com.squarecash4glass.servlet.AuthFilter.java Source code

Java tutorial

  1. HOME
  2. Java
  3. com.squarecash4glass.servlet.AuthFilter.java

Introduction

Here is the source code for com.squarecash4glass.servlet.AuthFilter.java

Source

/*
 * Copyright (C) 2013 Google Inc.
 * 
 * Licensed under the Apache License, Version 2.0 (the "License"); you may not
 * use this file except in compliance with the License. You may obtain a copy of
 * the License at
 * 
 * http://www.apache.org/licenses/LICENSE-2.0
 * 
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 * License for the specific language governing permissions and limitations under
 * the License.
 */
package com.squarecash4glass.servlet;

import java.io.IOException;
import java.util.logging.Logger;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.commons.configuration.ConfigurationException;

import com.googlecode.objectify.ObjectifyService;
import com.squarecash4glass.dto.User;
import com.squarecash4glass.util.OAuth2Util;
import com.squarecash4glass.util.Oauth2Factory;

/**
 * A filter which ensures that prevents unauthenticated users from accessing the
 * web app
 *
 * @author Jenny Murphy - http://google.com/+JennyMurphy
 */
public class AuthFilter implements Filter {
    private static final Logger LOG = Logger.getLogger(AuthFilter.class.getSimpleName());

    public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain)
            throws IOException, ServletException {
        if (response instanceof HttpServletResponse && request instanceof HttpServletRequest) {
            HttpServletRequest httpRequest = (HttpServletRequest) request;
            HttpServletResponse httpResponse = (HttpServletResponse) response;

            if (httpRequest.getParameter("authToken") != null) {
                httpRequest.getSession().setAttribute("authToken", httpRequest.getParameter("authToken"));
            }

            // skip auth for static content, middle of auth flow, notify servlet
            if (httpRequest.getRequestURI().startsWith("/static")
                    || httpRequest.getRequestURI().equals("/oauth2callback")
                    || httpRequest.getRequestURI().equals("/oauth2callbacksquare")
                    || httpRequest.getRequestURI().equals("/oauth2callbackdwolla")
                    || httpRequest.getRequestURI().equals("/oauth2callbackvenmo")
                    || httpRequest.getRequestURI().equals("/favicon.ico")
                    || httpRequest.getRequestURI().equals("/script/jquery-2.1.1.js")
                    || httpRequest.getRequestURI().equals("/SquareAuth.jsp")
                    || httpRequest.getRequestURI().startsWith("/rest")
                    || httpRequest.getRequestURI().contains("/_ah")) {
                LOG.info("Skipping auth check for certain urls");
                filterChain.doFilter(request, response);
                return;
            }

            LOG.info("Checking to see if authorized by google");
            // TODO get Token
            OAuth2Util oAuth2Utilgoogle = null;
            try {
                oAuth2Utilgoogle = Oauth2Factory.getOauth2Util("google", "sandbox");
            } catch (ConfigurationException e) {
                // TODO Auto-generated catch block
                e.printStackTrace();
                throw new IOException(e);
            }
            String userid = oAuth2Utilgoogle.getUserId(httpRequest);
            if (userid == null || oAuth2Utilgoogle.getCredentialFromStore((userid)) == null
                    || oAuth2Utilgoogle.getCredentialFromStore(userid).getAccessToken() == null) {
                // redirect to auth flow
                httpResponse.sendRedirect(WebUtil.buildUrl(httpRequest, "/oauth2callback"));
                return;
            }

            // check dwolla is authenticated

            LOG.info("Checking to see if authorized by dwolla");
            if (userid == null || oAuth2Utilgoogle.getCredentialFromStore(userid + "dwolla") == null
                    || oAuth2Utilgoogle.getCredentialFromStore(userid + "dwolla").getAccessToken() == null) {
                // redirect to auth flow
                httpResponse.sendRedirect(WebUtil.buildUrl(httpRequest, "/oauth2callbackdwolla"));
                return;
            }

            // check dwolla is authenticated

            LOG.info("Checking to see if authorized by venmo");
            if (userid == null || oAuth2Utilgoogle.getCredentialFromStore(userid + "venmo") == null
                    || oAuth2Utilgoogle.getCredentialFromStore(userid + "venmo").getAccessToken() == null) {
                // redirect to auth flow
                httpResponse.sendRedirect(WebUtil.buildUrl(httpRequest, "/oauth2callbackvenmo"));
                return;
            }

            // Things checked out OK :)
            LOG.info("User logged in, skipping filter");
            filterChain.doFilter(request, response);
        } else {
            LOG.warning("Unexpected non HTTP servlet response. Proceeding anyway.");
            filterChain.doFilter(request, response);
        }
    }

    @Override
    public void init(FilterConfig filterConfig) throws ServletException {
        ObjectifyService.register(User.class);
    }

    @Override
    public void destroy() {
    }
}