Yeah... Here is my code that puts the filter on a virtual chain if it
helps....
public class AuthenticationFilter implements Filter {
private LogoutFilter logoutFilter;
private Properties properties;
private List<String> ignorePaths;
private CachedAuthenticationSecurity jbhLdapSecurity;
private List<Filter> normalFilterList = new ArrayList<Filter>();
private List<Filter> failOverFilterList = new ArrayList<Filter>();
private boolean hasInitErrors = false;
public AuthenticationFilter() {
try {
properties = SharedUtils.getSSOProperties();
if (properties == null) {
_log.error("Properties was null");
}
} catch (Exception e) {
_log.error("exception", e);
}
}
public AuthenticationFilter(Properties properties) {
this.properties = properties;
}
public void init(FilterConfig filterConfig) throws ServletException {
// This is called once at deploy time
_log.debug("AuthenticationFilter --> init the filter");
try {
jbhLdapSecurity = new CachedAuthenticationSecurity();
initFilters(SharedUtils.initDynamicFilterConfig
(filterConfig));
initFilterIgnorePaths();
hasInitErrors = false;
} catch (Exception e) {
hasInitErrors = true;
_log.error("exception", e);
}
}
private boolean isWrapRequestEnabled() {
return properties.getProperty("app.filter.wrap.request",
"false")
.equalsIgnoreCase("true");
}
private void initFilters(FilterConfig filterConfig) throws
ServletException {
// Setup Dynamic Filter List fo CAS
CASAuthenticationFilter casFilter = new CASAuthenticationFilter
();
Cas20ProxyReceivingTicketValidationFilter valFilter = new
Cas20ProxyReceivingTicketValidationFilter();
SingleSignOutFilter singleOutFilter = new SingleSignOutFilter
();
HttpServletRequestWrapperFilter wrapFilter = new
HttpServletRequestWrapperFilter();
logoutFilter = new
com.jbhunt.biz.security.sso.filters.LogoutFilter();
try {
// Init the Filters we are using the same dynamic filter
// config because they share alot of what they need
// We init wrapFilter first due we need it if the others
fail
wrapFilter.init(filterConfig);
//These will fail if the correct server settings are not
found in the filterconfig
singleOutFilter.init(filterConfig);
valFilter.init(filterConfig);
casFilter.init(filterConfig);
logoutFilter.init(filterConfig);
} finally {
normalFilterList.add(singleOutFilter);
normalFilterList.add(casFilter);
normalFilterList.add(valFilter);
if (isWrapRequestEnabled()) {
normalFilterList.add(wrapFilter);
failOverFilterList.add(wrapFilter);
}
}
}
private void initFilterIgnorePaths() {
String tmp = properties.getProperty
("app.filter.css.ignore.paths", "");
if (tmp.trim().length() != 0) {
this.ignorePaths = Arrays.asList(tmp.toLowerCase().split
(","));
} else {
this.ignorePaths = null;
}
}
public void doFilter(ServletRequest servletRequest,
ServletResponse servletResponse, FilterChain
filterChain)
throws IOException, ServletException {
_log.debug("AuthenticationFilter --> starting the filter");
HttpServletRequest request = (HttpServletRequest)
servletRequest;
String pathInfo = request.getRequestURL().toString();
_log.debug("PathInfo=" + pathInfo);
String logoutPath = properties.getProperty
("app.filter.logout.path");
String ssoPath = properties.getProperty("app.filter.sso.path");
_log.debug("SSO Path=" + ssoPath);
if (pathInfo.indexOf(logoutPath) != -1) {
logoutFilter.doFilter(servletRequest, servletResponse,
filterChain);
} else if (pathInfo.indexOf(ssoPath) != -1) {
String host = new
String(servletRequest.getServerName());
if (host.indexOf(".jbhunt.com") > -1) {
// If path is in ignore paths don't do anything
if (ignorePaths != null) {
if
(ignorePaths.contains(pathInfo.toLowerCase
())) {
filterChain.doFilter(servletRequest,
servletResponse);
return;
}
}
FilterChain fc;
if (SharedUtils.isSSOServerUp() &&
hasInitErrors ==
false) {
fc = new
VirtualFilterChain(normalFilterList,
filterChain);
} else {
fc = new VirtualFilterChain
(failOverFilterList, filterChain);
}
//Check to see if backup form data is present
if (SharedUtils.getFormUserName(servletRequest)
==
null) {
//No Backup Form So Attempt Normal
if (SharedUtils.isAuthenticated
(servletRequest)) {
//CAS Assertion is present so
user is
authenticated
fc.doFilter(servletRequest,
servletResponse);
} else if (hasInitErrors
|| !SharedUtils.isSSOServerUp()) {
//CAS Server is down or there
was a
problem with the init
if (hasInitErrors) {
_log.warn("AuthenticationFilter
--> There are Init Errors");
} else {
_log.warn("AuthenticationFilter
--> CAS is down");
}
//Send Backup Form
sendLoginPage(servletRequest,
servletResponse);
return;
} else if (SharedUtils.isSSOServerUp())
{
_log.debug("AuthenticationFilter --> go
To SSO server");
fc.doFilter(servletRequest,
servletResponse);
} else {
throw new ServletException(
"This resource
requires
Authentication");
}
} else if (!SharedUtils.isAuthenticated
(servletRequest)) {
String userid =
SharedUtils.getFormUserName
(servletRequest);
String password = SharedUtils
.getFormPassword(servletRequest);
_log.debug("j_username --> " + userid);
try {
// This allows users to login
with
email address
if (userid.indexOf("@") > -1) {
userid =
jbhLdapSecurity.getUIDfromEmail(userid);
