SecurityContextHolderAwareRequestFilter xref

View Javadoc

1   /* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
2    *
3    * Licensed under the Apache License, Version 2.0 (the "License");
4    * you may not use this file except in compliance with the License.
5    * You may obtain a copy of the License at
6    *
7    *     http://www.apache.org/licenses/LICENSE-2.0
8    *
9    * Unless required by applicable law or agreed to in writing, software
10   * distributed under the License is distributed on an "AS IS" BASIS,
11   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12   * See the License for the specific language governing permissions and
13   * limitations under the License.
14   */
15  
16  package org.acegisecurity.wrapper;
17  
18  import org.acegisecurity.util.PortResolver;
19  import org.acegisecurity.util.PortResolverImpl;
20  
21  import org.springframework.util.Assert;
22  import org.springframework.util.ReflectionUtils;
23  
24  import java.io.IOException;
25  
26  import java.lang.reflect.Constructor;
27  
28  import javax.servlet.Filter;
29  import javax.servlet.FilterChain;
30  import javax.servlet.FilterConfig;
31  import javax.servlet.ServletException;
32  import javax.servlet.ServletRequest;
33  import javax.servlet.ServletResponse;
34  import javax.servlet.http.HttpServletRequest;
35  
36  
37  /**
38   * A <code>Filter</code> which populates the <code>ServletRequest</code> with a new request wrapper.<p>Several
39   * request wrappers are included with the framework. The simplest version is {@link
40   * SecurityContextHolderAwareRequestWrapper}. A more complex and powerful request wrapper is {@link
41   * org.acegisecurity.wrapper.SavedRequestAwareWrapper}. The latter is also the default.</p>
42   *  <p>To modify the wrapper used, call {@link #setWrapperClass(Class)}.</p>
43   *  <p>Any request wrapper configured for instantiation by this class must provide a public constructor that
44   * accepts two arguments, being a <code>HttpServletRequest</code> and a <code>PortResolver</code>.</p>
45   *
46   * @author Orlando Garcia Carmona
47   * @author Ben Alex
48   * @version $Id: SecurityContextHolderAwareRequestFilter.java 1496 2006-05-23 13:38:33Z benalex $
49   */
50  public class SecurityContextHolderAwareRequestFilter implements Filter {
51      //~ Instance fields ================================================================================================
52  
53      private Class wrapperClass = SavedRequestAwareWrapper.class;
54      private Constructor constructor;
55      private PortResolver portResolver = new PortResolverImpl();
56  
57      //~ Methods ========================================================================================================
58  
59      public void destroy() {}
60  
61      public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain)
62          throws IOException, ServletException {
63          HttpServletRequest request = (HttpServletRequest) servletRequest;
64  
65          if (!wrapperClass.isAssignableFrom(request.getClass())) {
66              if (constructor == null) {
67                  try {
68                      constructor = wrapperClass.getConstructor(new Class[] {HttpServletRequest.class, PortResolver.class});
69                  } catch (Exception ex) {
70                      ReflectionUtils.handleReflectionException(ex);
71                  }
72              }
73  
74              try {
75                  request = (HttpServletRequest) constructor.newInstance(new Object[] {request, portResolver});
76              } catch (Exception ex) {
77                  ReflectionUtils.handleReflectionException(ex);
78              }
79          }
80  
81          filterChain.doFilter(request, servletResponse);
82      }
83  
84      public void init(FilterConfig filterConfig) throws ServletException {}
85  
86      public void setPortResolver(PortResolver portResolver) {
87          Assert.notNull(portResolver, "PortResolver required");
88          this.portResolver = portResolver;
89      }
90  
91      public void setWrapperClass(Class wrapperClass) {
92          Assert.notNull(wrapperClass, "WrapperClass required");
93          Assert.isTrue(HttpServletRequest.class.isAssignableFrom(wrapperClass), "Wrapper must be a HttpServletRequest");
94          this.wrapperClass = wrapperClass;
95      }
96  }