/
AuthenticationFilter.java
74 lines (63 loc) · 2.82 KB
/
AuthenticationFilter.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
/*
* SymmetricDS is an open source database synchronization solution.
*
* Copyright (C) Chris Henson <chenson42@users.sourceforge.net>,
* Keith Naas <knaas@users.sourceforge.net>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 3 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, see
* <http://www.gnu.org/licenses/>.
*/
package org.jumpmind.symmetric.web;
import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.jumpmind.symmetric.transport.handler.AuthenticationResourceHandler;
import org.jumpmind.symmetric.transport.handler.AuthenticationResourceHandler.AuthenticationStatus;
/**
* This better be the first filter that executes!
*/
public class AuthenticationFilter extends AbstractTransportFilter<AuthenticationResourceHandler> {
private static final Log logger = LogFactory.getLog(AuthenticationFilter.class);
@Override
public boolean isContainerCompatible() {
return true;
}
public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws IOException,
ServletException {
String securityToken = req.getParameter(WebConstants.SECURITY_TOKEN);
String nodeId = req.getParameter(WebConstants.NODE_ID);
if (StringUtils.isEmpty(securityToken) || StringUtils.isEmpty(nodeId)) {
sendError(resp, HttpServletResponse.SC_FORBIDDEN);
return;
}
final AuthenticationStatus status = getTransportResourceHandler().status(nodeId, securityToken);
if (AuthenticationStatus.FORBIDDEN.equals(status)) {
sendError(resp, HttpServletResponse.SC_FORBIDDEN);
} else if (AuthenticationStatus.REGISTRATION_REQUIRED.equals(status)) {
sendError(resp, WebConstants.REGISTRATION_REQUIRED);
} else if (AuthenticationStatus.ACCEPTED.equals(status)) {
chain.doFilter(req, resp);
}
}
@Override
protected Log getLogger() {
return logger;
}
}