1 /** 2 * This file Copyright (c) 2003-2010 Magnolia International 3 * Ltd. (http://www.magnolia-cms.com). All rights reserved. 4 * 5 * 6 * This file is dual-licensed under both the Magnolia 7 * Network Agreement and the GNU General Public License. 8 * You may elect to use one or the other of these licenses. 9 * 10 * This file is distributed in the hope that it will be 11 * useful, but AS-IS and WITHOUT ANY WARRANTY; without even the 12 * implied warranty of MERCHANTABILITY or FITNESS FOR A 13 * PARTICULAR PURPOSE, TITLE, or NONINFRINGEMENT. 14 * Redistribution, except as permitted by whichever of the GPL 15 * or MNA you select, is prohibited. 16 * 17 * 1. For the GPL license (GPL), you can redistribute and/or 18 * modify this file under the terms of the GNU General 19 * Public License, Version 3, as published by the Free Software 20 * Foundation. You should have received a copy of the GNU 21 * General Public License, Version 3 along with this program; 22 * if not, write to the Free Software Foundation, Inc., 51 23 * Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 24 * 25 * 2. For the Magnolia Network Agreement (MNA), this file 26 * and the accompanying materials are made available under the 27 * terms of the MNA which accompanies this distribution, and 28 * is available at http://www.magnolia-cms.com/mna.html 29 * 30 * Any modifications to this file must keep this entire header 31 * intact. 32 * 33 */ 34 package info.magnolia.cms.security; 35 36 import info.magnolia.cms.filters.AbstractMgnlFilter; 37 import info.magnolia.cms.security.auth.callback.HttpClientCallback; 38 39 import javax.servlet.FilterChain; 40 import javax.servlet.ServletException; 41 import javax.servlet.http.HttpServletRequest; 42 import javax.servlet.http.HttpServletResponse; 43 import java.io.IOException; 44 45 /** 46 * Provides basic infrastructure to authenticate request using form or basic realm 47 * 48 * @author Sameer Charles 49 * $Id: BaseSecurityFilter.java 32667 2010-03-13 00:37:06Z gjoseph $ 50 */ 51 public abstract class BaseSecurityFilter extends AbstractMgnlFilter { 52 53 private HttpClientCallback clientCallback; 54 55 /** 56 * Continue with the magnolia defined filter chain if isAllowed returns true 57 * else send an authentication request to the client as configured 58 */ 59 public void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException { 60 if (isAllowed(request, response)) { 61 chain.doFilter(request, response); 62 } else { 63 doAuthenticate(request, response); 64 } 65 } 66 67 protected abstract boolean isAllowed(HttpServletRequest request, HttpServletResponse response) throws IOException; 68 69 /** 70 * In most cases this will provide a standard login mechanism, override this to support 71 * other login strategies 72 */ 73 protected void doAuthenticate(HttpServletRequest request, HttpServletResponse response) { 74 /* 75 HttpSession httpsession = request.getSession(false); 76 if (httpsession != null) { 77 httpsession.invalidate(); 78 } 79 */ 80 getClientCallback().handle(request, response); 81 } 82 83 public HttpClientCallback getClientCallback() { 84 return clientCallback; 85 } 86 87 public void setClientCallback(HttpClientCallback clientCallback) { 88 this.clientCallback = clientCallback; 89 } 90 91 }