Skip to content

D
daaexample
Commit 872d0b42 authored by michada's avatar michada
Browse files
Options

Send redirect on login and forbid unauthorized access to Rest API. 

LoginFilter modified to send redirect when login is done with parameters
and to return a 403 error when accesing Rest API without authorization.
parent 41c409da
Show whitespace changes
Inline Side-by-side
Showing with 59 additions and 47 deletions
src/main/java/es/uvigo/esei/daa/LoginFilter.java
View file @ 872d0b42
...@@ -25,48 +25,69 @@ public class LoginFilter implements Filter { ...@@ -25,48 +25,69 @@ public class LoginFilter implements Filter {
final HttpServletRequest httpRequest = (HttpServletRequest) request; final HttpServletRequest httpRequest = (HttpServletRequest) request;
final HttpServletResponse httpResponse = (HttpServletResponse) response; final HttpServletResponse httpResponse = (HttpServletResponse) response;
try {
if (isLogoutPath(httpRequest)) { if (isLogoutPath(httpRequest)) {
removeCookie(httpResponse); removeTokenCookie(httpResponse);
redirectToIndex(httpRequest, httpResponse); redirectToIndex(httpRequest, httpResponse);
} else if (isIndexPath(httpRequest) || } else if (isIndexPath(httpRequest) || checkToken(httpRequest)) {
checkLogin(httpRequest, httpResponse) ||
checkToken(httpRequest)
) {
chain.doFilter(request, response); chain.doFilter(request, response);
} else if (checkLogin(httpRequest, httpResponse)) {
continueWithRedirect(httpRequest, httpResponse);
} else if (isRestPath(httpRequest)) {
httpResponse.sendError(HttpServletResponse.SC_FORBIDDEN);
} else { } else {
redirectToIndex(httpRequest, httpResponse); redirectToIndex(httpRequest, httpResponse);
} }
} catch (DAOException e) {
httpResponse.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
}
}
private boolean isLogoutPath(HttpServletRequest request) {
return request.getServletPath().equals("/logout");
}
private boolean isIndexPath(HttpServletRequest request) {
return request.getServletPath().equals("/index.html");
}
private boolean isRestPath(HttpServletRequest request) {
return request.getServletPath().startsWith("/rest");
} }
private void redirectToIndex( private void redirectToIndex(
HttpServletRequest httpRequest, HttpServletRequest request,
HttpServletResponse httpResponse HttpServletResponse response
) throws IOException { ) throws IOException {
httpResponse.sendRedirect(httpRequest.getContextPath() + "/index.html"); response.sendRedirect(request.getContextPath());
} }
private void removeCookie(HttpServletResponse httpResponse) { private void continueWithRedirect(
final Cookie cookie = new Cookie("token", ""); HttpServletRequest request,
cookie.setMaxAge(0); HttpServletResponse response
httpResponse.addCookie(cookie); ) throws IOException {
} String redirectPath = request.getRequestURI();
if (request.getQueryString() != null)
redirectPath += request.getQueryString();
private boolean isLogoutPath(HttpServletRequest httpRequest) { response.sendRedirect(redirectPath);
return httpRequest.getServletPath().equals("/logout");
} }
private boolean isIndexPath(HttpServletRequest httpRequest) { private void removeTokenCookie(HttpServletResponse response) {
return httpRequest.getServletPath().equals("/index.html"); final Cookie cookie = new Cookie("token", "");
cookie.setMaxAge(0);
response.addCookie(cookie);
} }
private boolean checkLogin(HttpServletRequest httpRequest, HttpServletResponse response) { private boolean checkLogin(
final String login = httpRequest.getParameter("login"); HttpServletRequest request,
final String password = httpRequest.getParameter("password"); HttpServletResponse response
) throws DAOException {
final String login = request.getParameter("login");
final String password = request.getParameter("password");
if (login != null && password != null) { if (login != null && password != null) {
try { final String token = new UsersDAO().checkLogin(login, password);
final UsersDAO dao = new UsersDAO();
final String token = dao.checkLogin(login, password);
if (token == null) { if (token == null) {
return false; return false;
...@@ -75,27 +96,18 @@ public class LoginFilter implements Filter { ...@@ -75,27 +96,18 @@ public class LoginFilter implements Filter {
return true; return true;
} }
} catch (DAOException e) {
e.printStackTrace();
return false;
}
} else { } else {
return false; return false;
} }
} }
private boolean checkToken(HttpServletRequest httpRequest) { private boolean checkToken(HttpServletRequest request) throws DAOException {
final Cookie[] cookies = httpRequest.getCookies(); final Cookie[] cookies = request.getCookies();
if (cookies != null) { if (cookies != null) {
for (Cookie cookie : cookies) { for (Cookie cookie : cookies) {
if (cookie.getName().equals("token")) { if (cookie.getName().equals("token")) {
try {
return new UsersDAO().checkToken(cookie.getValue()) != null; return new UsersDAO().checkToken(cookie.getValue()) != null;
} catch (DAOException e) {
e.printStackTrace();
return false;
}
} }
} }
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment