEN_REDIRECT, FORCE_REDIRECT, ICON_ARCHIVE, ICON_LOCK, ICON_LOCK_STRONG, ICON_WARN, ICON_WH_BOOK_CLOSED, ICON_WH_BOOK_OPEN, INFORMATION_MSG, JALIOS_JUNIT_PROP, JCMS_CADDY, JCMS_MSG_LIST, JSYNC_DOWNLOAD_DIR, JSYNC_SYNC_ALARM, LOG_FILE, LOG_TOPIC_SECURITY, LOGGER_PROP, LOGGER_XMLPROP, MBR_PHOTO_DIR, MDATE_SEARCH, MONITOR_XML, OP_CREATE, OP_DEEP_COPY, OP_DEEP_DELETE, OP_DELETE, OP_MERGE, OP_UPDATE, PDATE_SEARCH, PHOTO_DIR, PHOTO_ICON, PHOTO_ICON_HEIGHT, PHOTO_ICON_WIDTH, PHOTO_LARGE, PHOTO_LARGE_HEIGHT, PHOTO_LARGE_WIDTH, PHOTO_NORMAL, PHOTO_NORMAL_HEIGHT, PHOTO_NORMAL_WIDTH, PHOTO_SMALL, PHOTO_SMALL_HEIGHT, PHOTO_SMALL_WIDTH, PHOTO_TINY, PHOTO_TINY_HEIGHT, PHOTO_TINY_WIDTH, PREVIOUS_TAB, PRINT_VIEW, PRIVATE_FILE_ACCESS, PUBLIC_FILE_ACCESS, READ_RIGHT_TAB, SDATE_SEARCH, SEARCHENGINE_ALARM, SESSION_AUTHORIZED_FILENAMES_SET, STATS_REPORT_DIR, STATUS_PROP, STORE_XML, TEMPLATE_TAB, THUMBNAIL_LARGE_HEIGHT, THUMBNAIL_LARGE_WIDTH, THUMBNAIL_SMALL_HEIGHT, THUMBNAIL_SMALL_WIDTH, UDATE_SEARCH, UPDATE_RIGHT_TAB, UPLOAD_DIR, URL_REGEXP, WARNING_MSG, WEBAPP_PROP, WFEXPRESS_ALARM, WFREMINDER_ALARM, WORKFLOW_TAB, WORKFLOW_XML
 
Fields inherited from interface com.jalios.util.JaliosConstants
CRLF, MILLIS_IN_ONE_DAY, MILLIS_IN_ONE_HOUR, MILLIS_IN_ONE_MINUTE, MILLIS_IN_ONE_MONTH, MILLIS_IN_ONE_SECOND, MILLIS_IN_ONE_WEEK, MILLIS_IN_ONE_YEAR
 
Constructor Summary
InitFilter()
           
 
Method Summary
protected  boolean authenticate(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
          Call the authentication manager to authenticate member.
protected  boolean blockSiteAccess(String uri, String warningMsg, String[] authJSP, Member loggedMember, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
           
protected  boolean checkChannelAvailability(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, javax.servlet.FilterChain chain)
          Check if the channel is available and redirect to the proper JSP on error.
protected static String checkLang(javax.servlet.http.HttpServletRequest request, String lang)
          Check if the given language is a valid choice for the current request.
protected  boolean checkSiteAccess(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
          Check basic parameter required by JCMS to allow acces to the site: - Private Site and member not logged - URID Missing - Default Workspace missing - Default Portal missing
protected  void clearThreadRequest()
          Clear the current HttpServletRequest from the ThreadLocal.
protected  void clearThreadResponse()
          Clear the current HttpServletResponse from the ThreadLocal.
 void destroy()
           
 void doFilter(javax.servlet.ServletRequest req, javax.servlet.ServletResponse res, javax.servlet.FilterChain chain)
           
protected  void endRequest(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
           
static String getUserLang(javax.servlet.http.HttpServletRequest request, Member loggedMember)
          Retrieve the user lang to use for the current request given the currently loggedMember.
static Locale getUserLocale(javax.servlet.http.HttpServletRequest request, Member loggedMember)
          Retrieve the Locale to use for the current request given the currently loggedMember.
 void init(javax.servlet.FilterConfig config)
           
protected  void initLogging(javax.servlet.http.HttpServletRequest request)
          Initialize log4j MDC and NDC with available value, that is Channel Name and unauthenticated user
static void initMemberRequest(javax.servlet.http.HttpServletRequest request, Member loggedMember, Locale userLocale)
          Initializes tracking of the given member using JcmsSessionTracker and add request attributes ("loggedMember", "userLang", "userCountry", "userLocale") used in jsp and in JcmsContext.
static void initMemberRequest(javax.servlet.http.HttpServletRequest request, Member loggedMember, String userLang)
          Deprecated. use initMemberRequest(HttpServletRequest, Member, Locale)
protected  void invalidateSessionIfRequested(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
           
