fc.web.servlet

Class AuthFilter

java.lang.Object

fc.web.servlet.AuthFilter

All Implemented Interfaces:

javax.servlet.Filter

Direct Known Subclasses:

JDBCAuthFilter

public abstract class AuthFilter
extends Object
implements javax.servlet.Filter

An abstract servlet filter that only allows authenticated access to a resource. This filter will redirect the user to the login_page if the user is not logged in. The originally requested target URL (if any) will be saved via the method. The saved URL will be complete, i.e., will start from the protocol string http.. upto and including any query string. Note: if the original URL was submitted via POST, the POST data is not saved, only the target URL is saved.

There are 2 ways that the original URL can be saved. One is to save it as a temporary cookie. This implies that the client must have cookies enabled. The other way is to tack it on to the URL as a url parameter. In either case, the original target is saved as a parameter with name=login.target and value=URLEncoder.encode(target_page)

The following keys must be specified as the init parameters.

• key name: appName, the name of the webapp (the name is an arbitrary string but must be the same as is specified in the init parameter of WebApp).
• key name: login_page, the value should be an absolute path (from the website's document root) to the login page or URL. The following key is optional:
• key name: use_cookie, the value should be "true" or "false". true means save the original target page as a cookie, false means save that page as part of the URL. Defaults to false

Note: this class cannot be directly instantiated (since it's abstract) and should not be specified as the name of some filter in the servlet container's web.xml file.

Constructor Summary

Constructors

Constructor and Description
AuthFilter()

Method Summary

Modifier and Type	Method and Description
void	destroy()
void	doFilter(javax.servlet.ServletRequest req, javax.servlet.ServletResponse res, javax.servlet.FilterChain chain)
void	init(javax.servlet.FilterConfig config)
abstract boolean	isUserLoggedIn(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse res) This method should somehow check to see if the user is logged in or not.

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

AuthFilter

public AuthFilter()

Method Detail

init

public void init(javax.servlet.FilterConfig config)
          throws javax.servlet.ServletException

Specified by:

init in interface javax.servlet.Filter

Throws:

javax.servlet.ServletException

destroy

public void destroy()

Specified by:

destroy in interface javax.servlet.Filter

doFilter

public void doFilter(javax.servlet.ServletRequest req,
                     javax.servlet.ServletResponse res,
                     javax.servlet.FilterChain chain)
              throws javax.servlet.ServletException,
                     IOException

Specified by:

doFilter in interface javax.servlet.Filter

Throws:

javax.servlet.ServletException

IOException

isUserLoggedIn

public abstract boolean isUserLoggedIn(javax.servlet.http.HttpServletRequest req,
                                       javax.servlet.http.HttpServletResponse res)
                                throws Exception

This method should somehow check to see if the user is logged in or not. Typically, this will be done via getting a session_id (either from a cookie or a URL) and using that session_id to search for a memory or database session data to see if that session still exists and has not expired.

Throws:

Exception