/**
* Check if the current URL is protected and the current session doesn't contain a user object. If
* this is the case perform a login.
*
* <p>The doFilter method of the Filter is called by the container each time a request/response
* pair is passed through the chain due to a client request for a resource at the end of the
* chain.
*
* @throws IOException
* @throws ServletException
*/
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
HttpServletRequest httpRequest =
new IgnoreCharacterEncodingHttpRequestWrapper((HttpServletRequest) request);
HttpServletResponse httpResponse = (HttpServletResponse) response;
AuthorizationRequestData rdo = initializeRequestDataObject(httpRequest);
try {
if (isPublicAccess(rdo, httpRequest)) {
proceedWithFilterChain(chain, httpRequest, httpResponse);
} else {
handleProtectedUrlAndChangePwdCase(chain, httpRequest, httpResponse, rdo);
}
} catch (ServletException e) {
// relogin is not possible in this case,
// no SAML response to extract userid and generate password.
if (authSettings.isServiceProvider()) {
throw e;
}
if (e.getCause() instanceof ViewExpiredException) {
// if we were logged in but a logout occurs from a different
// browser tab, we get this exception - so redirect to the
// same page to stay on it (Bug 7552)
final StringBuffer url =
new StringBuffer(rdo.getRelativePath() == null ? "" : rdo.getRelativePath());
reLogginUserIfRequired(httpRequest, httpResponse, rdo, url);
sendRedirect(httpRequest, httpResponse, url.toString());
} else {
throw e;
}
}
}
private void appendParam(StringBuffer url, String param, String value, String encoding) {
if (url.indexOf("?") > -1) url.append('&');
else url.append('?');
url.append(param);
url.append("=");
try {
url.append(URLEncoder.encode(value, encoding));
} catch (UnsupportedEncodingException e) {
throw new SaaSSystemException(e);
}
}