och.front.web.filter.SecurityFilter.java Source code

Java tutorial

Introduction

Here is the source code for och.front.web.filter.SecurityFilter.java

Source

/*
 * Copyright 2015 Evgeny Dolganov (evgenij.dolganov@gmail.com).
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package och.front.web.filter;

import static och.api.model.user.SecurityContext.*;
import static och.api.model.web.ReqInfo.*;
import static och.util.Util.*;
import static och.util.servlet.WebUtil.*;

import java.io.IOException;

import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import och.api.exception.ExpectedException;
import och.api.model.user.User;
import och.front.service.FrontApp;
import och.front.service.SecurityService;
import och.front.web.FrontAppProvider;
import och.util.servlet.BaseFilter;

import org.apache.commons.logging.Log;

@WebFilter(urlPatterns = { "/enter", "/enter/*", "/cabinet", "/cabinet/*", "/system-api", "/system-api/*",
        "/payment/", "/payment/*" })
public class SecurityFilter extends BaseFilter {

    Log log = getLog(getClass());

    FrontApp app;
    SecurityService security;

    @Override
    public void init(FilterConfig filterConfig) throws ServletException {

        app = FrontAppProvider.get(filterConfig.getServletContext());
        security = app.security;

    }

    @Override
    protected void doFilter(HttpServletRequest req, HttpServletResponse resp, FilterChain chain)
            throws IOException, ServletException {

        try {
            User restored = security.restoreUserSession(req, resp);
            if (restored != null) {
                set_CSRF_ProtectTokenCookieFromSession(req, resp);
            }
        } catch (Exception e) {
            ExpectedException.logError(log, e, "can't restoreUserSession");
            chain.doFilter(req, resp);
            return;
        }

        User user = security.getUserFromSession(req);

        //no user session
        if (user == null) {
            putInfoToThreadLocal(req);
            try {
                chain.doFilter(req, resp);
            } finally {
                removeInfoFromThreadLocal();
            }
            return;
        }

        //with user session
        req.setAttribute("user", user);
        pushToSecurityContext(user);
        putInfoToThreadLocal(req);
        try {
            chain.doFilter(req, resp);
        } finally {
            popUserFromSecurityContext();
            removeInfoFromThreadLocal();
        }

    }

    @Override
    public void destroy() {
    }

}