com.medlog.webservice.lifecycle.Security.java Source code

Java tutorial

Introduction

Here is the source code for com.medlog.webservice.lifecycle.Security.java

Source

/*
 * To change this license header, choose License Headers in Project Properties.
 * To change this template file, choose Tools | Templates
 * and open the template in the editor.
 */
package com.medlog.webservice.lifecycle;

import com.medlog.webservice.CONST.API_ACTIONS;
import static com.medlog.webservice.CONST.API_ACTIONS.API_FUNCTION_FIND;
import static com.medlog.webservice.CONST.API_ACTIONS.API_PARAM_FUNCTION;
import static com.medlog.webservice.CONST.API_ACTIONS.API_PARAM_RESOURCE;
import static com.medlog.webservice.CONST.API_ACTIONS.API_RESOURCE_PHARM;
import static com.medlog.webservice.CONST.API_ACTIONS.API_RESOURCE_SIG;
import static com.medlog.webservice.CONST.API_ACTIONS.API_RESOURCE_STATES;
import com.medlog.webservice.CONST.SETTINGS;
import static com.medlog.webservice.CONST.SETTINGS.*;
import static com.medlog.webservice.CONST.STRINGS.*;
import com.medlog.webservice.util.*;
import com.medlog.webservice.vo.*;
import com.sun.xml.internal.bind.v2.runtime.reflect.opt.Const;
import java.io.IOException;
import java.io.PrintStream;
import java.io.PrintWriter;
import java.io.StringWriter;
import java.util.*;
import java.util.logging.*;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.*;
import org.apache.commons.lang3.*;

/**
 *
 * @author (c)2016 Guiding Technologies
 */
@WebFilter(filterName = "Security", urlPatterns = { "/*" })
public class Security implements Filter {

    private static final boolean debug = DEBUG;

    // The filter configuration object we are associated with.  If
    // this value is null, this filter instance is not currently
    // configured. 
    private FilterConfig filterConfig = null;

    public Security() {
    }

    private void doBeforeProcessing(ServletRequest request, ServletResponse response)
            throws IOException, ServletException {
        if (debug) {

            log("context path: " + request.getServletContext().getContextPath());
            log("Security:DoBeforeProcessing");
        }

        // Write code here to process the request and/or response before
        // the rest of the filter chain is invoked.
        // For example, a logging filter might log items on the request object,
        // such as the parameters.
        /*
        * for (Enumeration en = request.getParameterNames(); en.hasMoreElements(); ) {
        * String name = (String)en.nextElement();
        * String values[] = request.getParameterValues(name);
        * int n = values.length;
        * StringBuffer buf = new StringBuffer();
        * buf.append(name);
        * buf.append("=");
        * for(int i=0; i < n; i++) {
        * buf.append(values[i]);
        * if (i < n-1)
        * buf.append(",");
        * }
        * log(buf.toString());
        * }
         */
    }

    private void doAfterProcessing(ServletRequest request, ServletResponse response)
            throws IOException, ServletException {
        if (debug) {
            log("Security:DoAfterProcessing");
        }

        // Write code h    ere to process the request and/or response after
        // the rest of the filter chain is invoked.
        // For example, a logging filter might log the attributes on the
        // request object after the request has been processed. 
        /*
        * for (Enumeration en = request.getAttributeNames(); en.hasMoreElements(); ) {
        * String name = (String)en.nextElement();
        * Object value = request.getAttribute(name);
        * log("attribute: " + name + "=" + value.toString());
        *
        * }
         */
        // For example, a filter might append something to the response.
        /*
        * PrintWriter respOut = new PrintWriter(response.getWriter());
        * respOut.println("<P><B>This has been appended by an intrusive filter.</B>");
         */
    }

    /**
     *
     * @param request The servlet request we are processing
     * @param response The servlet response we are creating
     * @param chain The filter chain we are processing
     *
     * @exception IOException if an input/output error occurs
     * @exception ServletException if a servlet error occurs
     */
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
            throws IOException, ServletException {
        HttpServletRequest httprequest = (HttpServletRequest) request;
        HttpServletResponse httpresponse = (HttpServletResponse) response;
        PatientVO user;
        boolean isLoggedIn;
        boolean shouldDeny = false;
        String uri = null;
        String file = null;

        if (DEBUG) {
            log("Security:doFilter()");
        }
        isLoggedIn = isLoggedIn(httprequest);
        if (DEBUG) {
            log(String.format("User %s", isLoggedIn ? "IS LOGGED IN!!" : " IS NOT LOGGED IN"));
        }

        //   Map m = new TreeMap();
        //   m.put( "URI", httprequest.getRequestURI() );
        //   m.put( "URL", httprequest.getRequestURL().toString() );
        //   StrUtl.toS( httprequest.getRequestURI() );
        doBeforeProcessing(request, response);
        String[] urlParts = getUriParts(httprequest);
        uri = urlParts[0];
        file = urlParts[1];
        if (!httprequest.getRequestURI().contains(SETTINGS.FLDR_APIDOC)) {
            if (!hasAccess(uri, file, httprequest)) {
                if (DEBUG) {
                    log("Not logged in! Redirect");
                }
                httpresponse.sendRedirect("/MedLogRS/login.html?d=1");
            }
        }
        Throwable problem = null;
        try {
            chain.doFilter(request, response);
        } catch (Throwable t) {
            // If an exception is thrown somewhere down the filter chain,
            // we still want to execute our after processing, and then
            // rethrow the problem after that.

            problem = t;
            t.printStackTrace();
        }

        doAfterProcessing(request, response);

        // If there was a problem, we want to rethrow it if it is
        // a known type, otherwise log it.
        if (problem != null) {
            if (problem instanceof ServletException) {
                throw (ServletException) problem;
            }
            if (problem instanceof IOException) {
                throw (IOException) problem;
            }
            sendProcessingError(problem, response);
        }
    }

    private boolean isAPIRequest(HttpServletRequest req) {
        System.out.println("com.medlog.webservice.lifecycle.Security.isAPIRequest()" + req.getRequestURI());
        String fn = "";
        if (req.getParameter(API_PARAM_FUNCTION) != null) {
            fn = req.getParameter(API_PARAM_FUNCTION);
            System.out.println("com.medlog.webservice.lifecycle.Security.isAPIRequest() true");
            return true;

        }
        if (req.getParameter(API_PARAM_RESOURCE) != null) {
            System.out.println("com.medlog.webservice.lifecycle.Security.isAPIRequest() true");
            return true;

        }

        //        if (!StrUtl.matchOR(res, API_RESOURCE_STATES,API_RESOURCE_SIG,API_RESOURCE_PHARM)){
        //            //TODO HANDLE ONLY FIND FUNCTIONS
        //            return false;
        //        }
        if (StrUtl.matchOR(fn, API_FUNCTION_FIND, API_ACTIONS.API_FUNCTION_INSERT,
                API_ACTIONS.API_FUNCTION_FIND_BY_ID, API_ACTIONS.API_FUNCTION_LOGIN,
                API_ACTIONS.API_FUNCTION_LOGOUT)) {
            if (req.getParameter(API_PARAM_RESOURCE) != null) {

                String res = StrUtl.toS(req.getParameter(API_PARAM_RESOURCE));

                return true;
            }

        }
        return true;
    }

    private boolean isLoggedIn(HttpServletRequest httprequest) {
        try {
            boolean ret = ((PatientVO) httprequest.getSession().getAttribute(SESSION_BEAN_USER)).getPatientID() > 0;
            if (DEBUG) {
                log(String.format("User %s", ret ? "IS LOGGED IN!!" : " IS NOT LOGGED IN"));
            }
            return ret;
        } catch (Exception e) {
            if (DEBUG) {
                //   e.printStackTrace();
            }
        }
        return false;

