[jboss-cvs] jboss-seam/src/main/org/jboss/seam/security ...
Shane Bryzak
Shane_Bryzak at symantec.com
Tue Jul 25 02:50:19 EDT 2006
User: sbryzak2
Date: 06/07/25 02:50:19
Modified: src/main/org/jboss/seam/security SeamSecurityFilter.java
Log:
Some more security stuff... still work in progress
Revision Changes Path
1.2 +56 -40 jboss-seam/src/main/org/jboss/seam/security/SeamSecurityFilter.java
(In the diff below, changes in quantity of whitespace are not shown.)
Index: SeamSecurityFilter.java
===================================================================
RCS file: /cvsroot/jboss/jboss-seam/src/main/org/jboss/seam/security/SeamSecurityFilter.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -b -r1.1 -r1.2
--- SeamSecurityFilter.java 24 Jul 2006 07:13:39 -0000 1.1
+++ SeamSecurityFilter.java 25 Jul 2006 06:50:19 -0000 1.2
@@ -1,28 +1,26 @@
package org.jboss.seam.security;
+import java.io.IOException;
+import java.util.HashSet;
+import java.util.Set;
+import javax.security.auth.login.FailedLoginException;
import javax.servlet.Filter;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpSession;
-import org.jboss.seam.servlet.SeamServletFilter;
-import org.jboss.seam.core.Manager;
-import javax.servlet.ServletException;
-import org.apache.commons.logging.LogFactory;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
-import org.jboss.seam.contexts.Lifecycle;
+import javax.servlet.ServletContext;
+import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
-import org.jboss.seam.contexts.ContextAdaptor;
+import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
-import java.io.IOException;
+import javax.servlet.http.HttpServletResponse;
+
import org.apache.commons.logging.Log;
-import javax.faces.event.PhaseId;
-import javax.servlet.ServletContext;
-import java.net.URL;
-import java.net.*;
-import java.io.File;
+import org.apache.commons.logging.LogFactory;
+import org.jboss.seam.contexts.Contexts;
+import org.jboss.seam.contexts.Lifecycle;
import org.jboss.seam.security.config.SecurityConfig;
-import org.jboss.seam.security.config.DefaultSecurityConfigImpl;
import org.jboss.seam.security.config.SecurityConfigException;
+import org.jboss.seam.security.config.SecurityConfigFileLoader;
/**
* A servlet filter that performs authentication within a Seam application.
@@ -34,58 +32,76 @@
private static final Log log = LogFactory.getLog(SeamSecurityFilter.class);
private ServletContext servletContext;
- private SecurityConfig securityConfig;
-
private static final String CONFIG_RESOURCE = "/WEB-INF/seam-security.xml";
- public void init(FilterConfig config) throws ServletException {
+ public void init(FilterConfig config)
+ throws ServletException
+ {
servletContext = config.getServletContext();
try
{
- securityConfig = new DefaultSecurityConfigImpl(
- servletContext.getResourceAsStream(CONFIG_RESOURCE), servletContext);
+ Lifecycle.setServletContext(servletContext);
+ Lifecycle.beginCall();
+ SecurityConfig.instance().loadConfig(new SecurityConfigFileLoader(
+ servletContext.getResourceAsStream(CONFIG_RESOURCE), servletContext));
+ Contexts.getApplicationContext().set("org.jboss.seam.security.realm.Realm",
+ SecurityConfig.instance().getRealm());
}
catch (SecurityConfigException ex)
{
+ log.error(ex);
throw new ServletException("Error loading security configuration", ex);
}
catch (Exception ex)
{
throw new ServletException(ex);
}
+ finally
+ {
+ Lifecycle.endCall();
+ }
}
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException
{
// HttpSession session = ( (HttpServletRequest) request ).getSession(true);
-// Lifecycle.setPhaseId(PhaseId.INVOKE_APPLICATION);
-// Lifecycle.setServletRequest(request);
-// Lifecycle.beginRequest(servletContext, session, request);
-// Manager.instance().restoreConversation( request.getParameterMap() );
-// Lifecycle.resumeConversation(session);
-// Manager.instance().handleConversationPropagation( request.getParameterMap() );
+
+ HttpServletRequest hRequest = (HttpServletRequest) request;
+ HttpServletResponse hResponse = (HttpServletResponse) response;
try
{
- chain.doFilter(request, response);
+ if (SecurityConfig.instance().getAuthenticator().processLogin(hRequest, hResponse))
+ return;
- //TODO: conversation timeout
-// Manager.instance().storeConversation( ContextAdaptor.getSession(session), response );
-// Lifecycle.endRequest(session);
+ chain.doFilter(request, response);
}
catch (Exception e)
{
-// Lifecycle.endRequest();
-// log.error("ended request due to exception", e);
-// throw new ServletException(e);
- }
- finally
+ if (e instanceof ServletException)
{
-// Lifecycle.setServletRequest(null);
-// Lifecycle.setPhaseId(null);
-// log.debug("ended request");
+ Throwable cause = ((ServletException) e).getRootCause();
+
+ // Is there a better way?
+ Set<Throwable> causes = new HashSet<Throwable>();
+ while (cause != null && !causes.contains(cause))
+ {
+ if (cause instanceof FailedLoginException)
+ {
+ // Redirect to login page
+ log.info("User not logged in... redirecting to login page.");
+
+ SecurityConfig.instance().getAuthenticator().showLogin(hRequest, hResponse);
+ break;
+ }
+ causes.add(cause);
+ cause = cause.getCause();
+ }
+ }
+
+ throw new ServletException(e);
}
}
More information about the jboss-cvs-commits
mailing list