org.talika.tarsis.filters.security
Class SecurityFilter

java.lang.Object
  org.talika.tarsis.filters.AbstractFilter
      org.talika.tarsis.filters.CommandFilter
          org.talika.tarsis.filters.security.SecurityFilter

All Implemented Interfaces:

javax.servlet.Filter

public final class SecurityFilter
extends CommandFilter

Checks if client has authorization to access requested command.

Version:

$Revision: 269 $

Author:

Jose M. Palomar

Constructor Summary

SecurityFilter()

Method Summary

protected void	checkSession(javax.servlet.ServletRequest request) Checks if client's request has a valid security session.
void	doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain filterChain) Checks if client has authorization to access requested command.
protected User	getUser(javax.servlet.ServletRequest request) Retrieves user from client's request.
void	init(javax.servlet.FilterConfig filterConfig) Called by the web container to indicate to a filter that it is being placed into service.

Methods inherited from class org.talika.tarsis.filters.CommandFilter

destroy, findCommand, getCommandFactory

Methods inherited from class org.talika.tarsis.filters.AbstractFilter

getContext, getFilterConfig, getLogger

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

SecurityFilter

public SecurityFilter()

Method Detail

init

public void init(javax.servlet.FilterConfig filterConfig)
          throws javax.servlet.ServletException

Called by the web container to indicate to a filter that it is being placed into service.

Initialization consits in calling super int method and storing in a local variable authorizator instance for further use.

Specified by:

init in interface javax.servlet.Filter

Overrides:

init in class CommandFilter

Parameters:

filterConfig - FilterConfig filter configutarion.

Throws:

javax.servlet.ServletException - if an exception has occurred that interferes with the filter's normal operation

See Also:

Filter.init(FilterConfig)

doFilter

public void doFilter(javax.servlet.ServletRequest request,
                     javax.servlet.ServletResponse response,
                     javax.servlet.FilterChain filterChain)
              throws java.io.IOException,
                     javax.servlet.ServletException

Checks if client has authorization to access requested command.

Specified by:

doFilter in interface javax.servlet.Filter

Specified by:

doFilter in class AbstractFilter

Parameters:

request - ServletRequest the ServletRequest object that contains the client's request.

response - ServletResponse the ServletResponse object that contains the servlet's response.

filterChain - FilterChain invocation chain of filtered request.

Throws:

java.io.IOException - if an input or output exception occurs

javax.servlet.ServletException - if an exception has occurred that interferes with the filter's normal operation

See Also:

Filter.doFilter(ServletRequest, ServletResponse, FilterChain)

checkSession

protected void checkSession(javax.servlet.ServletRequest request)
                     throws AuthenticationRequiredException

Checks if client's request has a valid security session.

Parameters:

request - ServletRequest the ServletRequest object that contains the client's request.

Throws:

AuthenticationRequiredException - if session is invalid or not exists.

getUser

protected User getUser(javax.servlet.ServletRequest request)

Retrieves user from client's request.

Parameters:

request - ServletRequest the ServletRequest object that contains the client's request.

Returns:

User user.