/*
- * $Header: /cvsroot/securityfilter/securityfilter/src/share/org/securityfilter/filter/SecurityFilter.java,v 1.15 2003/01/18 07:18:08 dayash Exp $
- * $Revision: 1.15 $
- * $Date: 2003/01/18 07:18:08 $
+ * $Header: /cvsroot/securityfilter/securityfilter/src/share/org/securityfilter/filter/SecurityFilter.java,v 1.16 2003/02/08 08:52:43 maxcooper Exp $
+ * $Revision: 1.16 $
+ * $Date: 2003/02/08 08:52:43 $
*
* ====================================================================
* The SecurityFilter Software License, Version 1.1
* @author Max Cooper (max@maxcooper.com)
* @author Daya Sharma (iamdaya@yahoo.com, billydaya@sbcglobal.net)
* @author Torgeir Veimo (torgeir@pobox.com)
- * @version $Revision: 1.15 $ $Date: 2003/01/18 07:18:08 $
+ * @version $Revision: 1.16 $ $Date: 2003/02/08 08:52:43 $
*/
public class SecurityFilter implements Filter {
public static final String SAVED_REQUEST_URL = SecurityFilter.class.getName() + ".SAVED_REQUEST_URL";
* @exception ServletException
*/
public void doFilter(
- ServletRequest request,
- ServletResponse response,
- FilterChain chain
- ) throws IOException, ServletException {
+ ServletRequest request,
+ ServletResponse response,
+ FilterChain chain
+ ) throws IOException, ServletException {
HttpServletRequest hReq = (HttpServletRequest) request;
HttpServletResponse hRes = (HttpServletResponse) response;
// match the login page or error page patterns -- this allows requests for the
// login page and error pages to be viewed even when their URLs would otherwise
// be subject to a security constraint
- if (!patternMatcher.match(requestURL, loginPagePattern)
- && !patternMatcher.match(requestURL, loginPagePattern)) {
+ if (
+ !patternMatcher.match(requestURL, loginPagePattern)
+ && !patternMatcher.match(requestURL, errorPagePattern)
+ ) {
// check if request matches security constraint
match = matchPattern(requestURL, wrappedRequest.getMethod(), patternMatcher);
}
WebResourceCollection resourceCollection = (WebResourceCollection) rIter.next();
for (Iterator pIter = resourceCollection.getURLPatterns().iterator(); pIter.hasNext();) {
URLPattern pattern = patternFactory.createURLPattern(
- (String) pIter.next(),
- constraint,
- resourceCollection,
- order++
+ (String) pIter.next(),
+ constraint,
+ resourceCollection,
+ order++
);
patternList.add(pattern);
}
* @exception ServletException
*/
protected void showLogin(
- HttpServletRequest request,
- HttpServletResponse response
- ) throws IOException, ServletException {
+ HttpServletRequest request,
+ HttpServletResponse response
+ ) throws IOException, ServletException {
// save this request
saveRequestInformation(request);
// redirect to login page
* @exception ServletException
*/
protected void processLogin(
- SecurityRequestWrapper request,
- HttpServletResponse response
- ) throws IOException, ServletException {
+ SecurityRequestWrapper request,
+ HttpServletResponse response
+ ) throws IOException, ServletException {
String username = request.getParameter(FORM_USERNAME);
String password = request.getParameter(FORM_PASSWORD);
if (basic && username == null && password == null) {
// this is done to support app servers like orion 1.5.2
// which have not implemented the servlet 2.3 specification but have implemented the final draft of 2.3 spec.
if (protocol.equals("HTTP/1.1")) { // todo: provide support for ftp, webdav protocol among others.
- protocol = "http://";
- if (request.isSecure())
+ if (request.isSecure()) {
protocol = "https://";
+ } else {
+ protocol = "http://";
+ }
}
url = protocol + request.getServerName() + ":" + request.getServerPort() + request.getRequestURI();
}
}
private String parseUsername(String authorization) {
-
String unencoded = getdecodedString(authorization);
- if (unencoded == null) return null;
- int colon = unencoded.indexOf(':');
- if (colon < 0) return (null);
- return unencoded.substring(0, colon).trim();
+ if (unencoded == null) {
+ return null;
+ } else {
+ int colon = unencoded.indexOf(':');
+ if (colon < 0) {
+ return null;
+ } else {
+ return unencoded.substring(0, colon).trim();
+ }
+ }
}
private String getdecodedString(String authorization) {
- if (authorization == null)
- return (null);
- if (!authorization.toLowerCase().startsWith("basic "))
- return (null);
- authorization = authorization.substring(6).trim();
- // Decode and parse the authorization credentials
- return new String(base64Helper.decode(authorization.getBytes()));
+ if (authorization == null || !authorization.toLowerCase().startsWith("basic ")) {
+ return null;
+ } else {
+ authorization = authorization.substring(6).trim();
+ // Decode and parse the authorization credentials
+ return new String(base64Helper.decode(authorization.getBytes()));
+ }
}
private String parsePassword(String authorization) {
String unencoded = getdecodedString(authorization);
- if (unencoded == null) return null;
- int colon = unencoded.indexOf(':');
- if (colon < 0) return (null);
- return unencoded.substring(colon + 1).trim();
+ if (unencoded == null) {
+ return null;
+ } else {
+ int colon = unencoded.indexOf(':');
+ if (colon < 0) {
+ return (null);
+ } else {
+ return unencoded.substring(colon + 1).trim();
+ }
+ }
}
}
projects / securityfilter.git / commitdiff