001: /**
002: * Licensed under the GNU LESSER GENERAL PUBLIC LICENSE, version 2.1, dated February 1999.
003: *
004: * This program is free software; you can redistribute it and/or modify
005: * it under the terms of the latest version of the GNU Lesser General
006: * Public License as published by the Free Software Foundation;
007: *
008: * This program is distributed in the hope that it will be useful,
009: * but WITHOUT ANY WARRANTY; without even the implied warranty of
010: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
011: * GNU Lesser General Public License for more details.
012: *
013: * You should have received a copy of the GNU Lesser General Public License
014: * along with this program (LICENSE.txt); if not, write to the Free Software
015: * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
016: */package org.jamwiki.authentication;
017:
018: import java.io.IOException;
019: import java.net.URLEncoder;
020: import javax.servlet.http.HttpServletRequest;
021: import javax.servlet.http.HttpServletResponse;
022: import org.acegisecurity.ui.webapp.AuthenticationProcessingFilter;
023: import org.apache.commons.lang.StringUtils;
024: import org.jamwiki.Environment;
025: import org.jamwiki.WikiBase;
026: import org.jamwiki.model.VirtualWiki;
027: import org.jamwiki.utils.WikiLogger;
028: import org.jamwiki.utils.WikiUtil;
029:
030: /**
031: * This class is a hack implemented to work around the fact that the default
032: * Acegi classes can only redirect to a single, hard-coded URL. Due to the
033: * fact that JAMWiki may have multiple virtual wikis this class overrides some
034: * of the default Acegi behavior to allow additional flexibility. Hopefully
035: * future versions of Acegi will add additional flexibility and this class
036: * can be removed.
037: */
038: public class JAMWikiAuthenticationProcessingFilter extends
039: AuthenticationProcessingFilter {
040:
041: /** Standard logger. */
042: private static final WikiLogger logger = WikiLogger
043: .getLogger(JAMWikiAuthenticationProcessingFilter.class
044: .getName());
045:
046: /**
047: * Indicates whether this filter should attempt to process a login request
048: * for the current invocation.
049: *
050: * It strips any parameters from the "path" section of the request URL
051: * (such as the jsessionid parameter in
052: * http://host/myapp/index.html;jsessionid=blah) before matching against
053: * the filterProcessesUrl property.
054: *
055: * FIXME - This method is needed due to the fact that different virtual
056: * wikis may be used.
057: */
058: protected boolean requiresAuthentication(
059: HttpServletRequest request, HttpServletResponse response) {
060: String uri = request.getRequestURI();
061: // FIXME - move the "strip after semicolon" code to WikiUtil
062: int pathParamIndex = uri.indexOf(';');
063: if (pathParamIndex > 0) {
064: // strip everything after the first semi-colon
065: uri = uri.substring(0, pathParamIndex);
066: }
067: String virtualWiki = WikiUtil.getVirtualWikiFromURI(request);
068: return uri.endsWith(request.getContextPath() + "/"
069: + virtualWiki + this .getFilterProcessesUrl());
070: }
071:
072: /**
073: * Allow subclasses to modify the redirection message.
074: *
075: * @param request the request
076: * @param response the response
077: * @param url the URL to redirect to
078: * @throws IOException in the event of any failure
079: */
080: protected void sendRedirect(HttpServletRequest request,
081: HttpServletResponse response, String url)
082: throws IOException {
083: // FIXME - this method is a mess. clean it up.
084: if (!url.equals(this .getAuthenticationFailureUrl())
085: && !url.equals("/DEFAULT_VIRTUAL_WIKI")) {
086: // if Acegi has saved a redirect URL then use that
087: super .sendRedirect(request, response, url);
088: return;
089: }
090: String target = request.getParameter("target");
091: String targetUrl = url;
092: if (url.equals("/DEFAULT_VIRTUAL_WIKI")) {
093: // ugly, but a hard-coded constant seems to be the only way to
094: // allow a dynamic url value
095: String virtualWikiName = WikiUtil
096: .getVirtualWikiFromURI(request);
097: if (StringUtils.isBlank(virtualWikiName)) {
098: virtualWikiName = WikiBase.DEFAULT_VWIKI;
099: }
100: if (StringUtils.isBlank(target)) {
101: target = Environment
102: .getValue(Environment.PROP_BASE_DEFAULT_TOPIC);
103: try {
104: VirtualWiki virtualWiki = WikiBase.getDataHandler()
105: .lookupVirtualWiki(virtualWikiName);
106: target = virtualWiki.getDefaultTopicName();
107: } catch (Exception e) {
108: logger
109: .warning(
110: "Unable to retrieve default topic for virtual wiki",
111: e);
112: }
113: }
114: targetUrl = request.getContextPath() + "/"
115: + virtualWikiName + "/" + target;
116: } else if (!url.startsWith("http://")
117: && !url.startsWith("https://")) {
118: String virtualWiki = WikiUtil
119: .getVirtualWikiFromURI(request);
120: targetUrl = request.getContextPath() + "/" + virtualWiki
121: + url;
122: if (!StringUtils.isBlank(target)) {
123: targetUrl += (url.indexOf('?') == -1) ? "?" : "&";
124: targetUrl += "target="
125: + URLEncoder.encode(target, "UTF-8");
126: }
127: }
128: response.sendRedirect(response.encodeRedirectURL(targetUrl));
129: }
130: }
|