/** * Check the rights of the user for the page requested * * @throws IOException */ public boolean checkAccess(String pageName, Request request, Response response) throws IOException { System.out.println("ENTER checkAccess"); if (_request != null && _request.getHeader("EAAHash") != null && !_request.getHeader("EAAHash").equals("")) { System.out.println("EAA Headers present"); System.out.println("asm.exists(UserSession.class): " + asm.exists(UserSession.class)); if (!asm.exists(UserSession.class)) { asm.set(UserSession.class, new UserSessionImpl()); UserSession userSession = asm.get(UserSession.class); userSession.setLoggedIn(true); userSession.setUserName(_request.getHeader("uid")); userSession.setIdP(_request.getHeader("Shib-Identity-Provider")); System.out.println("Creating Session"); } else if (asm.get(UserSession.class).getUserName() == null || asm.get(UserSession.class).getUserName().equals("")) { UserSession userSession = asm.get(UserSession.class); userSession.setLoggedIn(true); userSession.setUserName(_request.getHeader("uid")); userSession.setIdP(_request.getHeader("Shib-Identity-Provider")); System.out.println("Editing existing Session"); } } boolean canAccess = true; /* Is the requested page private ? */ Component page = componentSource.getPage(pageName); boolean privatePage = page.getClass().getAnnotation(Private.class) != null; if (privatePage) { canAccess = false; /* Is the user already authentified ? */ if (asm.exists(UserSession.class)) { UserSession userSession = asm.get(UserSession.class); canAccess = userSession.isLoggedIn(); } } /* * This page can't be requested by a non authentified user => we * redirect him on the signon page */ System.out.println("EXIT checkAccess"); if (!canAccess) { response.sendRedirect(request.getContextPath() + LOGIN_PAGE); return true; // Make sure to leave the chain } return false; }