fixed "I might not be the only filter" issue

fixed error page display on WebLogic

diff --git a/src/share/org/securityfilter/filter/SecurityFilter.java b/src/share/org/securityfilter/filter/SecurityFilter.java
index 2817f6f..32b491b 100644 (file)
--- a/src/share/org/securityfilter/filter/SecurityFilter.java
+++ b/src/share/org/securityfilter/filter/SecurityFilter.java
@@ -1,7 +1,7 @@
 /*
- * $Header: /cvsroot/securityfilter/securityfilter/src/share/org/securityfilter/filter/SecurityFilter.java,v 1.5 2002/08/14 13:13:23 maxcooper Exp $
- * $Revision: 1.5 $
- * $Date: 2002/08/14 13:13:23 $
+ * $Header: /cvsroot/securityfilter/securityfilter/src/share/org/securityfilter/filter/SecurityFilter.java,v 1.6 2002/08/15 09:17:59 maxcooper Exp $
+ * $Revision: 1.6 $
+ * $Date: 2002/08/15 09:17:59 $
  *
  * ====================================================================
  * The SecurityFilter Software License, Version 1.1
@@ -78,11 +78,12 @@ import java.util.*;
  *
  * @author Max Cooper (max@maxcooper.com)
  * @author Torgeir Veimo (torgeir@pobox.com)
- * @version $Revision: 1.5 $ $Date: 2002/08/14 13:13:23 $
+ * @version $Revision: 1.6 $ $Date: 2002/08/15 09:17:59 $
  */
 public class SecurityFilter implements Filter {
    public static final String SAVED_REQUEST_URL = SecurityFilter.class.getName() + ".SAVED_REQUEST_URL";
    public static final String SAVED_REQUEST = SecurityFilter.class.getName() + ".SAVED_REQUEST";
+   public static final String ALREADY_PROCESSED = SecurityFilter.class.getName() + ".ALREADY_PROCESSED";
 
    public static final String CONFIG_FILE_KEY = "config";
    public static final String DEFAULT_CONFIG_FILE = "/WEB-INF/securityfilter-config.xml";
@@ -121,12 +122,11 @@ public class SecurityFilter implements Filter {
       HttpServletResponse hRes = (HttpServletResponse) response;
       SecurityRequestWrapper wrappedRequest;
 
-      //System.out.println("\n--- request URL = " + hReq.getRequestURL().toString());
+      // if the request has already been processed by the filter, pass it through unchecked
+      if (request.getAttribute(ALREADY_PROCESSED) == null) {
+         // set an attribute on this request to indicate that it has already been processed
+         request.setAttribute(ALREADY_PROCESSED, "true");
 
-      // if the request has already been wrapped by the filter, pass it through unchecked
-      if (request instanceof SecurityRequestWrapper) {
-         wrappedRequest = (SecurityRequestWrapper) request;
-      } else {
          // get the part of the URL to check for matches
          String requestURL = getMatchableURL(hReq);
 
@@ -138,7 +138,7 @@ public class SecurityFilter implements Filter {
 
          // check if this is a login form submittal
          if (loginSubmitRE.match(requestURL)) {
-            processLogin(wrappedRequest, hRes);
+            processLogin((SecurityRequestWrapper)wrappedRequest, hRes);
             return;
          }
 
@@ -177,10 +177,12 @@ public class SecurityFilter implements Filter {
                }
             }
          }
+         // send wrapped request down the chain
+         request = wrappedRequest;
       }
 
       // pass the request down the filter chain
-      chain.doFilter(wrappedRequest, hRes);
+      chain.doFilter(request, response);
    }
 
    /**
@@ -231,11 +233,6 @@ public class SecurityFilter implements Filter {
             }
          }
          Collections.sort(patternList);
-         //System.out.println("Sorted pattern list:");
-         //for (Iterator i = patternList.iterator(); i.hasNext(); ) {
-         //   MatchableURLPattern pattern = (MatchableURLPattern) i.next();
-         //   System.out.println(pattern.getPattern());
-         //}
 
       } catch (RESyntaxException rese) {
          System.err.println("invalid regular expression pattern: " + rese);
@@ -299,7 +296,6 @@ public class SecurityFilter implements Filter {
       HttpServletRequest request,
       HttpServletResponse response
    ) throws IOException, ServletException {
-      //System.out.println("showLogin() called...");
       // save this request
       saveRequestInformation(request);
       // redirect to login page
@@ -318,7 +314,6 @@ public class SecurityFilter implements Filter {
       SecurityRequestWrapper request,
       HttpServletResponse response
    ) throws IOException, ServletException {
-      //System.out.println("processLogin() called...");
       String username = request.getParameter(FORM_USERNAME);
       String password = request.getParameter(FORM_PASSWORD);
       Principal principal = realm.authenticate(username, password);
@@ -342,7 +337,6 @@ public class SecurityFilter implements Filter {
     * @param request the current request
     */
    protected String getContinueToURL(HttpServletRequest request) {
-      //System.out.println("getContinueToURL() called...");
       HttpSession session = request.getSession();
       String savedURL = (String) session.getAttribute(SAVED_REQUEST_URL);
       if (savedURL != null) {
@@ -358,7 +352,6 @@ public class SecurityFilter implements Filter {
     * @param request the current request
     */
    protected void saveRequestInformation(HttpServletRequest request) {
-      //System.out.println("saveRequestInformation() called...");
       HttpSession session = request.getSession();
       session.setAttribute(SecurityFilter.SAVED_REQUEST_URL, getSaveableURL(request));
       session.setAttribute(SecurityFilter.SAVED_REQUEST, new SavedRequest(request));
@@ -372,7 +365,6 @@ public class SecurityFilter implements Filter {
     * SavedRequest object is returned.
     */
    protected SavedRequest getSavedRequest(HttpServletRequest request) {
-      //System.out.println("getSavedRequest() called...");
       HttpSession session = request.getSession();
       String savedURL = (String) session.getAttribute(SecurityFilter.SAVED_REQUEST_URL);
       if (savedURL != null && savedURL.equals(getSaveableURL(request))) {
@@ -398,12 +390,10 @@ public class SecurityFilter implements Filter {
    private String getMatchableURL(HttpServletRequest request) {
       // extract the request URL portion that needs to be checked
       String matchableURL = request.getRequestURI();
-      //System.out.println("RequestURI = " + matchableURL);
       // remove the contextPath
       matchableURL = matchableURL.substring(request.getContextPath().length());
       // use PathInfo if this request didn't match a servlet name
       String pathInfo = request.getPathInfo();
-      //System.out.println("PathInfo = " + pathInfo);
       if ("/".equals(matchableURL) && pathInfo != null) {
          matchableURL = pathInfo;
       }