    }

    private boolean hasAccess(String uri, String file, HttpServletRequest httprequest) {
        boolean hasAccess = isLoggedIn(httprequest) || isAPIRequest(httprequest)
                || StrUtl.regexTest(REG_EX_isNonSecurePages, StrUtl.toS(uri), true)
                || (!StringUtils.endsWith(uri, "html") && !StringUtils.endsWith(uri, "jsp"));
        if (DEBUG) {
            log(String.format("User %s access to %s.", hasAccess ? "HAS" : "DOES HOT HAVE", StrUtl.toS(uri)));
        }
        return hasAccess;
    }

    private String[] getUriParts(HttpServletRequest httprequest) {
        String[] ret = new String[2];
        ret[0] = StrUtl.toS(httprequest.getRequestURI());
        try {
            String file = ret[0];
            if (file.contains("/")) {
                file = file.substring(file.lastIndexOf("/") + 1, file.length());
            }
            if (file.contains("?")) {
                file = file.substring(0, file.indexOf("?"));
            }
            System.out.println("com.medlog.webservice.lifecycle.Security.getUriParts() FileName " + file);
            ret[1] = file;
        } catch (Exception e) {
            ret[1] = "";
        }
        return ret;
    }

    /**
     * Return the filter configuration object for this filter.
     */
    public FilterConfig getFilterConfig() {
        return (this.filterConfig);
    }

    /**
     * Set the filter configuration object for this filter.
     *
     * @param filterConfig The filter configuration object
     */
    public void setFilterConfig(FilterConfig filterConfig) {
        this.filterConfig = filterConfig;
    }

    /**
     * Destroy method for this filter
     */
    public void destroy() {
    }

    /**
     * Init method for this filter
     */
    public void init(FilterConfig filterConfig) {
        this.filterConfig = filterConfig;
        if (filterConfig != null) {
            if (debug) {
                log("Security:Initializing filter");
            }
        }
    }

    /**
     * Return a String representation of this object.
     */
    @Override
    public String toString() {
        if (filterConfig == null) {
            return ("Security()");
        }
        StringBuffer sb = new StringBuffer("Security(");
        sb.append(filterConfig);
        sb.append(")");
        return (sb.toString());
    }

    private void sendProcessingError(Throwable t, ServletResponse response) {
        String stackTrace = getStackTrace(t);

        if (stackTrace != null && !stackTrace.equals("")) {
            try {
                response.setContentType("text/html");
                PrintStream ps = new PrintStream(response.getOutputStream());
                PrintWriter pw = new PrintWriter(ps);
                pw.print("<html>\n<head>\n<title>Error</title>\n</head>\n<body>\n"); //NOI18N

                // PENDING! Localize this for next official release
                pw.print("<h1>The resource did not process correctly</h1>\n<pre>\n");
                pw.print(stackTrace);
                pw.print("</pre></body>\n</html>"); //NOI18N
                pw.close();
                ps.close();
                response.getOutputStream().close();
            } catch (Exception ex) {
            }
        } else {
            try {
                PrintStream ps = new PrintStream(response.getOutputStream());
                t.printStackTrace(ps);
                ps.close();
                response.getOutputStream().close();
            } catch (Exception ex) {
            }
        }
    }

    public static String getStackTrace(Throwable t) {
        String stackTrace = null;
        try {
            StringWriter sw = new StringWriter();
            PrintWriter pw = new PrintWriter(sw);
            t.printStackTrace(pw);
            pw.close();
            sw.close();
            stackTrace = sw.getBuffer().toString();
        } catch (Exception ex) {
        }
        return stackTrace;
    }

    public void log(String msg) {
        filterConfig.getServletContext().log(msg);
    }

    private static final Logger LOG = Logger.getLogger(Security.class.getName());

}