static void invalidateSessionOnRequestEnd(javax.servlet.http.HttpServletRequest request)
          Invalidate the current session, but only at the end of the request to ensure the J2EE server does not recreates a new one which is left unused if no request occurs afterward.
protected  boolean isPublicPath(String path)
          Check if the specified path is allowed to be accessed without authentication when the site is private.
static boolean isRest(javax.servlet.http.HttpServletRequest request)
           
protected  boolean isValidJSyncFileAccess(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
          Check if the request is a JSync file access.
static boolean sessionInvalidationRequested(javax.servlet.http.HttpServletRequest request)
          Check if an invalidation of the current session has been requested
protected  void storeBrowserInformation(javax.servlet.http.HttpServletRequest request)
          Store browser in current HttpSession to be later accessible by JcmsContext and JcmsSessionTracker.
protected  void storeThreadRequest(javax.servlet.http.HttpServletRequest request)
          Store the current HttpServletRequest in a ThreadLocal later accessible through Channel.getCurrentServletRequest()
protected  void storeThreadResponse(javax.servlet.http.HttpServletResponse response)
          Store the current HttpServletResponse in a ThreadLocal later accessible through Channel.getCurrentServletResponse()
static void updateUserLanguage(javax.servlet.http.HttpServletRequest request, String language)
          Change the language of the specified request using the new specified language
 
Methods inherited from class com.jalios.jcms.servlet.JcmsServletFilter
endFilter, initJSONBridge, processFilter
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

REVISION

public static final String REVISION
See Also:
Constant Field Values

logger

protected static final org.apache.log4j.Logger logger

channel

protected static Channel channel

context

protected javax.servlet.ServletContext context

authorizedServlets

protected String[] authorizedServlets
Constructor Detail

InitFilter

public InitFilter()
Method Detail

init

public void init(javax.servlet.FilterConfig config)
Specified by:
init in interface javax.servlet.Filter

destroy

public void destroy()
Specified by:
destroy in interface javax.servlet.Filter

isRest

public static final boolean isRest(javax.servlet.http.HttpServletRequest request)

doFilter

public void doFilter(javax.servlet.ServletRequest req,
                     javax.servlet.ServletResponse res,
                     javax.servlet.FilterChain chain)
              throws IOException,
                     javax.servlet.ServletException
Specified by:
doFilter in interface javax.servlet.Filter
Throws:
IOException
javax.servlet.ServletException

endRequest

protected void endRequest(javax.servlet.http.HttpServletRequest request,
                          javax.servlet.http.HttpServletResponse response)

invalidateSessionOnRequestEnd

public static void invalidateSessionOnRequestEnd(javax.servlet.http.HttpServletRequest request)
Invalidate the current session, but only at the end of the request to ensure the J2EE server does not recreates a new one which is left unused if no request occurs afterward.

Parameters:
request - the current HttpServletRequest

sessionInvalidationRequested

public static boolean sessionInvalidationRequested(javax.servlet.http.HttpServletRequest request)
Check if an invalidation of the current session has been requested

Parameters:
request - the current HttpServletRequest
Returns:
true if the invalidateSessionOnRequestEnd(HttpServletRequest) was invoked, false otherwise

invalidateSessionIfRequested

protected void invalidateSessionIfRequested(javax.servlet.http.HttpServletRequest request,
                                            javax.servlet.http.HttpServletResponse response)

checkChannelAvailability

protected boolean checkChannelAvailability(javax.servlet.http.HttpServletRequest request,
                                           javax.servlet.http.HttpServletResponse response,
                                           javax.servlet.FilterChain chain)
                                    throws javax.servlet.ServletException,
                                           IOException
Check if the channel is available and redirect to the proper JSP on error.

Parameters:
request - the current HttpServletRequest
response - the current HttpServletResponse
Returns:
true if a redirect occured or if the chaining process is being manage by this fonction, and nothing should be done above.
Throws:
IOException
javax.servlet.ServletException

initLogging

protected void initLogging(javax.servlet.http.HttpServletRequest request)
Initialize log4j MDC and NDC with available value, that is Channel Name and unauthenticated user

See Also:
JcmsUtil.setLog4jMDC(), JcmsUtil.setLog4jNDCMemberInfo(HttpServletRequest, Member)

storeThreadRequest

protected void storeThreadRequest(javax.servlet.http.HttpServletRequest request)
Store the current HttpServletRequest in a ThreadLocal later accessible through Channel.getCurrentServletRequest()

Parameters:
request - the current HttpServletRequest

clearThreadRequest

protected void clearThreadRequest()
Clear the current HttpServletRequest from the ThreadLocal.


storeThreadResponse

protected void storeThreadResponse(javax.servlet.http.HttpServletResponse response)
Store the current HttpServletResponse in a ThreadLocal later accessible through Channel.getCurrentServletResponse()

Parameters:
response - the current HttpServletResponse

clearThreadResponse

protected void clearThreadResponse()
Clear the current HttpServletResponse from the ThreadLocal.


storeBrowserInformation

protected void storeBrowserInformation(javax.servlet.http.HttpServletRequest request)
Store browser in current HttpSession to be later accessible by JcmsContext and JcmsSessionTracker.

