001: /**
002: * Licensed under the GNU LESSER GENERAL PUBLIC LICENSE, version 2.1, dated February 1999.
003: *
004: * This program is free software; you can redistribute it and/or modify
005: * it under the terms of the latest version of the GNU Lesser General
006: * Public License as published by the Free Software Foundation;
007: *
008: * This program is distributed in the hope that it will be useful,
009: * but WITHOUT ANY WARRANTY; without even the implied warranty of
010: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
011: * GNU Lesser General Public License for more details.
012: *
013: * You should have received a copy of the GNU Lesser General Public License
014: * along with this program (LICENSE.txt); if not, write to the Free Software
015: * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
016: */package org.jamwiki.authentication;
017:
018: import java.io.IOException;
019: import javax.servlet.Filter;
020: import javax.servlet.FilterChain;
021: import javax.servlet.FilterConfig;
022: import javax.servlet.ServletException;
023: import javax.servlet.ServletRequest;
024: import javax.servlet.ServletResponse;
025: import javax.servlet.http.HttpServletRequest;
026: import org.acegisecurity.AccessDeniedException;
027: import org.acegisecurity.AcegiSecurityException;
028: import org.acegisecurity.AuthenticationException;
029: import org.springframework.beans.factory.InitializingBean;
030: import org.jamwiki.utils.WikiLogger;
031: import org.jamwiki.utils.WikiUtil;
032:
033: /**
034: * This class provides an additional filter that is added to the Acegi
035: * configuration for adding messages to the session about why a login is
036: * required.
037: */
038: public class JAMWikiExceptionMessageFilter implements Filter,
039: InitializingBean {
040:
041: private static final WikiLogger logger = WikiLogger
042: .getLogger(JAMWikiExceptionMessageFilter.class.getName());
043: public static final String JAMWIKI_ACCESS_DENIED_ERROR_KEY = "JAMWIKI_403_ERROR_KEY";
044: public static final String JAMWIKI_ACCESS_DENIED_URI_KEY = "JAMWIKI_403_URI_KEY";
045: public static final String JAMWIKI_AUTHENTICATION_REQUIRED_KEY = "JAMWIKI_AUTHENTICATION_REQUIRED_KEY";
046: public static final String JAMWIKI_AUTHENTICATION_REQUIRED_URI_KEY = "JAMWIKI_AUTHENTICATION_REQUIRED_URI_KEY";
047: private JAMWikiErrorMessageProvider errorMessageProvider;
048:
049: /**
050: *
051: */
052: public void afterPropertiesSet() throws Exception {
053: if (errorMessageProvider == null) {
054: throw new IllegalArgumentException(
055: "errorMessageProvider must be specified");
056: }
057: }
058:
059: /**
060: *
061: */
062: public void destroy() {
063: }
064:
065: /**
066: *
067: */
068: public void doFilter(ServletRequest request,
069: ServletResponse response, FilterChain chain)
070: throws IOException, ServletException {
071: if (!(request instanceof HttpServletRequest)) {
072: throw new ServletException("HttpServletRequest required");
073: }
074: try {
075: chain.doFilter(request, response);
076: } catch (AcegiSecurityException ex) {
077: handleException(request, ex);
078: throw ex;
079: } catch (ServletException ex) {
080: if (ex.getRootCause() instanceof AcegiSecurityException) {
081: handleException(request, (AcegiSecurityException) ex
082: .getRootCause());
083: }
084: throw ex;
085: }
086: }
087:
088: /**
089: *
090: */
091: public JAMWikiErrorMessageProvider getErrorMessageProvider() {
092: return this .errorMessageProvider;
093: }
094:
095: /**
096: *
097: */
098: private void handleException(ServletRequest servletRequest,
099: AcegiSecurityException exception) {
100: HttpServletRequest request = (HttpServletRequest) servletRequest;
101: if (exception instanceof AccessDeniedException) {
102: request.getSession().setAttribute(
103: JAMWIKI_ACCESS_DENIED_ERROR_KEY,
104: this .getErrorMessageProvider().getErrorMessageKey(
105: request));
106: request.getSession().setAttribute(
107: JAMWIKI_ACCESS_DENIED_URI_KEY,
108: WikiUtil.getTopicFromURI(request));
109: } else if (exception instanceof AuthenticationException) {
110: request.getSession().setAttribute(
111: JAMWIKI_AUTHENTICATION_REQUIRED_KEY,
112: this .getErrorMessageProvider().getErrorMessageKey(
113: request));
114: request.getSession().setAttribute(
115: JAMWIKI_AUTHENTICATION_REQUIRED_URI_KEY,
116: WikiUtil.getTopicFromURI(request));
117: }
118: }
119:
120: /**
121: *
122: */
123: public void init(FilterConfig filterConfig) throws ServletException {
124: }
125:
126: /**
127: *
128: */
129: public void setErrorMessageProvider(
130: JAMWikiErrorMessageProvider errorMessageProvider) {
131: this.errorMessageProvider = errorMessageProvider;
132: }
133: }
|