Example usage for javax.servlet ServletRequest getParameter

List of usage examples for javax.servlet ServletRequest getParameter

Introduction

In this page you can find the example usage for javax.servlet ServletRequest getParameter.

Prototype

public String getParameter(String name);

Source Link

Document

Returns the value of a request parameter as a String, or null if the parameter does not exist.

Usage

From source file:fr.paris.lutece.plugins.directory.modules.rest.service.DirectoryRestService.java

/**
 * {@inheritDoc}/*from   w  w w.j  a va  2  s. c o  m*/
 */
@Override
public Record completeRecord(int nIdRecord, ServletRequest request)
        throws DirectoryErrorException, DirectoryRestException {
    Record record = getRecord(nIdRecord, (HttpServletRequest) request);

    List<RecordField> listRecordFields = getRecordFields((HttpServletRequest) request, record);

    List<RecordField> listOldRecordField = record.getListRecordField();
    // remove all non-relevant old record fields (null record fields)
    removeNullRecordFields(listOldRecordField);

    for (RecordField oldRecordField : listOldRecordField) {
        int nIdEntry = oldRecordField.getEntry().getIdEntry();

        // idField should be 0 IF AND ONLY IF the entry is a "file". 
        int nIdField = (oldRecordField.getField() == null) ? 0 : oldRecordField.getField().getIdField();

        RecordField submitRecordField = findRecordField(nIdEntry, nIdField, listRecordFields);

        if (submitRecordField == null) {
            listRecordFields.add(oldRecordField);
        } else {
            // old value is kept and NOT modified, the new value is dropped.
            if (oldRecordField.getFile() != null) {
                // entry type file
                removeRecordField(nIdEntry, nIdField, listRecordFields);
                // get old field data
                oldRecordField.getFile().setPhysicalFile(PhysicalFileHome.findByPrimaryKey(
                        oldRecordField.getFile().getPhysicalFile().getIdPhysicalFile(), getPlugin()));
                listRecordFields.add(oldRecordField);
            }

            if (oldRecordField.getValue() != null) {
                // other entries
                removeRecordField(nIdEntry, nIdField, listRecordFields);
                listRecordFields.add(oldRecordField);
            }
        }
    }

    record.setListRecordField(listRecordFields);

    RecordHome.updateWidthRecordField(record, getPlugin());

    // do not use the workflow if update is partial
    String strNoWorkflowInit = request.getParameter(PARAMETER_NO_WORKFLOW);

    if (StringUtils.isBlank(strNoWorkflowInit)
            && isEntrySet(listRecordFields, record.getDirectory().getIdDirectory())) {
        doWorkflowActions(record,
                DirectoryHome.findByPrimaryKey(record.getDirectory().getIdDirectory(), getPlugin()));
    }

    return record;
}

From source file:org.hi.framework.acgei.AuthenticationProcessingFilterEntryPoint.java

public void commence(ServletRequest request, ServletResponse response, AuthenticationException authException)
        throws IOException, ServletException {
    HttpServletRequest req = (HttpServletRequest) request;
    String scheme = request.getScheme();
    String serverName = request.getServerName();
    int serverPort = portResolver.getServerPort(request);
    String contextPath = req.getContextPath();

    boolean inHttp = "http".equals(scheme.toLowerCase());
    boolean inHttps = "https".equals(scheme.toLowerCase());

    boolean includePort = true;

    String redirectUrl = null;/*from  ww  w.  j av a2 s  .c  o m*/
    boolean doForceHttps = false;
    Integer httpsPort = null;

    if (inHttp && (serverPort == 80)) {
        includePort = false;
    } else if (inHttps && (serverPort == 443)) {
        includePort = false;
    }

    if (forceHttps && inHttp) {
        httpsPort = (Integer) portMapper.lookupHttpsPort(new Integer(serverPort));

        if (httpsPort != null) {
            doForceHttps = true;
            if (httpsPort.intValue() == 443) {
                includePort = false;
            } else {
                includePort = true;
            }
        }

    }

    if (serverSideRedirect) {

        if (doForceHttps) {

            // before doing server side redirect, we need to do client redirect to https.

            String servletPath = req.getServletPath();
            String pathInfo = req.getPathInfo();
            String query = req.getQueryString();

            redirectUrl = "https://" + serverName + ((includePort) ? (":" + httpsPort) : "") + contextPath
                    + servletPath + (pathInfo == null ? "" : pathInfo) + (query == null ? "" : "?" + query);

        } else {

            if (logger.isDebugEnabled()) {
                logger.debug("Server side forward to: " + loginFormUrl);
            }

            RequestDispatcher dispatcher = req.getRequestDispatcher(loginFormUrl);

            dispatcher.forward(request, response);

            return;

        }

    } else {

        if (doForceHttps) {

            redirectUrl = "https://" + serverName + ((includePort) ? (":" + httpsPort) : "") + contextPath
                    + loginFormUrl;

        } else {

            redirectUrl = scheme + "://" + serverName + ((includePort) ? (":" + serverPort) : "") + contextPath
                    + loginFormUrl;

        }
    }

    if (logger.isDebugEnabled()) {
        logger.debug("Redirecting to: " + redirectUrl);
    }

    //-------------        for DWZ    ------------------//

    if ("XMLHttpRequest".equalsIgnoreCase(((HttpServletRequest) request).getHeader("X-Requested-With"))
            || request.getParameter("ajax") != null) {
        PrintWriter out = response.getWriter();
        out.println("{\"statusCode\":\"301\",\"message\":\"Session Timeout! Please re-sign in!\"}");
        throw new BusinessException("Session Timeout");
        //         throw new BusinessException("{\"statusCode\":\"301\",\"message\":\"Session Timeout! Please re-sign in!\"}");
    } else {
        ((HttpServletResponse) response)
                .sendRedirect(((HttpServletResponse) response).encodeRedirectURL(redirectUrl));
    }
}

From source file:org.pentaho.platform.web.http.filters.PentahoWebContextFilter.java

public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
        throws IOException, ServletException {
    HttpServletRequest httpRequest = (HttpServletRequest) request;
    HttpServletResponse httpResponse = (HttpServletResponse) response;

