/**
* AuthenticationFilter
* @author idefix
- * @version $Id: AuthenticationFilter.java,v 1.1 2003/09/05 20:23:59 idfx Exp $
+ * @version $Id: AuthenticationFilter.java,v 1.3 2003/09/18 21:42:17 idfx Exp $
*/
public class AuthenticationFilter implements Filter {
private FilterConfig _filterConfig;
+
/**
*
*/
/**
* @see javax.servlet.Filter#init(javax.servlet.FilterConfig)
*/
- public void init(final FilterConfig filterConfig) throws ServletException {
+ public void init(final FilterConfig filterConfig)
+ throws ServletException {
_filterConfig = filterConfig;
}
/**
* @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain)
*/
- public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain)
+ public void doFilter(ServletRequest servletRequest,
+ ServletResponse servletResponse, FilterChain filterChain)
throws IOException, ServletException {
+
HttpServletRequest request = (HttpServletRequest)servletRequest;
String requestUri = request.getRequestURI();
- System.out.println(requestUri);
- System.out.println(request.getContextPath());
- if(requestUri != null && requestUri.startsWith(request.getContextPath() + "/admin")){
+ if(requestUri != null
+ && requestUri.startsWith(request.getContextPath() + "/admin")
+ && requestUri.indexOf("logon") == -1){
//check if authenticated, only if in admin-module
HttpSession httpSession = request.getSession();
- MirUser mirUser = (MirUser)httpSession.getAttribute(ServletConstants.USER);
+ MirUser mirUser =
+ (MirUser)httpSession.getAttribute(ServletConstants.USER);
+
if(mirUser == null){
- servletRequest.getRequestDispatcher("/admin/login.shtml").forward(servletRequest, servletResponse);
+ //user is not authorized to access
+ //set redirect attributes that the user comes to place he wants to be
+ httpSession.setAttribute(ServletConstants.REDIRECT_ACTION, requestUri);
+ httpSession.setAttribute(ServletConstants.REDIRECT_QUERY_STRING,
+ request.getQueryString());
+
+ //send user to logon-page
+ servletRequest.getRequestDispatcher("/admin/logon.do")
+ .forward(servletRequest, servletResponse);
+ } else {
+ filterChain.doFilter(servletRequest, servletResponse);
}
+ } else {
+ filterChain.doFilter(servletRequest, servletResponse);
}
- filterChain.doFilter(servletRequest, servletResponse);
}
/**
* @see javax.servlet.Filter#destroy()
*/
public void destroy() {
+ _filterConfig = null;
}
}