Author: ssenrogn
Date: 2007-08-21 15:54:03 +0200 (Tue, 21 Aug 2007)
New Revision: 5651
Modified:
branches/2.15-personalization/war/src/main/java/no/sesat/search/http/filters/UserFilter.java
Log:
Updated filter to work with the new login regime.
Modified:
branches/2.15-personalization/war/src/main/java/no/sesat/search/http/filters/UserFilter.java
===================================================================
---
branches/2.15-personalization/war/src/main/java/no/sesat/search/http/filters/UserFilter.java
2007-08-21 13:39:00 UTC (rev 5650)
+++
branches/2.15-personalization/war/src/main/java/no/sesat/search/http/filters/UserFilter.java
2007-08-21 13:54:03 UTC (rev 5651)
@@ -1,17 +1,18 @@
/* Copyright (2007) Schibsted Søk AS
* This file is part of SESAT.
* You can use, redistribute, and/or modify it, under the terms of the SESAT
License.
- * You should have received a copy of the SESAT License along with this
program.
+ * You should have received a copy of the SESAT License along with this
program.
* If not, see https://dev.sesat.no/confluence/display/SESAT/SESAT+License
* UserFilter.java
*
* Created on 9 March 2007, 15:25
*/
-
package no.sesat.search.http.filters;
import java.io.IOException;
+import java.util.Date;
import java.util.Properties;
+
import javax.naming.InitialContext;
import javax.naming.NamingException;
import javax.servlet.Filter;
@@ -20,20 +21,24 @@
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
-import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
+
+import no.schibstedsok.searchportal.user.BasicUser;
+import no.schibstedsok.searchportal.user.exception.InvalidTokenException;
+import no.schibstedsok.searchportal.user.service.BasicUserService;
+import no.schibstedsok.searchportal.user.service.UserCookieUtil;
import no.sesat.search.datamodel.DataModel;
import no.sesat.search.site.config.SiteConfiguration;
-import no.schibstedsok.searchportal.user.UserCookie;
-import no.schibstedsok.searchportal.user.service.UserService;
+
import org.apache.log4j.Logger;
-/** Responsible for Persistent User Login.
- * Or "Remember Me" functionality.
- * Based off
http://fishbowl.pastiche.org/2004/01/19/persistent_login_cookie_best_practice
+/**
+ * Responsible for Persistent User Login. Or "Remember Me" functionality.
Based off
+ *
http://fishbowl.pastiche.org/2004/01/19/persistent_login_cookie_best_practice
*
+ * @author <a href="mailto:[EMAIL PROTECTED]">Endre Midtgård Meckelborg</a>
* @author <a href="mailto:[EMAIL PROTECTED]">Mck</a>
* @version <tt>$Id$</tt>
*/
@@ -43,65 +48,49 @@
private static final Logger LOG = Logger.getLogger(UserFilter.class);
- private static final String USER_COOKIE_KEY ="SesamUser";
- private static final String USER_COOKIE_PATH = "/";
-
// Attributes ----------------------------------------------------
// Static --------------------------------------------------------
-
// Constructors --------------------------------------------------
- /**
- *
- */
+ /** Default constructor. */
public UserFilter() {
+ super();
}
-
// Public --------------------------------------------------------
/**
+ * The filter action method.
*
* @param request The servlet request we are processing
- * @param response
+ * @param response The servlet response for the request
* @param chain The filter chain we are processing
- *
- * @exception IOException if an input/output error occurs
- * @exception ServletException if a servlet error occurs
+ * @exception IOException Thrown if an input/output error occurs
+ * @exception ServletException Thrown if a servlet error occurs
*/
- public void doFilter(
- final ServletRequest request,
- final ServletResponse response,
- final FilterChain chain)
- throws IOException, ServletException {
+ public void doFilter(final ServletRequest request, final ServletResponse
response, final FilterChain chain)
+ throws IOException, ServletException {
+ if (request instanceof HttpServletRequest) {
+ initialiseUserCookie((HttpServletRequest) request,
(HttpServletResponse) response);
+ performAutomaticLogin((HttpServletRequest) request,
(HttpServletResponse) response);
- if(request instanceof HttpServletRequest){
- final HttpServletRequest httpRequest = (HttpServletRequest)request;
-
- initialiseUserCookie(httpRequest, (HttpServletResponse)response);
-
- performAutomaticLogin(httpRequest, (HttpServletResponse)response);
-
chain.doFilter(request, response);
-
- }else{
+ } else {
chain.doFilter(request, response);
}
}
/**
- * Destroy method for this filter
- *
+ * Destroy method for this filter.
*/
public void destroy() {
}
/**
- * Init method for this filter
- *
+ * Init method for this filter.
*/
public void init(final FilterConfig filterConfig) {
}
@@ -112,94 +101,103 @@
// Private -------------------------------------------------------
- /** Look for a User cookie.
- * Can return null. **/
- private static Cookie getUserCookie(final HttpServletRequest request){
-
- // Look in attributes (it could have already been updated this request)
- if( null != request ){
-
- // Look through cookies
- if( null != request.getCookies() ){
- for( Cookie c : request.getCookies()){
- if( c.getName().equals( USER_COOKIE_KEY ) ){
- return c;
- }
- }
- }
- }
-
- return null;
- }
-
- private static void performAutomaticLogin(
- final HttpServletRequest request,
- final HttpServletResponse response){
-
+ /**
+ * Method that populate the user datamodel if no user is set and there
exists a login cookie.