    String requestStr = httpRequest.getRequestURI();

    if (requestStr != null && requestStr.endsWith(WEB_CONTEXT_JS)
            && httpRequest.getAttribute(FILTER_APPLIED) == null) {
        httpRequest.setAttribute(FILTER_APPLIED, Boolean.TRUE);
        // split out a fully qualified url, guaranteed to have a trailing slash
        IPentahoRequestContext requestContext = PentahoRequestContextHolder.getRequestContext();
        String contextPath = requestContext.getContextPath();
        try {//from ww w.j av a  2 s.c  o  m
            response.setContentType("text/javascript"); //$NON-NLS-1$
            OutputStream out = response.getOutputStream();
            out.write(initialCommentBytes);

            byte[] contextPathBytes = THREAD_LOCAL_CONTEXT_PATH.get();
            byte[] requireScriptBytes = THREAD_LOCAL_REQUIRE_SCRIPT.get();
            if (contextPathBytes == null) {
                String webContext = "var CONTEXT_PATH = '" + contextPath + "';\n\n"; //$NON-NLS-1$ //$NON-NLS-2$
                contextPathBytes = webContext.getBytes();
                THREAD_LOCAL_CONTEXT_PATH.set(contextPathBytes);
                if (requireScriptBytes == null) {
                    String requireJsLocation = "content/common-ui/resources/web/require.js";
                    String requireJsConfigLocation = "content/common-ui/resources/web/require-cfg.js";
                    String requireScript = "document.write(\"<script type='text/javascript' src='" + contextPath
                            + requireJsLocation + "'></scr\"+\"ipt>\");\n"
                            + "document.write(\"<script type=\'text/javascript\' src='" + contextPath
                            + requireJsConfigLocation + "'></scr\"+\"ipt>\");\n";
                    requireScriptBytes = requireScript.getBytes();
                    THREAD_LOCAL_REQUIRE_SCRIPT.set(requireScriptBytes);
                }
            }

            String basicAuthFlag = (String) httpRequest.getSession().getAttribute("BasicAuth");
            if (basicAuthFlag != null && basicAuthFlag.equals("true")) {
                out.write(("document.write(\"<script type='text/javascript' src='" + contextPath
                        + "js/postAuth.js'></scr\"+\"ipt>\");\n").getBytes("UTF-8"));
            }

            out.write(contextPathBytes);
            out.write(fullyQualifiedUrl.getBytes());
            out.write(serverProtocol.getBytes());
            // Compute the effective locale and set it in the global scope. Also provide it as a module if the RequireJs
            // system is available.
            Locale effectiveLocale = LocaleHelper.getLocale();
            if (!StringUtils.isEmpty(request.getParameter("locale"))) {
                effectiveLocale = new Locale(request.getParameter("locale"));
            }

            // setup the RequireJS config object for plugins to extend
            out.write(REQUIRE_JS_CFG_START);

            // Let all plugins contribute to the RequireJS config
            printResourcesForContext(REQUIRE_JS, out, httpRequest, false);

            out.write(requireScriptBytes);

            printSessionName(out);
            printLocale(effectiveLocale, out);
            printHomeFolder(out);
            printReservedChars(out);
            printReservedCharsDisplay(out);
            printReservedRegexPattern(out);

            boolean requireJsOnly = "true".equals(request.getParameter("requireJsOnly"));

            if (!requireJsOnly) {
                // print global resources defined in plugins
                printResourcesForContext(GLOBAL, out, httpRequest, false);

                // print out external-resources defined in plugins if a context has been passed in
                String contextName = request.getParameter(CONTEXT);
                boolean cssOnly = "true".equals(request.getParameter("cssOnly"));
                if (StringUtils.isNotEmpty(contextName)) {
                    printResourcesForContext(contextName, out, httpRequest, cssOnly);
                }
            }

            // Any subclass can add more information to webcontext.js
            addCustomInfo(out);

            out.close();
            return;
        } finally {
            httpRequest.removeAttribute(FILTER_APPLIED);
        }
    } else {
        chain.doFilter(httpRequest, httpResponse);
        return;
    }
}

From source file:org.lockss.servlet.LockssOiosamlSpFilter.java

/**
 * Check whether the user is authenticated i.e. having session with a valid
 * assertion. If the user is not authenticated an &lt;AuthnRequest&gt; is sent
 * to the Login Site./*from  www .  ja v a 2  s.  com*/
 * 
 * @param request
 *          The servletRequest
 * @param response
 *          The servletResponse
 */
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
        throws IOException, ServletException {
    final String DEBUG_HEADER = "doFilter(): ";
    if (log.isDebug2())
        log.debug2(DEBUG_HEADER + "Starting...");

    if (!(request instanceof HttpServletRequest)) {
        throw new RuntimeException("Not supported operation...");
    }

    HttpServletRequest servletRequest = ((HttpServletRequest) request);
    Audit.init(servletRequest);

    if (!isFilterInitialized()) {
        if (log.isDebug3())
            log.debug3(DEBUG_HEADER + "isFilterInitialized() = false");

        try {
            Configuration conf = SAMLConfigurationFactory.getConfiguration().getSystemConfiguration();
            setRuntimeConfiguration(conf);
        } catch (IllegalStateException e) {
            request.getRequestDispatcher("/saml/configure").forward(request, response);
            if (log.isDebug2()) {
                log.debug2(DEBUG_HEADER + "Forwarded to /saml/configure.");
                log.debug2(DEBUG_HEADER + "Done.");
            }
            return;
        }
    } else {
        if (log.isDebug3())
            log.debug3(DEBUG_HEADER + "isFilterInitialized() = true");
    }

    if (conf.getSystemConfiguration().getBoolean(Constants.PROP_DEVEL_MODE, false)) {
        log.warning("Running in developer mode, skipped regular filter.");
        develMode.doFilter(servletRequest, (HttpServletResponse) response, chain,
                conf.getSystemConfiguration());
        if (log.isDebug2())
            log.debug2(DEBUG_HEADER + "Done.");
        return;
    }

    if (cleanerRunning.compareAndSet(false, true)) {
        int maxInactiveInterval = ((HttpServletRequest) request).getSession().getMaxInactiveInterval();
        if (log.isDebug3())
            log.debug3(DEBUG_HEADER + "maxInactiveInterval = " + maxInactiveInterval);

        if (maxInactiveInterval < 0) {
            maxInactiveInterval = 3600;
        }

        SessionCleaner.startCleaner(sessionHandlerFactory.getHandler(), maxInactiveInterval, 30);
    }

    SessionHandler sessionHandler = sessionHandlerFactory.getHandler();

    if (servletRequest.getServletPath()
            .equals(conf.getSystemConfiguration().getProperty(Constants.PROP_SAML_SERVLET))) {
        if (log.isDebug())
            log.debug(DEBUG_HEADER + "Request to SAML servlet, access granted");
        chain.doFilter(new SAMLHttpServletRequest(servletRequest, hostname, null), response);
        if (log.isDebug2())
            log.debug2(DEBUG_HEADER + "Done.");
        return;
    }

    final HttpSession session = servletRequest.getSession();
    if (log.isDebug())
        log.debug(DEBUG_HEADER + "session.getId() = " + session.getId());

