PermissionFilter

Overview

Package

Class

Use

Deprecated

Index

Home >> All >> com >> RuntimeCollective >> [ permission overview ]

PREV CLASS NEXT CLASS

SUMMARY:

JAVADOC |

Sourc code of com.RuntimeCollective.permission.PermissionFilter

SOURCE |

Download com.RuntimeCollective.permission.PermissionFilter

DOWNLOAD | NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

com.RuntimeCollective.permission
Class PermissionFilter

java.lang.Object
  com.RuntimeCollective.permission.PermissionFilter

All Implemented Interfaces:: javax.servlet.Filter

public class PermissionFilter
extends java.lang.Object
implements javax.servlet.Filter

A singleton Filter which constrains access to URLs using PermissionRules.

At the moment, the filter supports three checks for each path:

whether the user is in 1 of many UserGroups, specified by their names
whether the user is in a (any) group belonging to a given UserGroupType, specified by name
whether the request matches a given IP address pattern (Perl5, as in Jakarta ORO)
whether the request matches, or ends in, a given domain (only complete components are matched, e.g. "apache.org" will match "foo.apache.org", but not "fooapache.org")
whether the user is cleared by a PermissionRule, specified by its id

Each path can be configured with one, two or all three checks. Duplicate checks are ignored (ie you can't have two IP checks for the same path name). Checks apply to all requests in the path, including static html files, images, jsp files, and actions.

If you want other checks to be supported, you will need to extend the processConfig() method, which reads the init parameters, and the doFilter() method, which performs the checks.

The original PermissionFilter is kept as a singleton, which you can get and modify through PermissionFilter.getSingleton(). Thus, the filter can be modified at Runtime.

To setup the filter in the first place, make sure your web.xml uses the following DTD URL:

 <!DOCTYPE web-app
   PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
   "http://java.sun.com/dtd/web-app_2_3.dtd">

and add your filter configurations to the top of your web.xml file (above the <servlets > entry), for example :

  <!-- Permission filter to constrain access -->
  <filter>
    <filter-name>permissionFilter</filter-name>
    <filter-class>com.RuntimeCollective.permission.PermissionFilter</filter-class>
    <init-param>
      <param-name>/admin/.groupType</param-name>
      <param-value>Administrators and Editors</param-value>
    </init-param>
    <init-param>
      <param-name>/admin/sysadmin/.groupName</param-name>
      <param-value>sysadmin</param-value>
    </init-param>
    <init-param>
      <param-name>/local/.ipPattern</param-name>
      <param-value>127.0.0.0</param-value>
    </init-param>
    <init-param>
      <param-name>/local/.domainName</param-name>
      <param-value>avantgo.com</param-value>
    </init-param>
    <init-param>
      <param-name>/oneRule/.ruleId</param-name>
      <param-value>15324</param-value>
    </init-param>
    <init-param>
      <param-name>/youreLuckyIfYouGetThere/.groupName</param-name>
      <param-value>editors</param-value>
    </init-param>
    <init-param>
      <param-name>/youreLuckyIfYouGetThere/.ipPattern</param-name>
      <param-value>127(.)*</param-value>
    </init-param>
    <init-param>
      <param-name>/youreLuckyIfYouGetThere/.ruleId</param-name>
      <param-value>15345</param-value>
    </init-param>
  </filter>
  
  <filter-mapping>
    <filter-name>permissionFilter</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>

For the filter mapping statement, you can specify the highest common path on which all checks are done. For example, if you're only doing checks on /admin, you can specify /admin/* rather than /*, that will prevent the filter from being run for nothing. At the same time, be careful to change that path if one day you secure /doc or / as well (otherwise your settings will simply be ignored). $Id: PermissionFilter.java,v 1.15 2003/09/30 15:12:48 joe Exp $

Field Summary

private static java.lang.String ACCESS_DENIED_PAGE
          The page where we send user if we deny them the access altogether.

protected static org.apache.oro.text.regex.Perl5Compiler compiler
          A shared Perl5 compiler.

private javax.servlet.FilterConfig config
          Config parameters.

static java.lang.String DOMAIN_NAME_KEY
          The keyword under which the domain name is stored.

static java.lang.String GROUP_NAME_KEY
          The keyword under which the user group name is stored.

static java.lang.String GROUP_TYPE_KEY
          The keyword under which the user group type is stored.

static java.lang.String IP_PATTERN_KEY
          The keyword under which the ip pattern is stored.

private boolean isInited
          Whether the filter has been inited, that is, its config has been processed.

private static java.lang.String LOGON_PAGE
          The page where we send user if they are not logged on.

protected static org.apache.oro.text.regex.Perl5Matcher matcher
          A shared Perl5 matcher.

private java.util.List paths
          The list of secured paths.

static java.lang.String RULE_ID_KEY
          The keyword under which the permission rule id is stored.

private java.util.HashMap securityAttributes
          The list of security attributes for each path.

private static PermissionFilter singleton
          The singleton iteration.

Constructor Summary

PermissionFilter()
          Constructor which (builds and) returns the singleton.

Method Summary

void destroy()
          Destroy that filter.

void doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain)
          Filter a request.

javax.servlet.FilterConfig getFilterConfig()
          Get the config parameters.

static PermissionFilter getSingleton()
          Get the first created filter, which is kept as a singleton.

void init(javax.servlet.FilterConfig config)
          Init with parameters.

private void processConfig()
          Process the config parameters.

void redirectResponse(javax.servlet.ServletResponse response, java.lang.String redirectPath)
          Redirects a response to a specified path.

void setFilterConfig(javax.servlet.FilterConfig config)
          Set the config parameters.

void setSecuritySetting(java.lang.String path, java.lang.String key, java.lang.Object setting)
          Change a security setting in the configuration of this filter.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

singleton

private static PermissionFilter singleton

The singleton iteration.

config

private javax.servlet.FilterConfig config

Config parameters.

GROUP_NAME_KEY

public static java.lang.String GROUP_NAME_KEY

The keyword under which the user group name is stored.

GROUP_TYPE_KEY

public static java.lang.String GROUP_TYPE_KEY

The keyword under which the user group type is stored.

IP_PATTERN_KEY

public static java.lang.String IP_PATTERN_KEY

The keyword under which the ip pattern is stored.

DOMAIN_NAME_KEY

public static java.lang.String DOMAIN_NAME_KEY

The keyword under which the domain name is stored.

RULE_ID_KEY

public static java.lang.String RULE_ID_KEY

The keyword under which the permission rule id is stored.

ACCESS_DENIED_PAGE

private static java.lang.String ACCESS_DENIED_PAGE

The page where we send user if we deny them the access altogether.

LOGON_PAGE

private static java.lang.String LOGON_PAGE

The page where we send user if they are not logged on.

paths

private java.util.List paths

The list of secured paths. Equivalent to securityAttribute.keySet().iterator(), but as a List.

securityAttributes

private java.util.HashMap securityAttributes

The list of security attributes for each path.

isInited

private boolean isInited

Whether the filter has been inited, that is, its config has been processed.

matcher

protected static org.apache.oro.text.regex.Perl5Matcher matcher

A shared Perl5 matcher.

compiler

protected static org.apache.oro.text.regex.Perl5Compiler compiler

A shared Perl5 compiler.

Constructor Detail