/src/main/java/com/google/ie/web/filter/AuthenticationFilter.java

http://thoughtsite.googlecode.com/ · Java · 151 lines · 82 code · 25 blank · 44 comment · 17 complexity · d8b417ed4f0339f2b643ce515beed212 MD5 · raw file

  1. /* Copyright 2010 Google Inc.
  2. *
  3. * Licensed under the Apache License, Version 2.0 (the "License");
  4. * you may not use this file except in compliance with the License.
  5. * You may obtain a copy of the License at
  6. *
  7. * http://www.apache.org/licenses/LICENSE-2.0
  8. *
  9. * Unless required by applicable law or agreed to in writing, software
  10. * distributed under the License is distributed on an "AS IS" BASIS.
  11. * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  12. * See the License for the specific language governing permissions and
  13. * limitations under the License
  14. */
  15. package com.google.ie.web.filter;
  16. import com.google.ie.common.constants.IdeaExchangeConstants;
  17. import org.apache.log4j.Logger;
  18. import java.io.IOException;
  19. import java.io.PrintWriter;
  20. import javax.servlet.Filter;
  21. import javax.servlet.FilterChain;
  22. import javax.servlet.FilterConfig;
  23. import javax.servlet.ServletException;
  24. import javax.servlet.ServletRequest;
  25. import javax.servlet.ServletResponse;
  26. import javax.servlet.http.Cookie;
  27. import javax.servlet.http.HttpServletRequest;
  28. import javax.servlet.http.HttpServletResponse;
  29. /**
  30. * Temporary class to allow site access based on access code
  31. *
  32. * @author adahiya
  33. *
  34. */
  35. public class AuthenticationFilter implements Filter {
  36. private static final Logger LOGGER = Logger.getLogger(AuthenticationFilter.class);
  37. private FilterConfig filterConfig;
  38. private String accessCode;
  39. private String exclusionUrls;
  40. private static String FORM = "<HTML> <HEAD> <TITLE> Access Token </TITLE> </HEAD> <BODY> <FORM METHOD=\"POST\" ACTION=\"Service_URL\"> <TABLE> <TR> <TD>Enter Access Code</TD> <TD> <INPUT TYPE=\"password\" NAME=\"accessToken\"> </TD> </TR> <TR> <TD></TD> <TD><INPUT TYPE=\"submit\" value=\"Submit\"></TD> </TR> </TABLE> </FORM> </BODY></HTML>";
  41. public static final String ACCESS_TOKEN = "accessToken";
  42. private static final String EXCLUSION_URL = "exclusionURLs";
  43. /**
  44. * Default constructor.
  45. */
  46. public AuthenticationFilter() {
  47. }
  48. /**
  49. * @see Filter#destroy()
  50. */
  51. public void destroy() {
  52. this.filterConfig = null;
  53. }
  54. /**
  55. * @see Filter#doFilter(ServletRequest, ServletResponse, FilterChain)
  56. */
  57. public void doFilter(ServletRequest request, ServletResponse response,
  58. FilterChain chain) throws IOException, ServletException {
  59. HttpServletRequest httpServletRequest = (HttpServletRequest) request;
  60. if (!isAccessCookiePresent(httpServletRequest)) {
  61. String accessCodeFromUSer = httpServletRequest.getParameter(ACCESS_TOKEN);
  62. if (accessCodeFromUSer != null && accessCodeFromUSer.equalsIgnoreCase(this.accessCode)) {
  63. /*
  64. * Create cookie and set it in response
  65. */
  66. Cookie cookie = new Cookie(ACCESS_TOKEN, ACCESS_TOKEN);
  67. // Max age of 12 hours
  68. cookie.setMaxAge(43200);
  69. ((HttpServletResponse) response).addCookie(cookie);
  70. } else {
  71. if (!urlForExclusion(httpServletRequest.getRequestURI(), exclusionUrls)) {
  72. PrintWriter writer = response.getWriter();
  73. String updatedForm = FORM.replaceAll("Service_URL", httpServletRequest
  74. .getRequestURI());
  75. writer.print(updatedForm);
  76. LOGGER.debug("Access token not found");
  77. return;
  78. }
  79. }
  80. }
  81. LOGGER.debug("Access token found");
  82. // pass the request along the filter chain
  83. chain.doFilter(request, response);
  84. }
  85. private boolean urlForExclusion(String requestURL, String exclusionURLs) {
  86. boolean flag = false;
  87. if (exclusionURLs != null && exclusionURLs.contains(IdeaExchangeConstants.COMMA)) {
  88. String[] urls = exclusionURLs.split(IdeaExchangeConstants.COMMA);
  89. for (int i = 0; i < urls.length; i++) {
  90. if (requestURL.contains(urls[i])) {
  91. flag = true;
  92. LOGGER.debug("Allowing URL without access tocken due to exclusion policy");
  93. break;
  94. }
  95. }
  96. }
  97. return flag;
  98. }
  99. /**
  100. * Checks if the access token cookie is present with a non empty value
  101. *
  102. * @param request
  103. * @return true if a valid access token cookie is present in the request,
  104. * else false
  105. */
  106. private boolean isAccessCookiePresent(HttpServletRequest request) {
  107. Cookie[] cookies = request.getCookies();
  108. if (cookies != null) {
  109. for (int i = 0; i < cookies.length; i++) {
  110. Cookie cookie = cookies[i];
  111. if (cookie != null && cookie.getName().equals(ACCESS_TOKEN)) {
  112. return true;
  113. }
  114. }
  115. }
  116. return false;
  117. }
  118. /**
  119. * @see Filter#init(FilterConfig)
  120. */
  121. public void init(FilterConfig fConfig) throws ServletException {
  122. this.filterConfig = fConfig;
  123. this.accessCode = filterConfig.getInitParameter(ACCESS_TOKEN);
  124. this.exclusionUrls = filterConfig.getInitParameter(EXCLUSION_URL);
  125. }
  126. }