Skip to content

D
daaexample
Commit 872d0b42 authored by michada's avatar michada
Browse files
Options

Send redirect on login and forbid unauthorized access to Rest API. 

LoginFilter modified to send redirect when login is done with parameters
and to return a 403 error when accesing Rest API without authorization.
parent 41c409da
Hide whitespace changes
Inline Side-by-side
Showing with 59 additions and 47 deletions
src/main/java/es/uvigo/esei/daa/LoginFilter.java
View file @ 872d0b42
...@@ -25,77 +25,89 @@ public class LoginFilter implements Filter { ...@@ -25,77 +25,89 @@ public class LoginFilter implements Filter {
final HttpServletRequest httpRequest = (HttpServletRequest) request; final HttpServletRequest httpRequest = (HttpServletRequest) request;
final HttpServletResponse httpResponse = (HttpServletResponse) response; final HttpServletResponse httpResponse = (HttpServletResponse) response;
if (isLogoutPath(httpRequest)) { try {
removeCookie(httpResponse); if (isLogoutPath(httpRequest)) {
redirectToIndex(httpRequest, httpResponse); removeTokenCookie(httpResponse);
} else if (isIndexPath(httpRequest) || redirectToIndex(httpRequest, httpResponse);
checkLogin(httpRequest, httpResponse) || } else if (isIndexPath(httpRequest) || checkToken(httpRequest)) {
checkToken(httpRequest) chain.doFilter(request, response);
) { } else if (checkLogin(httpRequest, httpResponse)) {
chain.doFilter(request, response); continueWithRedirect(httpRequest, httpResponse);
} else { } else if (isRestPath(httpRequest)) {
redirectToIndex(httpRequest, httpResponse); httpResponse.sendError(HttpServletResponse.SC_FORBIDDEN);
} else {
redirectToIndex(httpRequest, httpResponse);
}
} catch (DAOException e) {
httpResponse.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
} }
} }
private boolean isLogoutPath(HttpServletRequest request) {
return request.getServletPath().equals("/logout");
}
private boolean isIndexPath(HttpServletRequest request) {
return request.getServletPath().equals("/index.html");
}
private boolean isRestPath(HttpServletRequest request) {
return request.getServletPath().startsWith("/rest");
}
private void redirectToIndex( private void redirectToIndex(
HttpServletRequest httpRequest, HttpServletRequest request,
HttpServletResponse httpResponse HttpServletResponse response
) throws IOException { ) throws IOException {
httpResponse.sendRedirect(httpRequest.getContextPath() + "/index.html"); response.sendRedirect(request.getContextPath());
}
private void continueWithRedirect(
HttpServletRequest request,
HttpServletResponse response
) throws IOException {
String redirectPath = request.getRequestURI();
if (request.getQueryString() != null)
redirectPath += request.getQueryString();
response.sendRedirect(redirectPath);
} }
private void removeCookie(HttpServletResponse httpResponse) { private void removeTokenCookie(HttpServletResponse response) {
final Cookie cookie = new Cookie("token", ""); final Cookie cookie = new Cookie("token", "");
cookie.setMaxAge(0); cookie.setMaxAge(0);
httpResponse.addCookie(cookie); response.addCookie(cookie);
} }
private boolean isLogoutPath(HttpServletRequest httpRequest) { private boolean checkLogin(
return httpRequest.getServletPath().equals("/logout"); HttpServletRequest request,
} HttpServletResponse response
) throws DAOException {
private boolean isIndexPath(HttpServletRequest httpRequest) { final String login = request.getParameter("login");
return httpRequest.getServletPath().equals("/index.html"); final String password = request.getParameter("password");
}
private boolean checkLogin(HttpServletRequest httpRequest, HttpServletResponse response) {
final String login = httpRequest.getParameter("login");
final String password = httpRequest.getParameter("password");
if (login != null && password != null) { if (login != null && password != null) {
try { final String token = new UsersDAO().checkLogin(login, password);
final UsersDAO dao = new UsersDAO();
final String token = dao.checkLogin(login, password); if (token == null) {
if (token == null) {
return false;
} else {
response.addCookie(new Cookie("token", token));
return true;
}
} catch (DAOException e) {
e.printStackTrace();
return false; return false;
} else {
response.addCookie(new Cookie("token", token));
return true;
} }
} else { } else {
return false; return false;
} }
} }
private boolean checkToken(HttpServletRequest httpRequest) { private boolean checkToken(HttpServletRequest request) throws DAOException {
final Cookie[] cookies = httpRequest.getCookies(); final Cookie[] cookies = request.getCookies();
if (cookies != null) { if (cookies != null) {
for (Cookie cookie : cookies) { for (Cookie cookie : cookies) {
if (cookie.getName().equals("token")) { if (cookie.getName().equals("token")) {
try { return new UsersDAO().checkToken(cookie.getValue()) != null;
return new UsersDAO().checkToken(cookie.getValue()) != null;
} catch (DAOException e) {
e.printStackTrace();
return false;
}
} }
} }
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment