import org.jasig.cas.client.authentication.AttributePrincipal; //导入方法依赖的package包/类
/**
* Authorization Filter
*
* @param servletResponse object that contains the response the servlet sends to the client
* @param servletRequest object that contains the request the client has made of the servlet.
* @param filterChain object to describe filter chain
*
* @throws IOException the IO exception
* @throws ServletException the servlet exception
*/
@Override
public final void doFilter(final ServletRequest servletRequest, final ServletResponse servletResponse, final FilterChain filterChain)
throws IOException, ServletException {
// Get Request,Response,Session
final HttpServletRequest request = (HttpServletRequest) servletRequest;
final HttpServletResponse response = (HttpServletResponse) servletResponse;
// Get LDAP attributes from request
Principal p = request.getUserPrincipal();
AttributePrincipal principal = (AttributePrincipal) p;
Map attributes = principal.getAttributes();
// boolean isDefaultActionListServicei = false;
// try {
// Load MOTU configuration
MotuConfig conf = BLLManager.getInstance().getConfigManager().getMotuConfig();
// Get the MOTU service parameter (Get default service just in case)
String service = CommonHTTPParameters.getServiceFromRequest(request);
String defService = conf.getDefaultService();
// Get the MOTU action parameter (and the default action)
String action = CommonHTTPParameters.getActionFromRequest(request);
// isDefaultActionListServicei = conf.getDefaultActionIsListServices();
// Authorization (only for service)
boolean authorized = false;
if (service != null) {
authorized = match_ldap_vs_motu(attributes, conf, service); // (1) given service check
} else {
if (action != null) {
if (action.equals(MotuRequestParametersConstant.ACTION_LIST_SERVICES) || action.equals(MotuRequestParametersConstant.ACTION_PING)
|| action.equals(MotuMonitoringParametersConstant.ACTION_DEBUG)
|| action.equals(MotuRequestParametersConstant.ACTION_REFRESH)) {
authorized = true; // (2) public services
} else {
// if (isDefaultActionListServicei)
// authorized = true;
// else
authorized = match_ldap_vs_motu(attributes, conf, defService); // (3) default service
// check
}
} else {
// if (isDefaultActionListServicei)
// authorized = true;
// else
authorized = match_ldap_vs_motu(attributes, conf, defService); // (3) default service
// check
}
}
// Not authorized (unauthorized/forbidden html page)
if (!authorized) {
response.sendError(HttpServletResponse.SC_FORBIDDEN);
return;
}
// Authorized = Everything ok
filterChain.doFilter(request, response);
}