fc.web.servlet
Class AuthFilter
java.lang.Object
fc.web.servlet.AuthFilter
- All Implemented Interfaces:
- javax.servlet.Filter
- Direct Known Subclasses:
- JDBCAuthFilter
public abstract class AuthFilter
- extends java.lang.Object
- implements javax.servlet.Filter
An abstract servlet filter that only allows authenticated access to a
resource. This filter will redirect the user to the login_page if
the user is not logged in. The originally requested target URL (if any)
will be saved via the method. The saved URL will be complete, i.e., will
start from the protocol string http.. upto and including any query
string. Note: if the original URL was submitted via POST, the POST data is
not saved, only the target URL is saved.
There are 2 ways that the original URL can be saved. One is to save it as a
temporary cookie. This implies that the client must have cookies enabled.
The other way is to tack it on to the URL as a url parameter. In either
case, the original target is saved as a parameter with
name=login.target and value=URLEncoder.encode(target_page)
The following keys must be specified as the init parameters.
- key name: appName, the name of the webapp (the name is an
arbitrary string but must be the same as is specified in the init parameter
of
WebApp
).
- key name: login_page, the value should be an absolute
path (from the website's document root) to the login page or URL.
The following key is optional:
- key name: use_cookie, the value should be "true"
or "false". true means save the original target page
as a cookie, false means save that page as part of the URL.
Defaults to false
Note: this class cannot be directly instantiated (since it's
abstract) and should not be specified as the name of some filter in the
servlet container's web.xml file.
Method Summary |
void |
destroy()
|
void |
doFilter(javax.servlet.ServletRequest req,
javax.servlet.ServletResponse res,
javax.servlet.FilterChain chain)
|
void |
init(javax.servlet.FilterConfig config)
|
abstract boolean |
isUserLoggedIn(javax.servlet.http.HttpServletRequest req,
javax.servlet.http.HttpServletResponse res)
This method should somehow check to see if the user is logged in or not. |
Methods inherited from class java.lang.Object |
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
AuthFilter
public AuthFilter()
init
public void init(javax.servlet.FilterConfig config)
throws javax.servlet.ServletException
- Specified by:
init
in interface javax.servlet.Filter
- Throws:
javax.servlet.ServletException
destroy
public void destroy()
- Specified by:
destroy
in interface javax.servlet.Filter
doFilter
public void doFilter(javax.servlet.ServletRequest req,
javax.servlet.ServletResponse res,
javax.servlet.FilterChain chain)
throws javax.servlet.ServletException,
java.io.IOException
- Specified by:
doFilter
in interface javax.servlet.Filter
- Throws:
javax.servlet.ServletException
java.io.IOException
isUserLoggedIn
public abstract boolean isUserLoggedIn(javax.servlet.http.HttpServletRequest req,
javax.servlet.http.HttpServletResponse res)
throws java.lang.Exception
- This method should somehow check to see if the user is logged in or not.
Typically, this will be done via getting a session_id (either from a cookie
or a URL) and using that session_id to search for a memory or database
session data to see if that session still exists and has not expired.
- Throws:
java.lang.Exception