[jboss-cvs] jboss-seam/src/main/org/jboss/seam/security/filter ...
Shane Bryzak
Shane_Bryzak at symantec.com
Mon Jul 31 02:45:50 EDT 2006
User: sbryzak2
Date: 06/07/31 02:45:50
Modified: src/main/org/jboss/seam/security/filter
SeamSecurityFilter.java
Log:
Security stuff
Revision Changes Path
1.2 +87 -61 jboss-seam/src/main/org/jboss/seam/security/filter/SeamSecurityFilter.java
(In the diff below, changes in quantity of whitespace are not shown.)
Index: SeamSecurityFilter.java
===================================================================
RCS file: /cvsroot/jboss/jboss-seam/src/main/org/jboss/seam/security/filter/SeamSecurityFilter.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -b -r1.1 -r1.2
--- SeamSecurityFilter.java 31 Jul 2006 00:50:55 -0000 1.1
+++ SeamSecurityFilter.java 31 Jul 2006 06:45:50 -0000 1.2
@@ -16,10 +16,14 @@
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
-import org.jboss.seam.contexts.Lifecycle;
-import org.jboss.seam.security.config.SecurityConfig;
-import org.jboss.seam.security.config.SecurityConfigException;
-import org.jboss.seam.security.config.SecurityConfigFileLoader;
+import org.jboss.seam.contexts.ContextAdaptor;
+import org.jboss.seam.contexts.WebApplicationContext;
+import org.jboss.seam.contexts.WebSessionContext;
+import org.jboss.seam.security.Authentication;
+import org.jboss.seam.security.AuthenticationContext;
+import org.jboss.seam.security.AuthenticationException;
+import org.jboss.seam.security.authenticator.Authenticator;
+import org.jboss.seam.contexts.Context;
/**
* A servlet filter that performs authentication within a Seam application.
@@ -31,37 +35,38 @@
private static final Log log = LogFactory.getLog(SeamSecurityFilter.class);
private ServletContext servletContext;
- private static final String CONFIG_RESOURCE = "/WEB-INF/seam-security.xml";
+// private static final String CONFIG_RESOURCE = "/WEB-INF/seam-security.xml";
public void init(FilterConfig config)
throws ServletException
{
servletContext = config.getServletContext();
- try
- {
- Lifecycle.setServletContext(servletContext);
- Lifecycle.beginCall();
- SecurityConfig.instance().setServletContext(servletContext);
- SecurityConfig.instance().loadConfig(new SecurityConfigFileLoader(
- servletContext.getResourceAsStream(CONFIG_RESOURCE), servletContext));
- }
- catch (SecurityConfigException ex)
- {
- log.error(ex);
- throw new ServletException("Error loading security configuration", ex);
- }
- catch (Exception ex)
- {
- throw new ServletException(ex);
- }
- finally
- {
- Lifecycle.endCall();
- }
+// try
+// {
+// Lifecycle.setServletContext(servletContext);
+// Lifecycle.beginCall();
+// SecurityConfig.instance().setServletContext(servletContext);
+// SecurityConfig.instance().loadConfig(new SecurityConfigFileLoader(
+// servletContext.getResourceAsStream(CONFIG_RESOURCE), servletContext));
+// }
+// catch (SecurityConfigException ex)
+// {
+// log.error(ex);
+// throw new ServletException("Error loading security configuration", ex);
+// }
+// catch (Exception ex)
+// {
+// throw new ServletException(ex);
+// }
+// finally
+// {
+// Lifecycle.endCall();
+// }
}
- public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
+ public void doFilter(ServletRequest request, ServletResponse response,
+ FilterChain chain)
throws IOException, ServletException
{
// HttpSession session = ( (HttpServletRequest) request ).getSession(true);
@@ -69,21 +74,41 @@
HttpServletRequest hRequest = (HttpServletRequest) request;
HttpServletResponse hResponse = (HttpServletResponse) response;
+ Authentication authentication = (Authentication)new WebSessionContext(
+ ContextAdaptor.getSession(hRequest.getSession())).get(
+ "org.jboss.seam.security.Authentication");
+
+ if (authentication != null)
+ {
+ Context appContext = new WebApplicationContext(servletContext);
+
+ Authenticator authenticator = (Authenticator) appContext.get(
+ "org.jboss.seam.security.Authenticator");
+ if (authenticator == null)
+ throw new ServletException("No Authenticator configured.");
+
try
{
- if (SecurityConfig.instance().getAuthenticator().processLogin(hRequest, hResponse))
- return;
+ ((AuthenticationContext) appContext.get("org.jboss.seam.security.ApplicationContext"))
+ .setAuthentication(authenticator.authenticate(authentication));
+ }
+ catch (AuthenticationException ex)
+ {
+ throw new ServletException("Authentication Failed", ex);
+ }
+ }
+ try
+ {
chain.doFilter(request, response);
}
catch (Exception e)
{
if (e instanceof ServletException)
{
- Throwable cause = ((ServletException) e).getRootCause();
+ Throwable cause = ( (ServletException) e).getRootCause();
- // Is there a better way?
- Set<Throwable> causes = new HashSet<Throwable>();
+ Set<Throwable> causes = new HashSet<Throwable> ();
while (cause != null && !causes.contains(cause))
{
if (cause instanceof FailedLoginException)
@@ -91,7 +116,7 @@
// Redirect to login page
log.info("User not logged in... redirecting to login page.");
- SecurityConfig.instance().getAuthenticator().showLogin(hRequest, hResponse);
+// SecurityConfig.instance().getAuthenticator().showLogin(hRequest, hResponse);
break;
}
causes.add(cause);
@@ -103,5 +128,6 @@
}
}
- public void destroy() {}
+ public void destroy()
+ {}
}
More information about the jboss-cvs-commits
mailing list