    Boolean forceAuthn = false;
    if (request.getParameterMap().containsKey(Constants.QUERY_STRING_FORCE_AUTHN)) {
        String forceAuthnAsString = request.getParameter(Constants.QUERY_STRING_FORCE_AUTHN);
        if (log.isDebug3())
            log.debug3(DEBUG_HEADER + "forceAuthnAsString = " + forceAuthnAsString);

        forceAuthn = forceAuthnAsString.toLowerCase().equals("true");
    }

    if (log.isDebug3())
        log.debug3(DEBUG_HEADER + "forceAuthn = " + forceAuthn);

    // Is the user logged in?
    if (sessionHandler.isLoggedIn(session.getId())
            && session.getAttribute(Constants.SESSION_USER_ASSERTION) != null && !forceAuthn) {
        int actualAssuranceLevel = sessionHandler.getAssertion(session.getId()).getAssuranceLevel();
        if (log.isDebug3())
            log.debug3(DEBUG_HEADER + "actualAssuranceLevel = " + actualAssuranceLevel);

        int assuranceLevel = conf.getSystemConfiguration().getInt(Constants.PROP_ASSURANCE_LEVEL);
        if (log.isDebug3())
            log.debug3(DEBUG_HEADER + "assuranceLevel = " + assuranceLevel);

        if (actualAssuranceLevel > 0 && actualAssuranceLevel < assuranceLevel) {
            sessionHandler.logOut(session);
            log.warning("Assurance level too low: " + actualAssuranceLevel + ", required: " + assuranceLevel);
            throw new RuntimeException(
                    "Assurance level too low: " + actualAssuranceLevel + ", required: " + assuranceLevel);
        }

        UserAssertion ua = (UserAssertion) session.getAttribute(Constants.SESSION_USER_ASSERTION);
        if (log.isDebug()) {
            log.debug(DEBUG_HEADER + "Everything is OK.");
            log.debug(DEBUG_HEADER + "Subject: " + ua.getSubject());
            log.debug(DEBUG_HEADER + "NameID Format: " + ua.getNameIDFormat());
            log.debug(DEBUG_HEADER + "Common Name: " + ua.getCommonName());
            log.debug(DEBUG_HEADER + "UserId: " + ua.getUserId());
            log.debug(DEBUG_HEADER + "Authenticated?: " + ua.isAuthenticated());
            log.debug(DEBUG_HEADER + "Signed?: " + ua.isSigned());
        }

        Audit.log(Operation.ACCESS, servletRequest.getRequestURI());

        try {
            UserAssertionHolder.set(ua);
            HttpServletRequestWrapper requestWrap = new SAMLHttpServletRequest(servletRequest, ua, hostname);
            chain.doFilter(requestWrap, response);
            if (log.isDebug2())
                log.debug2(DEBUG_HEADER + "Done.");
            return;
        } finally {
            UserAssertionHolder.set(null);
        }
    } else {
        session.removeAttribute(Constants.SESSION_USER_ASSERTION);
        UserAssertionHolder.set(null);
        saveRequestAndGotoLogin((HttpServletResponse) response, servletRequest);
    }

    if (log.isDebug2())
        log.debug2(DEBUG_HEADER + "Done.");
}

From source file:com.vcredit.lrh.microservice.gateway.api.redis.SecurityHandlerRedis.java

public void process(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException {
    HttpServletResponse httpServletResponse = (HttpServletResponse) response;
    HttpServletRequest servletRequest = (HttpServletRequest) request;
    String token = "";
    String clientVersion = "";
    String deviceType = "";
    //header??/*  ww w  .  j  a  va 2  s  .co  m*/
    String base64Str = servletRequest.getHeader("clientHeader");
    if (!StringUtils.isEmpty(base64Str)) {
        String headerJsonStr = Base64Utils.getFromBase64(base64Str);
        JSONObject headerJson = JSONObject.parseObject(headerJsonStr);
        token = headerJson.getString("accessToken");
        try {
            clientVersion = headerJson.getString("apiClientVersion");
            deviceType = headerJson.getString("deviceType");
            //add by xuhui 20170406
            if (!StringUtils.isEmpty(clientVersion)) {
                if ("iOS".equals(deviceType) && iosAppVertion.compareTo(clientVersion) > 0) {
                    JSONObject jSONObject = new JSONObject();
                    PrintWriter pw = httpServletResponse.getWriter();
                    jSONObject.put("type", LrhConstants.ErrorCodeTypeEnum.FORCEUPDATE.getCode());
                    jSONObject.put("success", true);
                    jSONObject.put("code", 201);
                    Map<String, Object> map = new HashMap();
                    //?
                    map.put("updateUrl", "");
                    map.put("updateInfo", "");
                    map.put("updateTargetVersion", iosAppVertion);
                    map.put("forceUpdate", true);
                    map.put("appType", "iOS");
                    jSONObject.put("data", map);
                    pw.write(jSONObject.toJSONString());
                    pw.flush();
                }
                if ("android".equals(deviceType) && andriodAppVersion.compareTo(clientVersion) > 0) {
                    JSONObject jSONObject = new JSONObject();
                    PrintWriter pw = httpServletResponse.getWriter();
                    jSONObject.put("type", LrhConstants.ErrorCodeTypeEnum.FORCEUPDATE.getCode());
                    jSONObject.put("success", true);
                    jSONObject.put("code", 201);
                    Map<String, Object> map = new HashMap();
                    //?
                    map.put("updateUrl",
                            "http://10.154.40.42:7777/lrh_apk_android_20_v0.0.1/vcredit_lrh_debug_v0.0.2_2017_0421_1041_Vcredit_TecentQQ.apk");
                    map.put("updateInfo", "");
                    map.put("updateTargetVersion", andriodAppVersion);
                    map.put("forceUpdate", true);
                    map.put("appType", "android");
                    jSONObject.put("data", map);
                    pw.write(jSONObject.toJSONString());
                    pw.flush();
                }
            }
        } catch (Exception e) {
        }
    }

