AuthenticationFilter xref

View Javadoc

1   /*
2    * SymmetricDS is an open source database synchronization solution.
3    *   
4    * Copyright (C) Chris Henson <chenson42@users.sourceforge.net>,
5    *               Keith Naas <knaas@users.sourceforge.net>
6    *
7    * This library is free software; you can redistribute it and/or
8    * modify it under the terms of the GNU Lesser General Public
9    * License as published by the Free Software Foundation; either
10   * version 3 of the License, or (at your option) any later version.
11   *
12   * This library is distributed in the hope that it will be useful,
13   * but WITHOUT ANY WARRANTY; without even the implied warranty of
14   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
15   * Lesser General Public License for more details.
16   *
17   * You should have received a copy of the GNU Lesser General Public
18   * License along with this library; if not, see
19   * <http://www.gnu.org/licenses/>.
20   */
21  
22  package org.jumpmind.symmetric.web;
23  
24  import java.io.IOException;
25  
26  import javax.servlet.FilterChain;
27  import javax.servlet.ServletException;
28  import javax.servlet.ServletRequest;
29  import javax.servlet.ServletResponse;
30  import javax.servlet.http.HttpServletResponse;
31  
32  import org.apache.commons.lang.StringUtils;
33  import org.apache.commons.logging.Log;
34  import org.apache.commons.logging.LogFactory;
35  import org.jumpmind.symmetric.transport.handler.AuthenticationResourceHandler;
36  import org.jumpmind.symmetric.transport.handler.AuthenticationResourceHandler.AuthenticationStatus;
37  
38  /***
39   * This better be the first filter that executes ! TODO: if this thing fails,
40   * should it prevent further processing of the request?
41   * 
42   */
43  public class AuthenticationFilter extends AbstractTransportFilter<AuthenticationResourceHandler> {
44  
45      private static final Log logger = LogFactory.getLog(AuthenticationFilter.class);
46  
47      @Override
48      public boolean isContainerCompatible() {
49          return true;
50      }
51  
52      public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws IOException,
53              ServletException {
54          String securityToken = req.getParameter(WebConstants.SECURITY_TOKEN);
55          String nodeId = req.getParameter(WebConstants.NODE_ID);
56  
57          if (StringUtils.isEmpty(securityToken) || StringUtils.isEmpty(nodeId)) {
58              sendError(resp, HttpServletResponse.SC_FORBIDDEN);
59              return;
60          }
61  
62          final AuthenticationStatus status = getTransportResourceHandler().status(nodeId, securityToken);
63          if (AuthenticationStatus.FORBIDDEN.equals(status)) {
64              sendError(resp, HttpServletResponse.SC_FORBIDDEN);
65          } else if (AuthenticationStatus.REGISTRATION_REQUIRED.equals(status)) {
66              sendError(resp, WebConstants.REGISTRATION_REQUIRED);
67          } else if (AuthenticationStatus.ACCEPTED.equals(status)) {
68              chain.doFilter(req, resp);
69          }
70      }
71  
72      @Override
73      protected Log getLogger() {
74          return logger;
75      }
76  }