org.mycore.frontend.filter.MCRRequestAuthenticationFilter Maven / Gradle / Ivy
/*
* This file is part of *** M y C o R e ***
* See http://www.mycore.de/ for details.
*
* MyCoRe is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* MyCoRe is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with MyCoRe. If not, see .
*/
package org.mycore.frontend.filter;
import java.io.IOException;
import java.util.Optional;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.logging.log4j.LogManager;
/**
* @author Thomas Scheffler
*
*/
public class MCRRequestAuthenticationFilter implements Filter {
public static final String SESSION_KEY = "mcr.authenticateRequest";
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
Optional httpSession = Optional.ofNullable(req.getSession(false));
if (httpSession.map(s -> s.getAttribute(SESSION_KEY)).isPresent() && req.getUserPrincipal() == null) {
LogManager.getLogger().info("request authentication required for: {}", req.getRemoteUser());
req.authenticate((HttpServletResponse) response);
}
chain.doFilter(request, response);
}
@Override
public void destroy() {
}
}