    //        String token = request.getParameter("accessToken") == null ? accessTokenFromHeader : request.getParameter("accessToken");
    if (StringUtils.isEmpty(token)) {
        token = servletRequest.getSession().getId().toUpperCase();
    }
    String openId = request.getParameter("open_id");
    httpServletResponse.setHeader("Content-Type", "application/json");
    try {
        if (servletRequest.getServletPath().equals(securityProperties.getLoginSecurityUrl())) {
            chain.doFilter(request, response);
        } else if (servletRequest.getServletPath().equals("/favicon.ico")) {
            chain.doFilter(request, response);
            //                PrintWriter pw = httpServletResponse.getWriter();
            //                pw.write("favicon.ico");
            //                pw.flush();
        } else if (openId == null && null == token) {
            unauthorizedRequest(httpServletResponse);
        } else if (needAuthentication(servletRequest.getServletPath())) {
            //                JSONObject currentUser = securityService.getUserByAccessToken(token);
            JSONObject currentUser = redisTemplate.get(RedisCacheKeys.ACCOUNT_CACHE_TOKEN + token,
                    JSONObject.class);
            if (null == currentUser) {
                unauthorizedRequest(httpServletResponse);
            } else {
                chain.doFilter(request, response);
            }
        } else {
            chain.doFilter(request, response);
        }
    } catch (ServletException ex) {
        logger.error(ex.getMessage(), ex);
        serverErrorRequest(httpServletResponse);
    }
}

From source file:org.alfresco.repo.webdav.auth.HTTPRequestAuthenticationFilter.java

/**
 * Run the authentication filter/* w ww .j  a v a 2 s  .c om*/
 * 
 * @param req
 *            ServletRequest
 * @param resp
 *            ServletResponse
 * @param chain
 *            FilterChain
 * @exception ServletException
 * @exception IOException
 */
public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain)
        throws IOException, ServletException {
    // Assume it's an HTTP request

    final HttpServletRequest httpReq = (HttpServletRequest) req;
    HttpServletResponse httpResp = (HttpServletResponse) resp;

    // Get the user details object from the session

    SessionUser user = (SessionUser) httpReq.getSession().getAttribute(AUTHENTICATION_USER);

    if (user == null) {
        // Check for the auth header

        String authHdr = httpReq.getHeader(httpServletRequestAuthHeaderName);
        if (logger.isDebugEnabled()) {
            if (authHdr == null) {
                logger.debug("Header not found: " + httpServletRequestAuthHeaderName);
            } else {
                logger.debug("Header is <" + authHdr + ">");
            }
        }

        // Throw an error if we have an unknown authentication

        if ((authHdr != null) && (authHdr.length() > 0)) {

            // Get the user

            final String userName;
            if (m_authPattern != null) {
                Matcher matcher = m_authPattern.matcher(authHdr);
                if (matcher.matches()) {
                    userName = matcher.group();
                    if ((userName == null) || (userName.length() < 1)) {
                        if (logger.isDebugEnabled()) {
                            logger.debug("Extracted null or empty user name from pattern " + m_authPatternString
                                    + " against " + authHdr);
                        }
                        reject(httpReq, httpResp);
                        return;
                    }
                } else {
                    if (logger.isDebugEnabled()) {
                        logger.debug("no pattern match for " + m_authPatternString + " against " + authHdr);
                    }
                    reject(httpReq, httpResp);
                    return;
                }
            } else {
                userName = authHdr;
            }

            if (logger.isDebugEnabled()) {
                logger.debug("User = " + userName);
            }

            // Get the authorization header

            user = transactionService.getRetryingTransactionHelper()
                    .doInTransaction(new RetryingTransactionHelper.RetryingTransactionCallback<SessionUser>() {

                        public SessionUser execute() throws Throwable {
                            try {
                                // Authenticate the user

                                m_authComponent.clearCurrentSecurityContext();
                                m_authComponent.setCurrentUser(userName);

                                return createUserEnvironment(httpReq.getSession(), userName,
                                        authenticationService.getCurrentTicket(), true);
                            } catch (AuthenticationException ex) {
                                if (logger.isDebugEnabled()) {
                                    logger.debug("Failed", ex);
                                }
                                return null;
                                // Perhaps auto-creation/import is disabled
                            }
                        }
                    });

        } else {
            // Check if the request includes an authentication ticket

            String ticket = req.getParameter(ARG_TICKET);

            if (ticket != null && ticket.length() > 0) {
                // Debug

                if (logger.isDebugEnabled())
                    logger.debug("Logon via ticket from " + req.getRemoteHost() + " (" + req.getRemoteAddr()
                            + ":" + req.getRemotePort() + ")" + " ticket=" + ticket);

                try {
                    // Validate the ticket
                    authenticationService.validate(ticket);

                    // Need to create the User instance if not already available
                    user = createUserEnvironment(httpReq.getSession(),
                            authenticationService.getCurrentUserName(), ticket, true);
                } catch (AuthenticationException authErr) {
                    // Clear the user object to signal authentication failure
                    if (logger.isDebugEnabled()) {
                        logger.debug("Failed", authErr);
                    }
                    user = null;
                }
            }
        }

        // Check if the user is authenticated, if not then prompt again

        if (user == null) {
            // No user/ticket, force the client to prompt for logon details
            reject(httpReq, httpResp);
            return;
        }
    }

    // Chain other filters

    chain.doFilter(req, resp);
}

From source file:org.alfresco.repo.webdav.auth.AuthenticationFilter.java

/**
 * Run the authentication filter/* w  w w .  j a va 2 s . c  om*/
 * 
 * @param context ServletContext
 * @param req ServletRequest
 * @param resp ServletResponse
 * @param chain FilterChain
 * @exception ServletException
 * @exception IOException
 */
public void doFilter(ServletContext context, ServletRequest req, ServletResponse resp, FilterChain chain)
        throws IOException, ServletException {
    if (logger.isDebugEnabled())
        logger.debug("Entering AuthenticationFilter.");

    // Assume it's an HTTP request

    HttpServletRequest httpReq = (HttpServletRequest) req;
    HttpServletResponse httpResp = (HttpServletResponse) resp;

    // Get the user details object from the session
    SessionUser user = getSessionUser(context, httpReq, httpResp, false);

    if (user == null) {
        if (logger.isDebugEnabled())
            logger.debug("There is no user in the session.");
        // Get the authorization header

        String authHdr = httpReq.getHeader("Authorization");

        if (authHdr != null && authHdr.length() > 5 && authHdr.substring(0, 5).equalsIgnoreCase("BASIC")) {
            if (logger.isDebugEnabled())
                logger.debug("Basic authentication details present in the header.");
            byte[] encodedString = Base64.decodeBase64(authHdr.substring(5).getBytes());

            // ALF-13621: Due to browser inconsistencies we have to try a fallback path of encodings
            Set<String> attemptedAuths = new HashSet<String>(ENCODINGS.length * 2);
            for (String encoding : ENCODINGS) {
                CharsetDecoder decoder = Charset.forName(encoding).newDecoder()
                        .onMalformedInput(CodingErrorAction.REPORT);
                try {
                    // Attempt to decode using this charset 
                    String basicAuth = decoder.decode(ByteBuffer.wrap(encodedString)).toString();

                    // It decoded OK but we may already have tried this string.
                    if (!attemptedAuths.add(basicAuth)) {
                        // Already tried - no need to try again
                        continue;
                    }

                    String username = null;
                    String password = null;

                    // Split the username and password
                    int pos = basicAuth.indexOf(":");
                    if (pos != -1) {
                        username = basicAuth.substring(0, pos);
                        password = basicAuth.substring(pos + 1);
                    } else {
                        username = basicAuth;
                        password = "";
                    }

                    // Go to the repo and authenticate
                    Authorization auth = new Authorization(username, password);
                    if (auth.isTicket()) {
                        authenticationService.validate(auth.getTicket());
                    } else {
                        authenticationService.authenticate(username, password.toCharArray());
                        authenticationListener.userAuthenticated(new BasicAuthCredentials(username, password));
                    }

                    user = createUserEnvironment(httpReq.getSession(),
                            authenticationService.getCurrentUserName(),
                            authenticationService.getCurrentTicket(), false);

                    // Success so break out
                    break;
                } catch (CharacterCodingException e) {
                    if (logger.isDebugEnabled())
                        logger.debug("Didn't decode using " + decoder.getClass().getName(), e);
                } catch (AuthenticationException ex) {
                    if (logger.isDebugEnabled())
                        logger.debug("Authentication error ", ex);
                } catch (NoSuchPersonException e) {
                    if (logger.isDebugEnabled())
                        logger.debug("There is no such person error ", e);
                }
            }
        } else {
            // Check if the request includes an authentication ticket

            String ticket = req.getParameter(ARG_TICKET);

            if (ticket != null && ticket.length() > 0) {
                // PowerPoint bug fix
                if (ticket.endsWith(PPT_EXTN)) {
                    ticket = ticket.substring(0, ticket.length() - PPT_EXTN.length());
                }

                // Debug

                if (logger.isDebugEnabled())
                    logger.debug("Logon via ticket from " + req.getRemoteHost() + " (" + req.getRemoteAddr()
                            + ":" + req.getRemotePort() + ")" + " ticket=" + ticket);

                // Validate the ticket

                authenticationService.validate(ticket);
                authenticationListener.userAuthenticated(new TicketCredentials(ticket));

                // Need to create the User instance if not already available

                String currentUsername = authenticationService.getCurrentUserName();

                user = createUserEnvironment(httpReq.getSession(), currentUsername, ticket, false);
            }
        }

        // Check if the user is authenticated, if not then prompt again

        if (user == null) {
            if (logger.isDebugEnabled())
                logger.debug("No user/ticket, force the client to prompt for logon details.");

            httpResp.setHeader("WWW-Authenticate", "BASIC realm=\"Alfresco DAV Server\"");
            httpResp.setStatus(HttpServletResponse.SC_UNAUTHORIZED);

            httpResp.flushBuffer();
            return;
        }
    } else {
        authenticationListener.userAuthenticated(new TicketCredentials(user.getTicket()));
    }

    // Chain other filters

    chain.doFilter(req, resp);
}

From source file:org.infoglue.cms.security.InfoGlueAuthenticationFilter.java

/**
 * This filter is basically what secures Infoglue and enforces the authentication framework.
 *///from  w ww .j a v a2  s. c  om
public void doFilter(ServletRequest request, ServletResponse response, FilterChain fc)
        throws ServletException, IOException {
    HttpServletRequest httpServletRequest = (HttpServletRequest) request;
    HttpServletResponse httpServletResponse = (HttpServletResponse) response;

    try {
        if (CmsPropertyHandler.getServletContext() == null) {
            CmsPropertyHandler.setServletContext(httpServletRequest.getContextPath());
        }

        String URI = httpServletRequest.getRequestURI();
        String URL = httpServletRequest.getRequestURL().toString();
        if (logger.isInfoEnabled()) {
            logger.info("URI: + " + URI);
            logger.info("URL: + " + URL);
        }

        String requestURI = URLDecoder.decode(getContextRelativeURI(httpServletRequest), "UTF-8");
        if (URI == null)
            logger.error("URI was null - requestURI:" + requestURI);
        if (URL == null)
            logger.error("URL was null - requestURI:" + requestURI);
        if (requestURI == null)
            logger.error("requestURI was null");

        if (loginUrl == null) {
            logger.error("loginUrl was null - fix this.");
            loginUrl = "Login.action";
        }
        if (invalidLoginUrl == null) {
            logger.error("invalidLoginUrl was null - fix this.");
            invalidLoginUrl = "Login!invalidLogin.action";
        }
        if (logoutUrl == null) {
            logger.error("logoutUrl was null - fix this.");
            logoutUrl = "ExtranetLogin!logout.action";
        }

        if (uriMatcher == null) {
            logger.error("uriMatcher was null - fix this.");
            String filterURIs = filterConfig.getInitParameter(FILTER_URIS_PARAMETER);
            uriMatcher = URIMatcher.compilePatterns(splitString(filterURIs, ","), false);
        }

        if (!CmsPropertyHandler.getIsValidSetup()
                && (URI.indexOf("Install") == -1 && URI.indexOf(".action") > -1)) {
            httpServletResponse.sendRedirect("Install!input.action");
            return;
        }

        //Here are the url:s/paths that must be skipped by the security framework for it to work. Login screens etc must be reachable naturally.
        if (URI != null && URL != null
                && (URI.indexOf(loginUrl) > -1 || URL.indexOf(loginUrl) > -1 || URI.indexOf("Login.action") > -1
                        || URL.indexOf("Login.action") > -1 || URI.indexOf(invalidLoginUrl) > -1
                        || URL.indexOf(invalidLoginUrl) > -1 || URI.indexOf("Login!invalidLogin.action") > -1
                        || URL.indexOf("Login!invalidLogin.action") > -1 || URI.indexOf(logoutUrl) > -1
                        || URI.indexOf("Login!logout.action") > -1 || URL.indexOf(logoutUrl) > -1
                        || URI.indexOf("UpdateCache") > -1 || URI.indexOf("protectedRedirect.jsp") > -1
                        || uriMatcher.matches(requestURI))) {
            fc.doFilter(request, response);
            return;
        }