}
if
(jbhLdapSecurity.LDAPauthenticate
(userid,
CachedAuthenticationSecurity.encrypt(password))) {
SharedUtils
.setSessionAllAuthenticatedAttributes(
servletRequest,
userid,
JBConstants.USERID_SESSION_AUTH_SRC_FAILOVER);
if(userid != null){
LtpaUtil.setCookie(userid,
request, servletResponse);
}
fc.doFilter(servletRequest,
servletResponse);
} else {
sendLoginPage(servletRequest,
servletResponse,
"Invalid login
attempt - Please make sure that CAPS lock is not turned on.");
return;
}
} catch (Exception e) {
String loginError = "";
if
(e.getMessage().contains("error code
49")) {
loginError = "Invalid
login
attempt - Please supply a valid username and password";
} else {
loginError = "Error
logging in: "
+ e.getMessage();
_log.error("exception",
e);
}
sendLoginPage(servletRequest,
servletResponse,
loginError);
return;
}
} else {
_log
.debug("AuthenticationFilter -->
already Authenticated2");
fc.doFilter(servletRequest,
servletResponse);
}
} else {
_log
.error("Someone tried to login
from a
domain other than JB Hunts (came from "
+ host + ")");
SharedUtils.sendInternalPage(servletResponse,
JBConstants.INVALID_ATTEMPT_FORM_PAGE,
"");
}
} else {
filterChain.doFilter(servletRequest, servletResponse);
}
}
protected void sendLoginPage(ServletRequest servletRequest,
ServletResponse servletResponse, String loginError)
throws IOException {
SharedUtils.sendInternalPage(servletResponse,
JBConstants.LOGIN_FORM_PAGE, loginError);
}
protected void sendLoginPage(ServletRequest servletRequest,
ServletResponse servletResponse) throws IOException {
sendLoginPage(servletRequest, servletResponse, "");
}
public void destroy() {
}
private static Log _log = LogFactory
.getLog
(com.jbhunt.biz.security.sso.filters.AuthenticationFilter.class);
private static class VirtualFilterChain implements FilterChain {
private List<Filter> additionalFilters;
private FilterChain originalFilterChain;
private int currentPosition = 0;
private VirtualFilterChain(List<Filter> additionalFilters,
FilterChain originalFilterChain) {
this.additionalFilters = additionalFilters;
this.originalFilterChain = originalFilterChain;
}
public void doFilter(ServletRequest request, ServletResponse
response)
throws IOException, ServletException {
if (currentPosition == additionalFilters.size()) {
originalFilterChain.doFilter(request, response);
} else {
currentPosition++;
Filter nextFilter = additionalFilters.get
(currentPosition - 1);
nextFilter.doFilter(request, response, this);
}
}
}
}
Chris Whittle
SWAT Team Developer
J.B. Hunt Transport Services, Inc.
Office Phone:(479) 419-3122
Ext:73122
Fax Phone:(479) 820-1769
[email protected]
(Embedded image moved to file: pic01999.gif)What's your next move?TM
Intermodal | Dedicated | Truckload | LTL | Delivery | Refrigerated |
Flatbed | Expedited
Scott Battaglia
<scott.battaglia@
gmail.com> To
[email protected]
08/08/2010 01:38 cc
AM
Subject
Re: [cas-user]
Please respond to Cas20ProxyReceivingTicketValidation
[email protected] Filter taking up 130mb
sig.org
Are you making sure the init method is called for the filter? It's what
starts the timer thread to clean out the storage.
Sent from my iPod
On Aug 7, 2010, at 22:11, [email protected] wrote:
>
> LOL there isn;t.. the only thing different is that we are putting the
> filters on a virtual filter chain (similar to a sample spring
> implementation we saw but sans the spring).. Even though it sounds like a
> wonky deal it;s really not.... It's just one filter that calls a
virtual
> filter chain that contains SSOFilter,ValidationFilter, and
> AuthenticationFilter... This gives us the ability to have one filter
that
> is added to an application....
>
> Chris Whittle
> SWAT Team Developer
> J.B. Hunt Transport Services, Inc.
> Office Phone:(479) 419-3122
> Ext:73122
> Fax Phone:(479) 820-1769
> [email protected]
> (Embedded image moved to file: pic30191.gif)What's your next move?TM
> Intermodal | Dedicated | Truckload | LTL | Delivery | Refrigerated |
> Flatbed | Expedited
>
>
>
> Scott Battaglia
> <scott.battaglia@
> gmail.com> To
> [email protected]
> 08/07/2010 07:39 cc
> PM
> Subject
> Re: [cas-user]
> Please respond to Cas20ProxyReceivingTicketValidation
> [email protected] Filter taking up 130mb
> sig.org
>
>
>
>
>
>
>
>
>
> That'd be a heck of a lot of PGT/PGTIOU mappings...
>
>
> On Sat, Aug 7, 2010 at 3:14 PM, <[email protected]> wrote:
>
> I'm working on implementing CAS client and during our testing we are
> seeing the
>
org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter
> is holding on to 130MB of memory.... Any ideas? is this normal?
>
> --
> You are currently subscribed to [email protected] as:
> [email protected]
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
>
> --
> You are currently subscribed to [email protected] as:
> [email protected]
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
> --
> You are currently subscribed to [email protected] as:
[email protected]
> To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
> <pic30191.gif>
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user<<attachment: pic01999.gif>>