Parameters:
request - the current HttpServletRequest

isValidJSyncFileAccess

protected boolean isValidJSyncFileAccess(javax.servlet.http.HttpServletRequest request,
                                         javax.servlet.http.HttpServletResponse response)
Check if the request is a JSync file access.

Parameters:
request - the current HttpServletRequest
response - the current HttpServletResponse
Returns:
true if the current request contained valid JSync information to allow access.

authenticate

protected boolean authenticate(javax.servlet.http.HttpServletRequest request,
                               javax.servlet.http.HttpServletResponse response)
                        throws IOException
Call the authentication manager to authenticate member.

Parameters:
request - the current HttpServletRequest
response - the current HttpServletResponse
Returns:
true if a redirect occured, false otherwise.
Throws:
IOException

initMemberRequest

public static void initMemberRequest(javax.servlet.http.HttpServletRequest request,
                                     Member loggedMember,
                                     String userLang)
Deprecated. use initMemberRequest(HttpServletRequest, Member, Locale)

Initializes tracking of the given member using JcmsSessionTracker and add request attributes ("loggedMember", "userLang", "userLocale") used in jsp and in JcmsContext.
This method is called by do InitFilter and should only be called in other servlet if the authentication mecanism could not be integrated in AuthenticationManager, webdav is one of those.

Parameters:
request - the current HttpServletRequest
loggedMember - the Member currently logged
userLang - the user language

initMemberRequest

public static void initMemberRequest(javax.servlet.http.HttpServletRequest request,
                                     Member loggedMember,
                                     Locale userLocale)
Initializes tracking of the given member using JcmsSessionTracker and add request attributes ("loggedMember", "userLang", "userCountry", "userLocale") used in jsp and in JcmsContext.
This method is called by do InitFilter and should only be called in other servlet if the authentication mecanism could not be integrated in AuthenticationManager, webdav is one of those.

Parameters:
request - the current HttpServletRequest
loggedMember - the Member currently logged
userLocale - the Locale of the user for this request

updateUserLanguage

public static void updateUserLanguage(javax.servlet.http.HttpServletRequest request,
                                      String language)
Change the language of the specified request using the new specified language

Parameters:
request - the current request to change
language - the new language to apply to the request (null to left untouched)

getUserLang

public static String getUserLang(javax.servlet.http.HttpServletRequest request,
                                 Member loggedMember)
Retrieve the user lang to use for the current request given the currently loggedMember.
It should only be called by InitFilter and other servlet wishing to add other authentication mecanism not possible through AuthenticationManager such as webdav.

Parameters:
request - the current HttpServletRequest
loggedMember - the Member currently logged
Returns:
an ISO-639 language code

getUserLocale

public static Locale getUserLocale(javax.servlet.http.HttpServletRequest request,
                                   Member loggedMember)
Retrieve the Locale to use for the current request given the currently loggedMember.
It should only be called by InitFilter and other servlet wishing to add other authentication mecanism not possible through AuthenticationManager such as webdav.

Parameters:
request - the current HttpServletRequest
loggedMember - the Member currently logged
Returns:
a Locale, never return null
Since:
jcms-7.1.0

checkLang

protected static String checkLang(javax.servlet.http.HttpServletRequest request,
                                  String lang)
Check if the given language is a valid choice for the current request. If not, return the default channel language.

Parameters:
request - the current HttpServletRequest
lang - the lang to check

checkSiteAccess

protected boolean checkSiteAccess(javax.servlet.http.HttpServletRequest request,
                                  javax.servlet.http.HttpServletResponse response)
                           throws IOException
Check basic parameter required by JCMS to allow acces to the site: - Private Site and member not logged - URID Missing - Default Workspace missing - Default Portal missing

Parameters:
request - the current HttpServletRequest
response - the current HttpServletResponse
Returns:
true if a redirect occured, false otherwise.
Throws:
IOException

isPublicPath

protected boolean isPublicPath(String path)
Check if the specified path is allowed to be accessed without authentication when the site is private.

Parameters:
path - the resource path of the cu
Returns:
true if the specified path can always be accessed, false if an authentication is required.

blockSiteAccess

protected boolean blockSiteAccess(String uri,
                                  String warningMsg,
                                  String[] authJSP,
                                  Member loggedMember,
                                  javax.servlet.http.HttpServletRequest request,
                                  javax.servlet.http.HttpServletResponse response)
                           throws IOException
Throws:
IOException


Copyright © 2001-2010 Jalios SA. All Rights Reserved.