If I logon as an 'admin' user it works fine. If I login using a bad password it forwards to the notLoggedInPage. It I login as a 'user' with a correct password it forwards to the noAccessPage.
I'm not sure what's wrong here and would appreciate any help in resolving this matter,
TIA,
Jack
import java.io.IOException; import java.sql.Connection; import java.util.ArrayList;
import javax.naming.Context; import javax.naming.InitialContext; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.RequestDispatcher; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.jsp.jstl.sql.Result; import javax.sql.DataSource;
import com.nwc.SQLCommandBean;
/** * Referenced classes of package com.nwc: * sql : SQLCommandBean */
/**
* @web.filter
* name="AccessControlFilter"
* display-name="JAAS Access Control Filter"
* @web.filter-init-param
* name="no-access-page"
* value="/restaurants/noaccess.jsp"
* @web.filter-init-param
* name="no-auth-page"
* value="/restaurants/notloggedin.jsp"
* @web.filter-mapping
* url-pattern="/secure/*"
* @version 1.17 11/21/2004
*/
public class AccessControlFilter
implements Filter
{
/**
* Comment for <code>NO_ACCESS_PAGE</code>
* Value: [EMAIL PROTECTED] NO_ACCESS_PAGE}
*/
public static final String NO_ACCESS_PAGE = "no-access-page";
/**
* Comment for <code>NO_AUTH_PAGE</code>
* Value: [EMAIL PROTECTED] NO_AUTH_PAGE}
*/
public static final String NO_AUTH_PAGE = "no-auth-page";
/**
* Field config
*/
private FilterConfig fc;
/**
* Field noAccessPage
*/
private String noAccessPage;
/**
* Field notLoggedInPage
*/
private String notLoggedInPage;
/**
*
*/
public AccessControlFilter()
{
fc = null;
}
/**
* Initialize the Access Control Filter
*
* (non-Javadoc)
* @see javax.servlet.Filter#init(javax.servlet.FilterConfig)
*/
public void init(FilterConfig config)
throws ServletException
{
fc = config;
noAccessPage = fc.getInitParameter("no-access-page");
if(noAccessPage == null)
noAccessPage = "noaccess.jsp";
notLoggedInPage = fc.getInitParameter("no-auth-page");
if(notLoggedInPage == null)
notLoggedInPage = "notloggedin.jsp";
}
/**
* Destroy the Access Control Filter
*
* (non-Javadoc)
* @see javax.servlet.Filter#destroy()
*/
public void destroy()
{
fc = null;
}
/**
* Implements javx.servlet.Filter.doFilter
*
* @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain)
*/
public void doFilter(ServletRequest req,
ServletResponse resp,
FilterChain chain)
throws IOException, ServletException
{
HttpServletRequest httpReq = (HttpServletRequest)req;
HttpServletResponse httpResp = (HttpServletResponse)resp;
///// String contextPath = httpReq.getContextPath();
/////
String username = (String)httpReq.getSession().getAttribute("USER");
if(username == null)
{
httpResp.sendRedirect(notLoggedInPage);
return;
}
String role = (String)httpReq.getSession().getAttribute("ROLE");
if(role == null)
{
httpResp.sendRedirect(notLoggedInPage);
return;
}
if(role.equals("admin"))
{
chain.doFilter(req, resp);
return;
}
if(role.equals("user"))
{
if(contextPath.startsWith("/secure/updateDb/add") ||
contextPath.startsWith("/secure/updateDb/delete") ||
contextPath.startsWith("/secure/updateDb/update") ||
contextPath.startsWith("/secure/updateDb/move") ||
contextPath.equals("/secure/updateDb/sectionAdd") ||
contextPath.equals("/secure/updateDb/sectionDelete") ||
contextPath.startsWith("/secure/updateDb/sectionMove") ||
contextPath.equals("/secure/updateDb/validTimes") ||
contextPath.equals("/secure/updateDb/menuDelete") ||
contextPath.equals("/secure/updateDb/menuAdd") ||
contextPath.startsWith("/secure/updateDb/menuMove") ||
contextPath.equals("/secure/updateDb/restaurantUpdate") ||
contextPath.equals("/secure/editMenu.jsp") ||
contextPath.equals("/secure/restaurantControlPanel.jsp") ||
contextPath.equals("/secure/viewMenu.jsp") ||
contextPath.equals("/secure/updateRestaurant.jsp"))
{
Integer id = new Integer(httpReq.getParameter("restaurant"));
if(id.equals(getAuthToken(username)))
{
chain.doFilter(req, resp);
return;
}
} else
if(contextPath.equals("/secure/updateDb/changePassword"))
{
if(username.equals(httpReq.getParameter("userName")))
{
chain.doFilter(req, resp);
return;
}
} else
if(contextPath.equals("/secure/index.jsp"))
{
ServletContext servletcontext = fc.getServletContext();
RequestDispatcher requestdispatcher = servletcontext.getRequestDispatcher("/secure/restaurantControlPanel.jsp?restaurant=" + getAuthToken(username));
if(requestdispatcher == null)
httpResp.sendError(500, "Restaurant control panel doesn't exist.");
requestdispatcher.forward(req, resp);
return;
}
} else
{
httpResp.sendRedirect(notLoggedInPage);
return;
}
httpResp.sendRedirect(noAccessPage);
}
/**
* Method getAuthToken
* @param contextPath String
* @return Integer
*/
private Integer getAuthToken(String contextPath)
{
Integer id = new Integer(-1);
try
{
Context ctx = null;
DataSource ds = null;
Connection conn = null;
Result result = null;
SQLCommandBean sql = new SQLCommandBean();
try {
ctx = new InitialContext();
ds = (DataSource) ctx.lookup("java:comp/env/jdbc/RestaurantDS");
} catch (Exception e) {
System.out.println("DataSource context lookup failed: " + e);
}
try {
conn = ds.getConnection();
} catch (Exception e) {
System.out.println("DataSource getConnection failed: " + e);
e.printStackTrace();
}
try {
sql.setConnection(conn);
} catch (Exception e) {
System.out.println("DataSource setConnection failed: " + e);
}
sql.setSqlValue("SELECT RestaurantID FROM Restaurant WHERE UserID = ?");
ArrayList arraylist = new ArrayList();
arraylist.add(contextPath);
sql.setValues(arraylist);
result = sql.executeQuery();
if(result != null && result.getRowCount() > 0) {
id = (Integer)result.getRows()[0].get("RestaurantID");
}
conn.close();
}
catch(Exception e) {
System.out.println(e);
}
return id;
}
}
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
