com.jalios.jcms.servlet

Class InitFilter

java.lang.Object

com.jalios.jcms.servlet.JcmsServletFilter

com.jalios.jcms.servlet.InitFilter

All Implemented Interfaces:

JcmsConstants, JaliosConstants, javax.servlet.Filter

public class InitFilter
extends JcmsServletFilter
implements javax.servlet.Filter, JcmsConstants

Since:

jcms-5.5.0

Version:

$Revision: 54523 $

Author:

Olivier Dedieu

Field Summary

Fields

Modifier and Type	Field and Description
protected java.lang.String[]	authorizedServlets
protected static Channel	channel
protected javax.servlet.ServletContext	context
protected static org.apache.log4j.Logger	logger
static java.lang.String	REVISION

Fields inherited from interface com.jalios.jcms.JcmsConstants

ADATE_SEARCH, ADMIN_NOTES_PROP, ADVANCED_TAB, ARCHIVES_DIR, ASCII_WIDTH, CATEGORY_TAB, CDATE_SEARCH, COMMON_ALARM, CONTENT_TAB, COOKIE_MAX_AGE, CTRL_TOPIC_INTERNAL, CTRL_TOPIC_REF, CTRL_TOPIC_VALUE, CTRL_TOPIC_WRITE, CUSTOM_PROP, DOCCHOOSER_HEIGHT, DOCCHOOSER_WIDTH, DOCS_DIR, EDATE_SEARCH, EMAIL_REGEXP, ERROR_MSG, FORBIDDEN_FILE_ACCESS, FORBIDDEN_REDIRECT, FORCE_REDIRECT, ICON_ARCHIVE, ICON_LOCK, ICON_LOCK_STRONG, ICON_WARN, ICON_WH_BOOK_CLOSED, ICON_WH_BOOK_OPEN, INFORMATION_MSG, JALIOS_JUNIT_PROP, JCMS_CADDY, JCMS_MSG_LIST, JSYNC_DOWNLOAD_DIR, JSYNC_SYNC_ALARM, LOG_FILE, LOG_TOPIC_SECURITY, LOGGER_PROP, LOGGER_XMLPROP, MBR_PHOTO_DIR, MDATE_SEARCH, MONITOR_XML, OP_CREATE, OP_CREATE_STR, OP_DEEP_COPY, OP_DEEP_COPY_STR, OP_DEEP_DELETE, OP_DEEP_DELETE_STR, OP_DELETE, OP_DELETE_STR, OP_MERGE, OP_MERGE_STR, OP_UPDATE, OP_UPDATE_STR, PDATE_SEARCH, PHOTO_DIR, PHOTO_ICON, PHOTO_ICON_HEIGHT, PHOTO_ICON_WIDTH, PHOTO_LARGE, PHOTO_LARGE_HEIGHT, PHOTO_LARGE_WIDTH, PHOTO_NORMAL, PHOTO_NORMAL_HEIGHT, PHOTO_NORMAL_WIDTH, PHOTO_SMALL, PHOTO_SMALL_HEIGHT, PHOTO_SMALL_WIDTH, PHOTO_TINY, PHOTO_TINY_HEIGHT, PHOTO_TINY_WIDTH, PREVIOUS_TAB, PRINT_VIEW, PRIVATE_FILE_ACCESS, PUBLIC_FILE_ACCESS, READ_RIGHT_TAB, SDATE_SEARCH, SEARCHENGINE_ALARM, SESSION_AUTHORIZED_FILENAMES_SET, STATS_REPORT_DIR, STATUS_PROP, STORE_XML, TEMPLATE_TAB, THUMBNAIL_LARGE_HEIGHT, THUMBNAIL_LARGE_WIDTH, THUMBNAIL_SMALL_HEIGHT, THUMBNAIL_SMALL_WIDTH, TYPES_ICON_ALT_PROP, TYPES_ICON_SUFFIX_PROP, TYPES_ICON_TITLE_PROP, TYPES_PREFIX_PROP, TYPES_THUMB_SUFFIX_PROP, UDATE_SEARCH, UPDATE_RIGHT_TAB, UPLOAD_DIR, URL_REGEXP, WARNING_MSG, WEBAPP_PROP, WFEXPRESS_ALARM, WFREMINDER_ALARM, WORKFLOW_TAB, WORKFLOW_XML

Fields inherited from interface com.jalios.util.JaliosConstants

CRLF, MILLIS_IN_ONE_DAY, MILLIS_IN_ONE_HOUR, MILLIS_IN_ONE_MINUTE, MILLIS_IN_ONE_MONTH, MILLIS_IN_ONE_SECOND, MILLIS_IN_ONE_WEEK, MILLIS_IN_ONE_YEAR

Constructor Summary

Constructors

Constructor and Description
InitFilter()

Method Summary

Methods

Modifier and Type	Method and Description
protected boolean	authenticate(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) Call the authentication manager to authenticate member.
protected boolean	blockSiteAccess(java.lang.String uri, java.lang.String warningMsg, java.lang.String[] authJSP, Member loggedMember, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
protected boolean	checkChannelAvailability(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, javax.servlet.FilterChain chain) Check if the channel is available and redirect to the proper JSP on error.
protected static java.lang.String	checkLang(javax.servlet.http.HttpServletRequest request, java.lang.String lang) Check if the given language is a valid choice for the current request.
protected boolean	checkSiteAccess(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) Check basic parameter required by JCMS to allow acces to the site: - Private Site and member not logged - URID Missing - Default Workspace missing - Default Portal missing
protected void	clearThreadRequest() Clear the current HttpServletRequest from the ThreadLocal.
protected void	clearThreadResponse() Clear the current HttpServletResponse from the ThreadLocal.
void	destroy()
void	doFilter(javax.servlet.ServletRequest req, javax.servlet.ServletResponse res, javax.servlet.FilterChain chain)
protected void	endRequest(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
static java.lang.String	getUserLang(javax.servlet.http.HttpServletRequest request, Member loggedMember) Deprecated. use getUserLocale(HttpServletRequest, Member) instead
static java.util.Locale	getUserLocale(javax.servlet.http.HttpServletRequest request, Member loggedMember) Retrieve the Locale to use for the current request given the currently loggedMember.
void	init(javax.servlet.FilterConfig config)
protected void	initLogging(javax.servlet.http.HttpServletRequest request) Initialize log4j MDC and NDC with available value, that is Channel Name and unauthenticated user
static void	initMemberRequest(javax.servlet.http.HttpServletRequest request, Member loggedMember, java.util.Locale userLocale) Initializes tracking of the given member using JcmsSessionTracker and add request attributes ("loggedMember", "userLang", "userCountry", "userLocale") used in jsp and in JcmsContext.
static void	initMemberRequest(javax.servlet.http.HttpServletRequest request, Member loggedMember, java.lang.String userLang) Deprecated. use initMemberRequest(HttpServletRequest, Member, Locale)
protected void	invalidateSessionIfRequested(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
static void	invalidateSessionOnRequestEnd(javax.servlet.http.HttpServletRequest request) Invalidate the current session, but only at the end of the request to ensure the J2EE server does not recreates a new one which is left unused if no request occurs afterward.
protected boolean	isPublicPath(java.lang.String path) Check if the specified path is allowed to be accessed without authentication when the site is private.
static boolean	isRest(javax.servlet.http.HttpServletRequest request)
protected boolean	isValidJSyncFileAccess(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) Check if the request is a JSync file access.
static boolean	sessionInvalidationRequested(javax.servlet.http.HttpServletRequest request) Check if an invalidation of the current session has been requested
protected void	storeBrowserInformation(javax.servlet.http.HttpServletRequest request) Store browser in current HttpSession to be later accessible by JcmsContext and JcmsSessionTracker.
protected void	storeThreadRequest(javax.servlet.http.HttpServletRequest request) Store the current HttpServletRequest in a ThreadLocal later accessible through Channel.getCurrentServletRequest()
protected void	storeThreadResponse(javax.servlet.http.HttpServletResponse response) Store the current HttpServletResponse in a ThreadLocal later accessible through Channel.getCurrentServletResponse()
static void	updateUserLanguage(javax.servlet.http.HttpServletRequest request, java.lang.String language) Change the language of the specified request using the new specified language

Methods inherited from class com.jalios.jcms.servlet.JcmsServletFilter

endFilter, initJSONBridge, processFilter

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

REVISION

public static final java.lang.String REVISION

See Also:

Constant Field Values

logger

protected static final org.apache.log4j.Logger logger

channel

protected static Channel channel

context

protected javax.servlet.ServletContext context

authorizedServlets

protected java.lang.String[] authorizedServlets

Constructor Detail

InitFilter

public InitFilter()

Method Detail

init

public void init(javax.servlet.FilterConfig config)

Specified by:

init in interface javax.servlet.Filter

destroy

public void destroy()

Specified by:

destroy in interface javax.servlet.Filter

isRest

public static final boolean isRest(javax.servlet.http.HttpServletRequest request)

doFilter

public void doFilter(javax.servlet.ServletRequest req,
            javax.servlet.ServletResponse res,
            javax.servlet.FilterChain chain)
              throws java.io.IOException,
                     javax.servlet.ServletException

Specified by:

doFilter in interface javax.servlet.Filter

Throws:

java.io.IOException

javax.servlet.ServletException

endRequest

protected void endRequest(javax.servlet.http.HttpServletRequest request,
              javax.servlet.http.HttpServletResponse response)

invalidateSessionOnRequestEnd

public static void invalidateSessionOnRequestEnd(javax.servlet.http.HttpServletRequest request)

Invalidate the current session, but only at the end of the request to ensure the J2EE server does not recreates a new one which is left unused if no request occurs afterward.

Parameters:

request - the current HttpServletRequest

sessionInvalidationRequested

public static boolean sessionInvalidationRequested(javax.servlet.http.HttpServletRequest request)

Check if an invalidation of the current session has been requested

Parameters:

request - the current HttpServletRequest

Returns:

true if the invalidateSessionOnRequestEnd(HttpServletRequest) was invoked, false otherwise

invalidateSessionIfRequested

protected void invalidateSessionIfRequested(javax.servlet.http.HttpServletRequest request,
                                javax.servlet.http.HttpServletResponse response)

checkChannelAvailability

protected boolean checkChannelAvailability(javax.servlet.http.HttpServletRequest request,
                               javax.servlet.http.HttpServletResponse response,
                               javax.servlet.FilterChain chain)
                                    throws javax.servlet.ServletException,
                                           java.io.IOException

Check if the channel is available and redirect to the proper JSP on error.

Parameters:

request - the current HttpServletRequest

response - the current HttpServletResponse

chain - the current FilterChain

Returns:

true if a redirect occurred or if the chaining process is being manage by this function, and nothing should be done above.

Throws:

java.io.IOException - IOException which can be thrown during treatment

javax.servlet.ServletException - ServletException which can be thrown during treatment

initLogging

protected void initLogging(javax.servlet.http.HttpServletRequest request)

Initialize log4j MDC and NDC with available value, that is Channel Name and unauthenticated user

Parameters:

request - the current HttpServletRequest

See Also:

JcmsUtil.setLog4jMDC(), JcmsUtil.setLog4jNDCMemberInfo(HttpServletRequest, Member)

storeThreadRequest

protected void storeThreadRequest(javax.servlet.http.HttpServletRequest request)

Store the current HttpServletRequest in a ThreadLocal later accessible through Channel.getCurrentServletRequest()

Parameters:

request - the current HttpServletRequest

clearThreadRequest

protected void clearThreadRequest()

Clear the current HttpServletRequest from the ThreadLocal.

storeThreadResponse

protected void storeThreadResponse(javax.servlet.http.HttpServletResponse response)

Store the current HttpServletResponse in a ThreadLocal later accessible through Channel.getCurrentServletResponse()

Parameters:

response - the current HttpServletResponse

clearThreadResponse

protected void clearThreadResponse()

Clear the current HttpServletResponse from the ThreadLocal.

storeBrowserInformation

protected void storeBrowserInformation(javax.servlet.http.HttpServletRequest request)

Store browser in current HttpSession to be later accessible by JcmsContext and JcmsSessionTracker.

Parameters:

request - the current HttpServletRequest

isValidJSyncFileAccess

protected boolean isValidJSyncFileAccess(javax.servlet.http.HttpServletRequest request,
                             javax.servlet.http.HttpServletResponse response)

Check if the request is a JSync file access.

Parameters:

request - the current HttpServletRequest

response - the current HttpServletResponse

Returns:

true if the current request contained valid JSync information to allow access.

authenticate

protected boolean authenticate(javax.servlet.http.HttpServletRequest request,
                   javax.servlet.http.HttpServletResponse response)
                        throws java.io.IOException

Call the authentication manager to authenticate member.