+ *
+ * @param request The servlet request we are processing
+ * @param response The servlet response for the request
+ */
+ private static void performAutomaticLogin(final HttpServletRequest
request, final HttpServletResponse response) {
final HttpSession session = request.getSession();
final DataModel datamodel = (DataModel)
session.getAttribute(DataModel.KEY);
- if(null == datamodel.getUser().getUser()){
+ final BasicUserService userService = getBasicUserService(datamodel);
- final Cookie cookie = getUserCookie(request);
- if(null != cookie && !"0".equals(cookie.getValue())){
+ if (userService == null) {
+ LOG.warn("Couldn't find the user service.");
+ return;
+ }
- // lookup the ejb3-client service
- final SiteConfiguration siteConf =
datamodel.getSite().getSiteConfiguration();
- final String url =
siteConf.getProperty("schibstedsok_remote_service_url");
- final String jndi =
siteConf.getProperty("user_service_jndi_name");
+ final String loginKey = UserCookieUtil.getUserLoginCookie(request);
+ final Date updateTimestamp =
UserCookieUtil.getUserUpdateCookie(request);
- LOG.info("Url: " + url);
- LOG.info("JNDI_NAME: " + jndi);
+ BasicUser user = datamodel.getUser().getUser();
- final Properties properties = new Properties();
- properties.put("java.naming.factory.initial",
"org.jnp.interfaces.NamingContextFactory");
- properties.put("java.naming.factory.url.pkgs",
"org.jboss.naming:org.jnp.interfaces");
- properties.put("java.naming.provider.url", url);
+ if (user == null && userService.isLegalLoginKey(loginKey)) {
+ // Login if no user and a legal login key.
+ LOG.info("Login key found, logs user in: " + loginKey);
+ user = loginUsingCookie(loginKey, response, userService);
+ datamodel.getUser().setUser(user);
+ } else if (user != null && !userService.isLegalLoginKey(loginKey)) {
+ // Check if the user should be logged out.
+ LOG.info("No legal login key found, logs the user out: " +
user.getUsername());
+ datamodel.getUser().setUser(null);
+ } else if (user != null && user.isDirty(updateTimestamp)) {
+ // Check if the user object is dirty, refresh if needed.
+ LOG.info("Logged in user dirty, refreshes: " + user.getUsername());
+ user = userService.refreshUser(user);
+ datamodel.getUser().setUser(user);
+ }
+ }
- try{
+ /**
+ * Place a cookie into the response so any subsequent requests can trust
that cookies are enabled.
+ *
+ * @param request The servlet request we are processing
+ * @param response The servlet response for the request
+ */
+ private static void initialiseUserCookie(final HttpServletRequest request,
final HttpServletResponse response) {
+ final String loginCookie = UserCookieUtil.getUserLoginCookie(request);
- final InitialContext ctx = new InitialContext(properties);
- final UserService service = (UserService) ctx.lookup(jndi);
+ if (loginCookie == null) {
+ // The user is not logged in
+ // Place the cookie, so we can test cookies are enabled
+ UserCookieUtil.setUserLoginCookieDefault(response);
+ }
+ }
- // perform the login
- final String automatedLoginKey = cookie.getValue();
+ private static BasicUser loginUsingCookie(final String loginKey, final
HttpServletResponse response,
+ final BasicUserService userService) {
+ BasicUser user;
- final UserCookie userCookie =
service.getUserByAutomaticId(automatedLoginKey);
- datamodel.getUser().setUser(userCookie.getUser());
+ try {
+ user = userService.authenticateByLoginKey(loginKey);
- // update the UserCookie ready for next automaticLogin
-
response.addCookie(createUserCookie(userCookie.getAutomaticId()));
-
- }catch(NamingException ne){
- LOG.error(ne.getMessage(), ne);
- }
+ if (user != null) {
+ // Updates the login cookie.
+ UserCookieUtil.setUserLoginCookie(response,
user.getNextLoginKey());
}
+ } catch (final InvalidTokenException e) {
+ // TODO: Give message to user?
+ LOG.warn("Invalid token in login key:" + loginKey);
+ user = null;
+ UserCookieUtil.setUserLoginCookieDefault(response);
}
+
+ return user;
}
- /** Place a cookie into the response so on any subsequent requests can
cookies are enabled.
- **/
- private static void initialiseUserCookie(
- final HttpServletRequest request,
- final HttpServletResponse response){
+ private static BasicUserService getBasicUserService(final DataModel
datamodel) {
+ // lookup the ejb3-client service
+ final SiteConfiguration siteConf =
datamodel.getSite().getSiteConfiguration();
+ final String url =
siteConf.getProperty("schibstedsok_remote_service_url");
+ final String jndi = siteConf.getProperty("user_service_jndi_name");
- final Cookie cookie = getUserCookie(request);
+ LOG.info("Url: " + url);
+ LOG.info("JNDI_NAME: " + jndi);
- if( cookie == null ){
- // The user is not logged in
- // Place the cookie, so we can test cookies are enabled
- response.addCookie(createUserCookie("0"));
+ final Properties properties = new Properties();
+ properties.put("java.naming.factory.initial",
"org.jnp.interfaces.NamingContextFactory");
+ properties.put("java.naming.factory.url.pkgs",
"org.jboss.naming:org.jnp.interfaces");
+ properties.put("java.naming.provider.url", url);
+
+ try {
+ final InitialContext ctx = new InitialContext(properties);
+ return (BasicUserService) ctx.lookup(jndi);
+ } catch (final NamingException ne) {
+ LOG.error(ne.getMessage(), ne);
+ return null;
}
}
- private static Cookie createUserCookie(final String content){
-
- final Cookie cookie = new Cookie(USER_COOKIE_KEY, content);
- cookie.setPath(USER_COOKIE_PATH);
- cookie.setMaxAge(Integer.MAX_VALUE);
-
- return cookie;
- }
-
}
_______________________________________________
Kernel-commits mailing list
[email protected]
http://sesat.no/mailman/listinfo/kernel-commits
