1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34 package fr.paris.lutece.util.signrequest.servlet;
35
36 import fr.paris.lutece.util.signrequest.AbstractAuthenticator;
37 import fr.paris.lutece.util.signrequest.AbstractPrivateKeyAuthenticator;
38 import fr.paris.lutece.util.signrequest.security.Sha1HashService;
39
40 import java.io.IOException;
41
42 import java.util.ArrayList;
43 import java.util.List;
44 import java.util.StringTokenizer;
45
46 import javax.servlet.Filter;
47 import javax.servlet.FilterChain;
48 import javax.servlet.FilterConfig;
49 import javax.servlet.ServletException;
50 import javax.servlet.ServletRequest;
51 import javax.servlet.ServletResponse;
52 import javax.servlet.http.HttpServletRequest;
53 import javax.servlet.http.HttpServletResponse;
54
55
56
57
58 public abstract class AbstractRequestFilter implements Filter
59 {
60 private static final String PARAMETER_PRIVATE_KEY = "privateKey";
61 private static final String PARAMETER_ELEMENTS_SIGNATURE = "elementsSignature";
62 private static final String PARAMETER_VALIDITY_PERIOD = "validityTimePeriod";
63 private AbstractAuthenticator _authenticator;
64
65
66
67
68
69
70 protected abstract AbstractAuthenticator getAuthenticator( );
71
72
73
74
75 @Override
76 public void init( FilterConfig filterConfig ) throws ServletException
77 {
78 _authenticator = getAuthenticator( );
79
80
81 _authenticator.setHashService( new Sha1HashService( ) );
82
83 if ( _authenticator instanceof AbstractPrivateKeyAuthenticator )
84 {
85
86 String strPrivateKey = filterConfig.getInitParameter( PARAMETER_PRIVATE_KEY );
87 ( (AbstractPrivateKeyAuthenticator) _authenticator ).setPrivateKey( strPrivateKey );
88 }
89
90
91 String strElementsList = filterConfig.getInitParameter( PARAMETER_ELEMENTS_SIGNATURE );
92 StringTokenizer st = new StringTokenizer( strElementsList, "," );
93 List<String> listElements = new ArrayList<String>( );
94
95 while ( st.hasMoreTokens( ) )
96 {
97 listElements.add( st.nextToken( ).trim( ) );
98 }
99
100 _authenticator.setSignatureElements( listElements );
101
102
103 String strValidityTimePeriod = filterConfig.getInitParameter( PARAMETER_VALIDITY_PERIOD );
104 _authenticator.setValidityTimePeriod( Long.parseLong( strValidityTimePeriod ) );
105 }
106
107
108
109
110 @Override
111 public void doFilter( ServletRequest request, ServletResponse response, FilterChain chain ) throws IOException, ServletException
112 {
113 if ( _authenticator.isRequestAuthenticated( (HttpServletRequest) request ) )
114 {
115 chain.doFilter( request, response );
116 }
117 else
118 {
119 ( (HttpServletResponse) response ).setStatus( HttpServletResponse.SC_UNAUTHORIZED );
120 }
121 }
122
123
124
125
126 @Override
127 public void destroy( )
128 {
129 }
130 }