        // make sure we've got an HTTP request
        if (!(request instanceof HttpServletRequest) || !(response instanceof HttpServletResponse))
            throw new ServletException("InfoGlue Filter protects only HTTP resources");

        HttpSession session = ((HttpServletRequest) request).getSession();

        String sessionTimeout = CmsPropertyHandler.getSessionTimeout();
        try {
            Integer.parseInt(sessionTimeout);
        } catch (Exception e) {
            sessionTimeout = "1800";
        }
        if (sessionTimeout == null)
            sessionTimeout = "1800";

        session.setMaxInactiveInterval(new Integer(sessionTimeout).intValue());

        // if our attribute's already present, don't do anything
        //logger.info("User:" + session.getAttribute(INFOGLUE_FILTER_USER));
        if (session != null && session.getAttribute(INFOGLUE_FILTER_USER) != null) {
            //logger.info("Found user in session:" + session.getAttribute(INFOGLUE_FILTER_USER));
            //if(successLoginBaseUrl != null && !URL.startsWith(successLoginBaseUrl))
            //{
            //    checkSuccessRedirect(request, response, URL);
            //}
            //else
            //{
            fc.doFilter(request, response);
            return;
            //}
        }

        // otherwise, we need to authenticate somehow
        boolean isAdministrator = false;

        String userName = request.getParameter("j_username");
        String password = request.getParameter("j_password");

        if (userName != null && password != null) {
            String administratorUserName = CmsPropertyHandler.getAdministratorUserName();

            boolean matchesRootPassword = CmsPropertyHandler.getMatchesAdministratorPassword(password);
            isAdministrator = (userName.equalsIgnoreCase(administratorUserName) && matchesRootPassword) ? true
                    : false;
        }

        //First we check if the user is logged in to the container context
        if (!isAdministrator) {
            logger.info("Principal:" + httpServletRequest.getUserPrincipal());
            if (httpServletRequest.getUserPrincipal() != null
                    && !(httpServletRequest.getUserPrincipal() instanceof InfoGluePrincipal)) {
                userName = httpServletRequest.getUserPrincipal().getName();
                logger.info("Now trusting the container logged in identity...");
            }
        }

        String authenticatedUserName = userName;

        if (!isAdministrator) {
            String encodedUserNameCookie = httpHelper.getCookie(httpServletRequest, "iguserid");
            logger.info("encodedUserNameCookie:" + encodedUserNameCookie);
            if (encodedUserNameCookie != null && !encodedUserNameCookie.equals("")) {
                byte[] bytes = Base64.decodeBase64(encodedUserNameCookie);
                encodedUserNameCookie = new String(bytes, "utf-8");
                //encodedUserNameCookie = encodedUserNameCookie.replaceAll("IGEQ", "=");
                logger.info("encodedUserNameCookie:" + encodedUserNameCookie);
                String servletContextUserName = (String) filterConfig.getServletContext()
                        .getAttribute(encodedUserNameCookie);
                logger.info("servletContextUserName:" + servletContextUserName);
                if (servletContextUserName != null && !servletContextUserName.equals("")) {
                    authenticatedUserName = servletContextUserName;
                } else {
                    Cookie cookie_iguserid = new Cookie("iguserid", "none");
                    cookie_iguserid.setPath("/");
                    cookie_iguserid.setMaxAge(0);
                    httpServletResponse.addCookie(cookie_iguserid);

                    Cookie cookie_igpassword = new Cookie("igpassword", "none");
                    cookie_igpassword.setPath("/");
                    cookie_igpassword.setMaxAge(0);
                    httpServletResponse.addCookie(cookie_igpassword);

                    authenticatedUserName = authenticateUser(httpServletRequest, httpServletResponse, fc);
                }
            } else {
                authenticatedUserName = authenticateUser(httpServletRequest, httpServletResponse, fc);
            }
        }

        logger.info("authenticatedUserName:" + authenticatedUserName);

        if (authenticatedUserName != null) {
            logger.info("Getting the principal from user name:" + authenticatedUserName);

            InfoGluePrincipal user = getAuthenticatedUser(authenticatedUserName);
            if (user == null || (!user.getIsAdministrator() && !hasAuthorizedRole(user))) {
                //throw new Exception("This user is not authorized to log in...");
                httpServletResponse.sendRedirect("unauthorizedLogin.jsp");

                NotificationMessage notificationMessage = new NotificationMessage("Authorization failed:",
                        "Authorization", authenticatedUserName, NotificationMessage.AUTHORIZATION_FAILED,
                        "" + authenticatedUserName, "name");
                TransactionHistoryController.getController().create(notificationMessage);

                return;
            }

            //TODO - we must fix so these caches are individual to the person - now a login will slow down for all
            //CacheController.clearCache("authorizationCache");
            //CacheController.clearCache("personalAuthorizationCache", user.getName());
            CacheController.clearCacheForGroup("personalAuthorizationCache", user.getName());

            // Store the authenticated user in the session
            if (session != null) {
                session.setAttribute(INFOGLUE_FILTER_USER, user);
                setUserProperties(session, user);
            }

            //TEST - transferring auth to deliverworking
            try {
                if (userName != null && password != null) {
                    DesEncryptionHelper encHelper = new DesEncryptionHelper();
                    String encryptedName = encHelper.encrypt(userName);
                    String encryptedPassword = encHelper.encrypt(password);

                    String encryptedNameAsBase64 = Base64
                            .encodeBase64URLSafeString(encryptedName.getBytes("utf-8"));
                    String encryptedPasswordAsBase64 = Base64
                            .encodeBase64URLSafeString(encryptedPassword.getBytes("utf-8"));

                    String deliverBaseUrl = CmsPropertyHandler.getComponentRendererUrl();
                    String[] parts = deliverBaseUrl.split("/");

                    deliverBaseUrl = "/" + parts[parts.length - 1];
                    //logger.info("used cmsBaseUrl:" + cmsBaseUrl);

                    ServletContext servletContext = filterConfig.getServletContext().getContext(deliverBaseUrl);
                    if (servletContext == null) {
                        logger.error("Could not autologin to " + deliverBaseUrl
                                + ". Set cross context = true in Tomcat config.");
                    } else {
                        logger.info("Added encryptedName:" + encryptedName + " = " + user.getName()
                                + " to deliver context");
                        servletContext.setAttribute(encryptedName, user.getName());
                    }

                    int cmsCookieTimeout = 1800; //30 minutes default
                    String cmsCookieTimeoutString = null; //CmsPropertyHandler.getCmsCookieTimeout();
                    if (cmsCookieTimeoutString != null) {
                        try {
                            cmsCookieTimeout = Integer.parseInt(cmsCookieTimeoutString.trim());
                        } catch (Exception e) {
                        }
                    }

