AuthFilter (MollyPages.org Foundation API)

java.lang.Object
- fc.web.servlet.AuthFilter

All Implemented Interfaces:

javax.servlet.Filter

Direct Known Subclasses:

JDBCAuthFilter
```
public abstract class AuthFilter
extends Object
implements javax.servlet.Filter
```
An abstract servlet filter that only allows authenticated access to a resource. This filter will redirect the user to the login_page if the user is not logged in. The originally requested target URL (if any) will be saved via the method. The saved URL will be complete, i.e., will start from the protocol string http.. upto and including any query string. Note: if the original URL was submitted via POST, the POST data is not saved, only the target URL is saved.
There are 2 ways that the original URL can be saved. One is to save it as a temporary cookie. This implies that the client must have cookies enabled. The other way is to tack it on to the URL as a url parameter. In either case, the original target is saved as a parameter with name=login.target and value=URLEncoder.encode(target_page)
The following keys must be specified as the init parameters.
- key name: appName, the name of the webapp (the name is an arbitrary string but must be the same as is specified in the init parameter of WebApp).
- key name: login_page, the value should be an absolute path (from the website's document root) to the login page or URL. The following key is optional:
- key name: use_cookie, the value should be "true" or "false". true means save the original target page as a cookie, false means save that page as part of the URL. Defaults to false
Note: this class cannot be directly instantiated (since it's abstract) and should not be specified as the name of some filter in the servlet container's web.xml file.

Constructor Summary

Constructors
Constructor and Description

AuthFilter()

Constructors
Constructor and Description
`AuthFilter()`

Method Summary

All Methods Instance Methods Abstract Methods Concrete Methods
Modifier and Type	Method and Description
`void`	`destroy()`
`void`	`doFilter(javax.servlet.ServletRequest req, javax.servlet.ServletResponse res, javax.servlet.FilterChain chain)`
`void`	`init(javax.servlet.FilterConfig config)`
`abstract boolean`	`isUserLoggedIn(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse res)` This method should somehow check to see if the user is logged in or not.

Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail
- AuthFilter
```
public AuthFilter()
```

Method Detail

init

public void init(javax.servlet.FilterConfig config)
          throws javax.servlet.ServletException

Specified by:: init in interface javax.servlet.Filter
Throws:: javax.servlet.ServletException

destroy
```
public void destroy()
```
Specified by:

destroy in interface javax.servlet.Filter

doFilter

public void doFilter(javax.servlet.ServletRequest req,
                     javax.servlet.ServletResponse res,
                     javax.servlet.FilterChain chain)
              throws javax.servlet.ServletException,
                     IOException

Specified by:: doFilter in interface javax.servlet.Filter
Throws:: javax.servlet.ServletException; IOException

isUserLoggedIn
```
public abstract boolean isUserLoggedIn(javax.servlet.http.HttpServletRequest req,
                                       javax.servlet.http.HttpServletResponse res)
                                throws Exception
```
This method should somehow check to see if the user is logged in or not. Typically, this will be done via getting a session_id (either from a cookie or a URL) and using that session_id to search for a memory or database session data to see if that session still exists and has not expired.

Throws:

Exception

Class AuthFilter

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Detail

AuthFilter

Method Detail

init

destroy

doFilter

isUserLoggedIn