Java Mailing List Archive

http://www.junlu.com/

Google
Google
Mailing List
Home
Forum Home
JBoss - Java Application Server
Tomcat - JSP/Servlet container
Struts - A MVC web framework
iText - An open source PDF Java Library
JDOM - JDOM XML Parser
JSP - A mailing list about Java Server Pages specification and reference
J2EE - A mailing list for Java(tm) 2 Platform, Enterprise Edition
J2EE Pattern - An interest list for Sun Java Center J2EE Pattern Catalog
Servlet - A mailing list for discussion about Sun Microsystem's Java Servlet API Technology
Struts & Hibernate
Subjects
JSP editor plugin for eclipse ?
org apache jasper JasperException: Unable to compile class for JSP
Tomcat: Connection reset by peer: socket write error
Cannot retrieve definition for form bean null
Struts Tiles Tutorial (free Struts training)
Where do I download Tomcat 4 0 6?
Data Access Object (DAO) pattern, example DAO 's
Where to download Tomcat v 4 1 24 from?
Tomcat 5 0 16 Requested resource not available
Subject: Servlet : Session invalidate
Oracle Connection Pooling in 3 2 2
Servlet action is currently unavailable
Tomcat/Struts Unicode Encoding/Decoding problems
Subject: Running a Simple JMS Example
Tomcat and webapplication specific java library path
Mapping in workers2 properties
org apache jasper JasperException
problem with html:text bean throwing exception
Cannot find message resources under key org apache struts action
   MESSAGE
Cannot find message resources under key org apache struts action MESSAGE
invalid direct reference problem with solution
Tool for jsp debug Try Sysdeo Eclipse Plugin
Tomcat 5 Cannot load JDBC driver class 'null ' SQL state: null
weblogic ejbc
java properties file
Jboss 3 2 3 Coyote Can 't re
Tomcat 5, Apache2 and mod jk2 integration problem
JBoss example problem new to J2EE
Value attribute of <html:checkbox
url string for connecting jboss to oracle
javax servlet ServletException: BeanUtils populate
5 0 18: Windows XP Pro vs Windows 2000
HTTP Status 404 The requested resource is not available
 
Filter Problem

Filter Problem

2005-06-23       - By Jack Lauman

 Back
I have the following code for an access filter.  If I log in with the
role of "admin" everything works as expected.  If I try to log in with
the role of "user" I immediately get a permissions error that denies access.

I've added ${sessionScope.USER} to the jsp pages as well as adding
entries for PWD and ROLE.  The correct information is in the session
variables.

I'd appreciate any help in finding the error and fixing it.

Thanks,

Jack

public class AccessControlFilter
       implements Filter
{
  public static final String NO_ACCESS_PAGE = "no-access-page";
  public static final String NO_AUTH_PAGE = "no-auth-page";
  private FilterConfig fc;
  private String noAccessPage;
  private String notLoggedInPage;
  public AccessControlFilter()
    {
      fc = null;
    }

    /**
     * Destroy the Access Control Filter
     */
    public void destroy()
    {
      fc = null;
    }

    /**
     * Initialize the Access Control Filter
     */
    public void init(FilterConfig config)
      throws ServletException
    {
      fc = config;
      noAccessPage = fc.getInitParameter("no-access-page");
      if(noAccessPage == null)
        noAccessPage = "noaccess.jsp";

      notLoggedInPage = fc.getInitParameter("no-auth-page");
        if(notLoggedInPage == null)
        notLoggedInPage = "notloggedin.jsp";
    }

    public void doFilter(ServletRequest req,
                         ServletResponse resp,
                         FilterChain chain)
      throws IOException, ServletException
    {
      HttpServletRequest httpReq = (HttpServletRequest)req;
      HttpServletResponse httpResp = (HttpServletResponse)resp;

      String servletPath = httpReq.getServletPath();

      String username = (String)httpReq.getSession().getAttribute("USER");
      if(username == null)
      {
        httpResp.sendRedirect(notLoggedInPage);
        return;
      }
        String role = (String)httpReq.getSession().getAttribute("ROLE");
        if(role == null)
        {
          httpResp.sendRedirect(notLoggedInPage);
          return;
        }
        if(role.equals("admin"))
        {
          chain.doFilter(req, resp);
          return;
        }
        if(role.equals("user"))
        {
          if(servletPath.startsWith("/secure/updateDb/add") ||
            servletPath.startsWith("/secure/updateDb/delete") ||
            servletPath.startsWith("/secure/updateDb/update") ||
            servletPath.startsWith("/secure/updateDb/move") ||
            servletPath.equals("/secure/updateDb/sectionAdd") ||
            servletPath.equals("/secure/updateDb/sectionDelete"))
       {
            Integer id = new Integer(httpReq.getParameter("company"));
            if(id.equals(getAuthToken(username)))
            {
              chain.doFilter(req, resp);
              return;
            }
            } else
              if(servletPath.equals("/secure/updateDb/changePassword"))
            {
              if(username.equals(httpReq.getParameter("userName")))
                {
                  chain.doFilter(req, resp);
                  return;
                }
              } else
                if(servletPath.equals("/secure/index.jsp"))
              {
              ServletContext servletcontext = fc.getServletContext();
              RequestDispatcher requestdispatcher =
servletcontext.getRequestDispatcher("/secure/ControlPanel.jsp?company="
+ getAuthToken(username));
              if(requestdispatcher == null)
              httpResp.sendError(500, "Ccontrol panel doesn't exist.");
              requestdispatcher.forward(req, resp);
              return;
            }
        } else {
            httpResp.sendRedirect(notLoggedInPage);
            return;
        }
        httpResp.sendRedirect(noAccessPage);
    }

    private Integer getAuthToken(String servletPath)
    {
        Integer id = new Integer(-1);
        try
        {
       Context ctx = null;
        DataSource ds = null;
        Connection conn = null;
        Result result = null;
       SQLCommandBean sql = new SQLCommandBean();
       try {
         String envBase = "java:comp/env/";
          ctx = new InitialContext();
          String dataSourceName = (String)ctx.lookup(envBase +
"dataSource");
          ds = (DataSource) ctx.lookup(envBase + dataSourceName);

          } catch (Exception e) {
            System.out.println("DataSource context lookup failed: " + e);
          }

          try {
            conn = ds.getConnection();
            } catch (SQLException se) {
              System.out.println("DataSource getConnection failed: " + se);
              se.printStackTrace();
            }

          try {
           sql.setConnection(conn);

          } catch (Exception e) {
            System.out.println("DataSource setConnection failed: " + e);
          }

          sql.setSqlValue("SELECT CompanyID FROM Company WHERE UserID =
?");
          ArrayList arraylist = new ArrayList();
          arraylist.add(servletPath);
          sql.setValues(arraylist);
          result = sql.executeQuery();
          if(result != null && result.getRowCount() > 0) {
          id = (Integer)result.getRows()[0].get("CompanyID");
          }
          conn.close();
        }
        catch(SQLException se) {
          System.out.println(se);
        }
        return id;
    }
}

__ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ __
To unsubscribe, send email to listserv@(protected) and include in the body
of the message "signoff SERVLET-INTEREST".

Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
©2008 junlu.com - Jax Systems, LLC, U.S.A.