                    //Cookie cookie_iguserid = new Cookie("iguserid", encryptedName.replaceAll("=", "IGEQ"));
                    Cookie cookie_iguserid = new Cookie("iguserid", encryptedNameAsBase64);
                    cookie_iguserid.setPath("/");
                    cookie_iguserid.setMaxAge(cmsCookieTimeout);
                    httpServletResponse.addCookie(cookie_iguserid);

                    //Cookie cookie_igpassword = new Cookie ("igpassword", encryptedPassword.replaceAll("=", "IGEQ"));
                    Cookie cookie_igpassword = new Cookie("igpassword", encryptedPasswordAsBase64);
                    cookie_igpassword.setPath("/");
                    cookie_igpassword.setMaxAge(cmsCookieTimeout);
                    httpServletResponse.addCookie(cookie_igpassword);

                    //logger.info(encryptedName + "=" + userName);
                    //logger.info("After attribute:" + servletContext.getAttribute(encryptedName));
                }
            } catch (Exception e) {
                logger.error("Error: " + e.getMessage(), e);
            }
            //END TEST

            String logUserName = userName;
            if (logUserName == null || logUserName.equals("") && user != null)
                logUserName = user.getName();
            if (logUserName == null || logUserName.equals(""))
                logUserName = authenticatedUserName;
            if (logUserName == null || logUserName.equals(""))
                logUserName = "Unknown";

            NotificationMessage notificationMessage = new NotificationMessage("Login success:",
                    "Authentication", logUserName, NotificationMessage.AUTHENTICATION_SUCCESS,
                    "" + authenticatedUserName, "name");
            TransactionHistoryController.getController().create(notificationMessage);

            if (successLoginBaseUrl != null && !URL.startsWith(successLoginBaseUrl)) {
                checkSuccessRedirect(request, response, URL);
            } else {
                fc.doFilter(request, response);
                return;
            }
        } else {
            if (userName != null && !userName.equals("")) {
                NotificationMessage notificationMessage = new NotificationMessage("Login failed:",
                        "Authentication", userName, NotificationMessage.AUTHENTICATION_FAILED, "" + userName,
                        "name");
                TransactionHistoryController.getController().create(notificationMessage);
            }
        }
    } catch (Exception e) {
        logger.error("Error authenticating user:" + e.getMessage(), e);
        httpServletRequest.setAttribute("error", new Exception(
                "Error in authentication filter - look at the server error log (usually catalina.out) for reason but the most common one is problem connecting to the database or a faulty connection user or limited access for that account."));
        httpServletResponse.sendError(500);
        return;
    }
}

From source file:org.openmrs.module.personalhr.web.filter.PhrSecurityFilter.java

/**
 * For an authenticated user to access a non-excluded URL:
 * 1. check if a redirect is needed first;
 * 2. if a redirect is not needed, check PHR URL level security
 * <p/>//  w w w .jav  a 2  s . c o m
 * PHR URL redirecting rules:
 * 1. Check user type: unauthenticated user, PHR user, non-PHR user
 * 2. Unauthenticated user: no-redirect
 * 3. PHR user: 1) redirect /openmrs/index.htm and /openmrs/phr to corresponding PHR pages; 2) re-append missing patientId or personId parameters
 * 4. non-PHR user: redirected to non-PHR pages by PHR login servlet
 * <p/>
 * PHR URL level security checking rules:
 * 1. Check user type: unauthenticated user, PHR user, non-PHR user
 * 2. Unauthenticated user: skip
 * 3. PHR user: check against PHR allowed url list and corresponding privilege required
 * 4. non-PHR user: block access to /phr/ domain
 *
 * @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest,
 * javax.servlet.ServletResponse, javax.servlet.FilterChain)
 */
@Override
public void doFilter(final ServletRequest request, final ServletResponse response, final FilterChain chain)
        throws IOException, ServletException {
    HttpServletRequest hsr = (HttpServletRequest) request;
    final String requestURI = hsr.getRequestURI();
    final String patientId = hsr.getParameter("patientId");
    final String personId = hsr.getParameter("personId");
    final String encounterId = hsr.getParameter("encounterId");
    String phrRole = null;

    this.log.warn("Entering PhrSecurityFilter.doFilter: " + requestURI + "|" + patientId + "|" + personId + "|"
            + encounterId);

    //redirect /phr/ to /phr/index.htm
    if (requestURI.toLowerCase().endsWith("/phr/") || requestURI.toLowerCase().endsWith("/phr")) {
        String redirect = "/phr/index.htm";

        ((HttpServletResponse) response).sendRedirect(hsr.getContextPath() + redirect);
        return;
    }

    //This filter applies to authenticated users only
    if (Context.isAuthenticated()) {
        final User user = Context.getAuthenticatedUser();
        phrRole = getPhrService().getPhrRole(user);

        //Check if the URL is in the excluded (for checking) list
        if (shouldCheckAccessToUrl(requestURI)) {
            try {
                PersonalhrUtil.addMinimumTemporaryPrivileges();

                final Integer patId = PersonalhrUtil.getParamAsInteger(patientId);

                Patient pat = patId == null ? null : Context.getPatientService().getPatient(patId);

                final Integer perId = PersonalhrUtil.getParamAsInteger(personId);
                final Person per = perId == null ? null : Context.getPersonService().getPerson(perId);

                final Integer encId = PersonalhrUtil.getParamAsInteger(encounterId);
                final Encounter enc = encId == null ? null : Context.getEncounterService().getEncounter(encId);
                if (enc != null) {
                    pat = enc.getPatient();
                }

                //**************************
                //Perform redirect checking
                //**************************
                if (phrRole != null) {
                    //1) redirect /openmrs/index.htm
                    if ((requestURI.toLowerCase().contains("index.htm")
                            || requestURI.toLowerCase().endsWith("/openmrs/")
                            || requestURI.toLowerCase().endsWith("/openmrs"))
                            && !requestURI.toLowerCase().contains("/phr/")) {
                        String redirect = requestURI;
                        if (phrRole != null) {
                            final Integer userPersonId = (user == null ? null : user.getPerson().getId());
                            if (PhrBasicRole.PHR_PATIENT.getValue().equals(phrRole)) {
                                if (userPersonId != null) {
                                    redirect = "/phr/patientDashboard.form?patientId=" + userPersonId;
                                } else {
                                    this.log.error("Error: PHR Patient's person id is null!");
                                }
                                //PersonalhrUtil.addTemporayPrivileges();
                            } else if (PhrBasicRole.PHR_RESTRICTED_USER.getValue().equals(phrRole)) {
                                if (userPersonId != null) {
                                    redirect = "/phr/restrictedUserDashboard.form?personId=" + userPersonId;
                                } else {
                                    this.log.error("Error: PHR Restricted user's person id is null!");
                                }
                                //PersonalhrUtil.addTemporayPrivileges();
                            } else if (PhrBasicRole.PHR_ADMINISTRATOR.getValue().equals(phrRole)) {
                                redirect = "/phr/findPatient.htm";
                                //PersonalhrUtil.addTemporayPrivileges();
                            }

