fc.web.servlet
Class AuthFilter

java.lang.Object
  extended by fc.web.servlet.AuthFilter
All Implemented Interfaces:
javax.servlet.Filter
Direct Known Subclasses:
JDBCAuthFilter

public abstract class AuthFilter
extends Object
implements javax.servlet.Filter

An abstract servlet filter that only allows authenticated access to a resource. This filter will redirect the user to the login_page if the user is not logged in. The originally requested target URL (if any) will be saved via the method. The saved URL will be complete, i.e., will start from the protocol string http.. upto and including any query string. Note: if the original URL was submitted via POST, the POST data is not saved, only the target URL is saved.

There are 2 ways that the original URL can be saved. One is to save it as a temporary cookie. This implies that the client must have cookies enabled. The other way is to tack it on to the URL as a url parameter. In either case, the original target is saved as a parameter with name=login.target and value=URLEncoder.encode(target_page)

The following keys must be specified as the init parameters.

Note: this class cannot be directly instantiated (since it's abstract) and should not be specified as the name of some filter in the servlet container's web.xml file.


Constructor Summary
AuthFilter()
           
 
Method Summary
 void destroy()
           
 void doFilter(javax.servlet.ServletRequest req, javax.servlet.ServletResponse res, javax.servlet.FilterChain chain)
           
 void init(javax.servlet.FilterConfig config)
           
abstract  boolean isUserLoggedIn(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse res)
          This method should somehow check to see if the user is logged in or not.
 
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

AuthFilter

public AuthFilter()
Method Detail

init

public void init(javax.servlet.FilterConfig config)
          throws javax.servlet.ServletException
Specified by:
init in interface javax.servlet.Filter
Throws:
javax.servlet.ServletException

destroy

public void destroy()
Specified by:
destroy in interface javax.servlet.Filter

doFilter

public void doFilter(javax.servlet.ServletRequest req,
                     javax.servlet.ServletResponse res,
                     javax.servlet.FilterChain chain)
              throws javax.servlet.ServletException,
                     IOException
Specified by:
doFilter in interface javax.servlet.Filter
Throws:
javax.servlet.ServletException
IOException

isUserLoggedIn

public abstract boolean isUserLoggedIn(javax.servlet.http.HttpServletRequest req,
                                       javax.servlet.http.HttpServletResponse res)
                                throws Exception
This method should somehow check to see if the user is logged in or not. Typically, this will be done via getting a session_id (either from a cookie or a URL) and using that session_id to search for a memory or database session data to see if that session still exists and has not expired.

Throws:
Exception