Downloads Documentation Community
Contribute
Contribute Demo






Show Sidebar
Login | Register


root/openmrs/trunk/src/web/org/openmrs/web/OpenmrsFilter.java

Revision 5367, 5.9 kB (checked in by bwolfe, 3 days ago)

Hiding error stack traces from non-authenticated users

  • Property svn:eol-style set to CRLF
Line 
1 /**
2  * The contents of this file are subject to the OpenMRS Public License
3  * Version 1.0 (the "License"); you may not use this file except in
4  * compliance with the License. You may obtain a copy of the License at
5  * http://license.openmrs.org
6  *
7  * Software distributed under the License is distributed on an "AS IS"
8  * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the
9  * License for the specific language governing rights and limitations
10  * under the License.
11  *
12  * Copyright (C) OpenMRS, LLC.  All Rights Reserved.
13  */
14 package org.openmrs.web;
15
16 import java.io.IOException;
17 import java.util.Date;
18
19 import javax.servlet.Filter;
20 import javax.servlet.FilterChain;
21 import javax.servlet.FilterConfig;
22 import javax.servlet.ServletContext;
23 import javax.servlet.ServletException;
24 import javax.servlet.ServletRequest;
25 import javax.servlet.ServletResponse;
26 import javax.servlet.http.HttpServletRequest;
27 import javax.servlet.http.HttpSession;
28
29 import org.apache.commons.logging.Log;
30 import org.apache.commons.logging.LogFactory;
31 import org.openmrs.User;
32 import org.openmrs.api.context.Context;
33 import org.openmrs.api.context.UserContext;
34 import org.springframework.context.ApplicationContext;
35 import org.springframework.web.context.support.WebApplicationContextUtils;
36
37 /**
38  * This is the custom OpenMRS filter.  It is defined as the filter of choice
39  * in the web.xml file.
40  *
41  * All page/object calls run through the doFilter method so we can wrap every
42  * session with the user's userContext (which holds the user's authenticated info)
43  */
44 public class OpenmrsFilter implements Filter {
45
46         protected final Log log = LogFactory.getLog(getClass());
47                
48         /**
49          * @see javax.servlet.Filter#destroy()
50          */
51         public void destroy() {
52                 log.debug("Destroying filter");
53         }
54
55         /**
56          * This method is called for every request for a page/image/javascript file/etc
57          * The main point of this is to make sure the user's current userContext is on
58          * the session and on the current thread
59          *
60          * @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain)
61          */
62         public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
63        
64                 HttpServletRequest httpRequest = (HttpServletRequest)request;
65                 HttpSession httpSession = httpRequest.getSession();
66                 UserContext userContext = null;
67                
68                 Object val = httpRequest.getAttribute( WebConstants.INIT_REQ_UNIQUE_ID );
69                
70                 //the request will not have the value if this is the initial request
71                 boolean initialRequest = ( val == null );
72        
73         if (log.isDebugEnabled()) {
74                 log.debug("initial Request? " + initialRequest);
75                 log.debug("requestURI " + httpRequest.getRequestURI());
76                 log.debug("requestURL " + httpRequest.getRequestURL());
77                 log.debug("request path info " + httpRequest.getPathInfo());
78         }
79        
80         //set/forward the request init attribute
81         if (initialRequest)
82                 httpRequest.setAttribute( WebConstants.INIT_REQ_UNIQUE_ID, String.valueOf(new Date().getTime()) );
83        
84         //context = (Context)httpSession.getAttribute(WebConstants.OPENMRS_CONTEXT_HTTPSESSION_ATTR);
85         //context = (Context)httpRequest.getAttribute(WebConstants.OPENMRS_CONTEXT_HTTPSESSION_ATTR);
86        
87         if (initialRequest == true) {
88                 // default the session username attribute to anonymous
89                         httpSession.setAttribute("username", "-anonymous user-");
90                        
91                         // User context is created if it doesn't already exist and added to the session
92                         // note: this usercontext storage logic is copied to webinf/view/uncaughtexception.jsp to
93                         //               prevent stack traces being shown to non-authenticated users
94                         userContext = (UserContext) httpSession.getAttribute(WebConstants.OPENMRS_USER_CONTEXT_HTTPSESSION_ATTR);
95                        
96                         // if there isn't a userContext on the session yet, create one
97                         // and set it onto the session
98                         if (userContext == null) {
99                                 userContext = new UserContext();
100                                 httpSession.setAttribute(WebConstants.OPENMRS_USER_CONTEXT_HTTPSESSION_ATTR, userContext);
101                                
102                                 if (log.isDebugEnabled())
103                                         log.debug("Just set user context " + userContext + " as attribute on session");
104                         }
105                         else {
106                                 // set username as attribute on session so parent servlet container
107                                 // can identify sessions easier
108                                 User user;
109                                 if ((user = userContext.getAuthenticatedUser()) != null)
110                                         httpSession.setAttribute("username", user.getUsername());
111                         }
112                        
113                         // set the locale on the session (for the servlet container as well)
114                         httpSession.setAttribute("locale", userContext.getLocale());
115                
116                 // Add the user context to the current thread
117                 Context.setUserContext(userContext);
118         }
119        
120                 log.debug("before doFilter");
121                
122                 // continue the filter chain (going on to spring, authorization, etc)
123                 try {
124                         chain.doFilter(request, response);
125                 }
126                 finally {
127                         if (initialRequest == true) {
128                                 // Clear the context so there's no user information left on the thread
129                                 Context.clearUserContext();
130                                 log.debug("This was considered an initial request");
131                         }
132                 }
133                
134                 // TODO why are we setting the userContext here again?
135                 //httpSession.setAttribute(WebConstants.OPENMRS_USER_CONTEXT_HTTPSESSION_ATTR, userContext);
136                
137                 log.debug("after doFilter");
138                
139         }
140
141         /**
142          * @see javax.servlet.Filter#init(javax.servlet.FilterConfig)
143          */
144         public void init(FilterConfig filterConfig) throws ServletException {
145                 log.debug("Initializating filter");
146         }
147        
148         /**
149          * Get the application context.
150          *
151          * @param httpRequest
152          * @return
153          */
154         public ApplicationContext getApplicationContext(HttpServletRequest httpRequest) {
155                 ServletContext servletContext = httpRequest.getSession().getServletContext();
156                 return WebApplicationContextUtils.getRequiredWebApplicationContext(servletContext);
157         }       
158
159 }
Note: See TracBrowser for help on using the browser.