                            this.log.debug("***URL access is redirected to " + redirect + " for user " + user
                                    + "|" + requestURI + "|" + pat + "|" + per);

                            getPhrService().logEvent(PhrLogEvent.ACCESS_REDIRECT, new Date(), user,
                                    ((HttpServletRequest) request).getSession().getId(), pat,
                                    "redirect=" + redirect + "; client_ip=" + request.getLocalAddr());

                            ((HttpServletResponse) response)
                                    .sendRedirect(((HttpServletRequest) request).getContextPath() + redirect);
                            return;
                        }
                    } else if ((requestURI.contains("patientDashboard.form") && patId == null)
                            || (requestURI.contains("restrictedUserDashboard.form") && perId == null)) {
                        //2) re-append missing patientId or personId parameters
                        String redirect = requestURI;
                        if (phrRole != null) {
                            final Integer userPersonId = (user == null ? null : user.getPerson().getId());
                            if (PhrBasicRole.PHR_PATIENT.getValue().equals(phrRole)) {
                                if (userPersonId != null) {
                                    redirect = "/phr/patientDashboard.form?patientId=" + userPersonId;
                                } else {
                                    this.log.error("Error: PHR Patient's person id is null!");
                                }
                                //PersonalhrUtil.addTemporayPrivileges();
                            } else if (PhrBasicRole.PHR_RESTRICTED_USER.getValue().equals(phrRole)) {
                                if (userPersonId != null) {
                                    redirect = "/phr/restrictedUserDashboard.form?personId=" + userPersonId;
                                } else {
                                    this.log.error("Error: PHR Restricted user's person id is null!");
                                }
                                //PersonalhrUtil.addTemporayPrivileges();
                            }

                            this.log.debug("***URL access is redirected to " + redirect + " for user " + user
                                    + "|" + requestURI + "|" + pat + "|" + per);

                            ((HttpServletResponse) response)
                                    .sendRedirect(((HttpServletRequest) request).getContextPath() + redirect);
                            return;
                        }
                    }
                }

                //**************************
                //Perform security checking
                //**************************
                if (phrRole != null) {
                    if (!requestURI.toLowerCase().contains("/phr/")
                            && !requestURI.toLowerCase().contains("/personalhr/") && !getPhrService()
                                    .isUrlAllowed(requestURI, pat, per, Context.getAuthenticatedUser())) {

                        this.log.debug("***URL access not allowed for this PHR user!!! " + requestURI + "|"
                                + pat + "|" + per + "|" + user);
                        getPhrService().logEvent(PhrLogEvent.ACCESS_NOT_ALLOWED, new Date(), user,
                                ((HttpServletRequest) request).getSession().getId(), pat,
                                "requestURI=" + requestURI + "; client_ip=" + request.getLocalAddr());
                        this.config.getServletContext().getRequestDispatcher(this.loginForm).forward(request,
                                response);
                        return;
                    } else {
                        this.log.debug("***URL access allowed for this PHR user!!! " + user + "|" + requestURI
                                + "|" + pat + "|" + per);
                    }
                } else {
                    if (!(requestURI.toLowerCase().contains("/admin/"))
                            && ((requestURI.toLowerCase().contains("/phr/")
                                    || requestURI.toLowerCase().contains("/personalhr/")))) {
                        this.log.debug("***URL access not allowed for this non-PHR user!!! " + user + "|"
                                + requestURI + "|" + pat + "|" + per);
                        if (this.config == null) {
                            log.error("config is null");
                            return;
                        }
                        if (this.config.getServletContext() == null) {
                            log.error("servletContext is null");
                            return;
                        }
                        if (this.config.getServletContext().getRequestDispatcher(this.loginForm) == null) {
                            log.error("requestDispatcher is null");
                            return;
                        }
                        this.config.getServletContext().getRequestDispatcher(this.loginForm).forward(request,
                                response);
                        return;
                    } else {
                        this.log.debug("***URL access allowed for this non-PHR user!!! " + user + "|"
                                + requestURI + "|" + pat + "|" + per);
                    }
                }

                //****************************************************
                //Perform event logging for "POST" type request only
                //****************************************************
                if (enableEventLogging && "POST".equalsIgnoreCase(((HttpServletRequest) request).getMethod())) {
                    String command = request.getParameter("command");
                    if (command != null) {
                        getPhrService().logEvent(PhrLogEvent.SUBMIT_CHANGES, new Date(), user,
                                ((HttpServletRequest) request).getSession().getId(), pat,
                                "requestURI=" + requestURI + "; command=" + command + "; client_ip="
                                        + request.getLocalAddr());
                    } else if (!(requestURI.toLowerCase().contains("/admin")
                            || requestURI.toLowerCase().contains("get")
                            || requestURI.toLowerCase().contains("find")
                            || requestURI.toLowerCase().contains("list")
                            || requestURI.toLowerCase().contains("check")
                            || requestURI.toLowerCase().contains("validate"))) {
                        getPhrService().logEvent(PhrLogEvent.SUBMIT_CHANGES, new Date(), user,
                                ((HttpServletRequest) request).getSession().getId(), pat,
                                "requestURI=" + requestURI + "; client_ip=" + request.getLocalAddr());
                    }
                }
            } finally {
                PersonalhrUtil.removeMinimumTemporaryPrivileges();
            }
        } else {
            this.log.debug("***URL access is unchecked and allowed for this authenticated user!!! " + user + "|"
                    + requestURI + "|" + patientId + "|" + personId + "|" + encounterId);
        }
    } else {
        this.log.debug("***URL access is allowed for all unauthenticated users!!! " + requestURI + "|"
                + patientId + "|" + personId + "|" + encounterId);
    }

    try {
        //Add temporary privilege
        if (phrRole != null) {
            PersonalhrUtil.addTemporaryPrivileges();
        }

        chain.doFilter(request, response);
    } finally {
        if (phrRole != null) {
            PersonalhrUtil.removeTemporaryPrivileges();
        }
    }
}