154 lines
4.8 KiB
HTML
154 lines
4.8 KiB
HTML
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
|
<html>
|
|
<head>
|
|
<META http-equiv="Content-Type" content="text/html; charset=utf-8">
|
|
<LINK rel="stylesheet" type="text/css" href="../../../rzahg/ic.css">
|
|
|
|
<title>Example: Servlet filters</title>
|
|
</head>
|
|
|
|
<BODY>
|
|
<!-- Java sync-link -->
|
|
<SCRIPT LANGUAGE="Javascript" SRC="../../../rzahg/synch.js" TYPE="text/javascript"></SCRIPT>
|
|
|
|
<h4><a name="secdfrmx"></a>Example: Servlet filters</h4>
|
|
|
|
<p>This example illustrates one usage of the servlet filters to perform pre-login and post-login processing during form login. See the <a href="codex.htm">Code example disclaimer</a> for legal information about this code example.</p>
|
|
|
|
<pre>// Servlet Filter source code: LoginFilter.java
|
|
/**
|
|
* A Servlet filter example: This example filters j_security_check and
|
|
* performs pre-login action to determine if the user trying to log in
|
|
* is in the revoked list. If the user is in revoked list, an error is
|
|
* sent back to the browser.
|
|
*
|
|
* This filter reads the revoked list file name from the FilterConfig
|
|
* passed in the init() method. Reads the revoked user list file and
|
|
* creates a revokedUsers list.
|
|
*
|
|
* When doFilter method is called, the user being logged in is checked
|
|
* to make sure that the user is not in the revoked User list.
|
|
*
|
|
*/
|
|
|
|
import javax.servlet.*;
|
|
import javax.servlet.http.*;
|
|
import java.io.*;
|
|
|
|
public class LoginFilter implements Filter {
|
|
|
|
protected FilterConfig filterConfig;
|
|
java.util.List revokeList;
|
|
|
|
|
|
/**
|
|
* init() : init() method called when the filter is instantiated. This
|
|
* filter is instantiated first time j_security_check is invoked for the
|
|
* application (when a protected servlet in the application is accessed).
|
|
*/
|
|
public void init(FilterConfig filterConfig) throws ServletException {
|
|
this.filterConfig = filterConfig;
|
|
|
|
// read revoked user list
|
|
revokeList = new java.util.ArrayList();
|
|
readConfig();
|
|
}
|
|
|
|
|
|
/**
|
|
* destroy() : destroy() method called when the filter is taken out of service.
|
|
*/
|
|
public void destroy() {
|
|
this.filterConfig = null;
|
|
revokeList = null;
|
|
}
|
|
|
|
/**
|
|
* doFilter() : doFilter() method called before the servlet that this filter
|
|
* is mapped is invoked. Since this filter is mapped to j_security_check,
|
|
* this method is called before j_security_check action is posted.
|
|
*/
|
|
public void doFilter(ServletRequest request,
|
|
ServletResponse response,
|
|
FilterChain chain)
|
|
throws java.io.IOException, ServletException {
|
|
|
|
HttpServletRequest req = (HttpServletRequest)request;
|
|
HttpServletResponse res = (HttpServletResponse)response;
|
|
|
|
// pre login action
|
|
|
|
// get username
|
|
String username = req.getParameter("j_username");
|
|
|
|
// if user is in revoked list send error
|
|
if ( revokeList.contains(username) ) {
|
|
res.sendError(javax.servlet.http.HttpServletResponse.SC_UNAUTHORIZED);
|
|
return;
|
|
}
|
|
|
|
// call next filter in the chain : let j_security_check authenticate user
|
|
chain.doFilter(request, response);
|
|
|
|
// post login action
|
|
}
|
|
|
|
/**
|
|
* readConfig() : Reads revoked user list file and creates a revoked user list.
|
|
*/
|
|
private void readConfig() {
|
|
if ( filterConfig != null ) {
|
|
|
|
// get the revoked user list file and open it.
|
|
BufferedReader in;
|
|
|
|
try {
|
|
String filename = filterConfig.getInitParameter("RevokedUsers");
|
|
in = new BufferedReader( new FileReader(filename));
|
|
}
|
|
catch (FileNotFoundException fnfe) {
|
|
return;
|
|
}
|
|
|
|
// read all the revoked users and add to revokeList.
|
|
String userName;
|
|
try {
|
|
while ( (userName = in.readLine()) != null ) {
|
|
revokeList.add(userName);
|
|
}
|
|
}
|
|
catch (IOException ioe) {
|
|
}
|
|
}
|
|
}
|
|
}</pre>
|
|
|
|
<p>This example shows a portion of the application deployment descriptor (web.xml) that lists the LoginFilter configuration and mapping to j_security_check:</p>
|
|
|
|
<pre> <filter id="Filter_1">
|
|
<filter-name>LoginFilter</filter-name>
|
|
<filter-class>LoginFilter</filter-class>
|
|
<description>Performs pre-login and post-login operation</description>
|
|
<init-param>
|
|
<param-name>RevokedUsers</param-name>
|
|
<param-value>
|
|
/QIBM/UserData/WebASE/ASE5/<em>instance</em>/installedApps/<em>application</em>/revokedUsers.lst
|
|
</param-value>
|
|
</init-param>
|
|
</filter-id>
|
|
<filter-mapping>
|
|
<filter-name>LoginFilter</filter-name>
|
|
<url-pattern>/j_security_check</url-pattern>
|
|
</filter-mapping></pre>
|
|
|
|
<p>Here is an example of the revoked user list file:</p>
|
|
|
|
<pre> user1
|
|
cn=user1,o=ibm,c=us
|
|
user99
|
|
cn=user99,o=ibm,c=us</pre>
|
|
|
|
</body>
|
|
</html>
|
|
|