001    // Copyright (c) 2001 Hursh Jain (http://www.mollypages.org) 
002    // The Molly framework is freely distributable under the terms of an
003    // MIT-style license. For details, see the molly pages web site at:
004    // http://www.mollypages.org/. Use, modify, have fun !
005    
006    package fc.web.servlet;
007    
008    import java.io.*;
009    import java.net.*;
010    import java.sql.*;
011    import javax.servlet.*;
012    import javax.servlet.http.*;
013    
014    import java.util.*;
015    
016    import fc.io.*;
017    import fc.jdbc.*;
018    import fc.web.*;
019    import fc.util.*;
020    
021    /** 
022    Implements a simple jdbc based authentication filter. Uses {@link
023    JDBCSession} to check for the valid existence of the session ID. The
024    session ID itself is expected to be inside a cookie (the presence of a
025    cookie is checked by invoking {@link LoginServlet#getSIDCookie}
026    <p>
027    Uses the default database as specified in web.xml and requires
028    {@link JDBCSession} to work against that database.
029    
030    @author hursh jain
031    **/
032    public class JDBCAuthFilter extends AuthFilter 
033    {
034    private final   static boolean      dbg = false;
035    private     static ConnectionMgr  cmgr;
036    private     static JDBCSession    session;
037    
038    public void init(FilterConfig config) throws ServletException 
039      {
040      super.init(config);
041      
042      //We use the default connection manager. If need be, this can
043      //be changed so that we use the connection manager to a property
044      //file specified database instead.
045      
046      cmgr = WebApp.getInstance(appName).getConnectionMgr();
047      session = JDBCSession.getInstance();
048      }
049    
050    /**
051    Checks to see if the session id (<tt>sid</tt>) exists in the cookie and it that
052    points to a valid (non-expired) database session.
053    */
054    public boolean isUserLoggedIn(HttpServletRequest req, HttpServletResponse res)
055    throws SQLException
056      {
057      Cookie c = LoginServlet.getSIDCookie(req);
058      if (c == null) 
059        return false;
060    
061      boolean loggedin = false;
062      Connection con = null;
063    
064      try {
065        con = cmgr.getConnection();
066        loggedin = session.exists(con, c.getValue());
067        if (dbg) System.out.println("JDBCAuthFilter.isUserLoggedIn(): (2) sid points to valid session=" + loggedin);
068        }
069      finally {
070        con.close();
071        }
072      
073      return loggedin;
074      }
075          
076    } //~class JDBCAuthFilter
077