Parameters:

request - the current HttpServletRequest

response - the current HttpServletResponse

Returns:

true if a redirect occurred, false otherwise.

Throws:

java.io.IOException - IOException which can be thrown during treatment

initMemberRequest

public static void initMemberRequest(javax.servlet.http.HttpServletRequest request,
                     Member loggedMember,
                     java.lang.String userLang)

Deprecated. use initMemberRequest(HttpServletRequest, Member, Locale)

Initializes tracking of the given member using JcmsSessionTracker and add request attributes ("loggedMember", "userLang", "userLocale") used in jsp and in JcmsContext.
This method is called by do InitFilter and should only be called in other servlet if the authentication mecanism could not be integrated in AuthenticationManager, webdav is one of those.

Parameters:

request - the current HttpServletRequest

loggedMember - the Member currently logged

userLang - the user language

initMemberRequest

public static void initMemberRequest(javax.servlet.http.HttpServletRequest request,
                     Member loggedMember,
                     java.util.Locale userLocale)

Initializes tracking of the given member using JcmsSessionTracker and add request attributes ("loggedMember", "userLang", "userCountry", "userLocale") used in jsp and in JcmsContext.
This method is called by do InitFilter and should only be called in other servlet if the authentication mecanism could not be integrated in AuthenticationManager, webdav is one of those.

Parameters:

request - the current HttpServletRequest

loggedMember - the Member currently logged

userLocale - the Locale of the user for this request

updateUserLanguage

public static void updateUserLanguage(javax.servlet.http.HttpServletRequest request,
                      java.lang.String language)

Change the language of the specified request using the new specified language

Parameters:

request - the current request to change

language - the new language to apply to the request (null to left untouched)

getUserLang

public static java.lang.String getUserLang(javax.servlet.http.HttpServletRequest request,
                           Member loggedMember)

Deprecated. use getUserLocale(HttpServletRequest, Member) instead

Retrieve the user lang to use for the current request given the currently loggedMember.
It should only be called by InitFilter and other servlet wishing to add other authentication mecanism not possible through AuthenticationManager such as webdav.

Parameters:

request - the current HttpServletRequest

loggedMember - the Member currently logged

Returns:

an ISO-639 language code

getUserLocale

public static java.util.Locale getUserLocale(javax.servlet.http.HttpServletRequest request,
                             Member loggedMember)

Retrieve the Locale to use for the current request given the currently loggedMember.
It should only be called by InitFilter and other servlet wishing to add other authentication mecanism not possible through AuthenticationManager such as webdav.

Parameters:

request - the current HttpServletRequest

loggedMember - the Member currently logged

Returns:

a Locale, never return null

Since:

jcms-7.1.0

checkLang

protected static java.lang.String checkLang(javax.servlet.http.HttpServletRequest request,
                         java.lang.String lang)

Check if the given language is a valid choice for the current request. If not, return the default channel language.

Parameters:

request - the current HttpServletRequest

lang - the lang to check

Returns:

the computed language

checkSiteAccess

protected boolean checkSiteAccess(javax.servlet.http.HttpServletRequest request,
                      javax.servlet.http.HttpServletResponse response)
                           throws java.io.IOException

Check basic parameter required by JCMS to allow acces to the site: - Private Site and member not logged - URID Missing - Default Workspace missing - Default Portal missing

Parameters:

request - the current HttpServletRequest

response - the current HttpServletResponse

Returns:

true if a redirect occurred, false otherwise.

Throws:

java.io.IOException - IOException which can be thrown during treatment

isPublicPath

protected boolean isPublicPath(java.lang.String path)

Check if the specified path is allowed to be accessed without authentication when the site is private.

Parameters:

path - the resource path of the cu

Returns:

true if the specified path can always be accessed, false if an authentication is required.

blockSiteAccess

protected boolean blockSiteAccess(java.lang.String uri,
                      java.lang.String warningMsg,
                      java.lang.String[] authJSP,
                      Member loggedMember,
                      javax.servlet.http.HttpServletRequest request,
                      javax.servlet.http.HttpServletResponse response)
                           throws java.io.IOException

Throws:

java.io.IOException