Tomcat filters - authentication for supporting static content

Wed, 2008-12-03 17:56 by smcwhtdtmc Tags:

First post! Woohoo!

Recently, I've been struggling with the following question:

"We have a lot of static HTML pages and binary files that support (are linked to by) our channel content. How do I make sure these files are only available to users who are logged in to the portal?"

I saw a few solutions like this one around here that revolved around injecting a bit of JSP at the top of each file that verifies the user's session. Unfortunately, since I want to protect binary files as well, this wouldn't work for me. After much pondering, I came up with a hack that seems worth posting:

The idea here is to use a tomcat filter to verify a user's session for every file in a certain directory. This works particularly well with a push-CMS, which we happen to have. Here's the filter code:

package edu.tamhsc.my.filters;

import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
import com.pipeline.web.WebUtil;

public final class IntranetAuthenticationFilter implements Filter {
    private FilterConfig filterConfig = null;

    public void init(FilterConfig filterConfig) 
	throws ServletException {
	this.filterConfig = filterConfig;
    }

    public void destroy() {
	this.filterConfig = null;
    }

    public void doFilter(ServletRequest request,
			 ServletResponse response, FilterChain chain) 
	throws IOException, ServletException {
	
	
	PrintWriter out = response.getWriter();
	if (WebUtil.getUserSession((HttpServletRequest)request, (HttpServletResponse)response) == null) {
	    out.println("<h2>You are not authorized to view this resource.  You must <a href='/cp/home/loginf'>log in to myHSC</a>.</h2>");
	    out.flush();
	    return;
	}
	
	chain.doFilter(request, response);
    }
}

Compile and jar this, and place the jar in $CP_ROOT/webapps/luminis/WEB-INF/lib/

Then, in $CP_ROOT/webapps/luminis/WEB-INF/web.xml, add something like this:

<filter>
  <filter-name>intranet_auth_filter</filter-name>
  <filter-class>edu.tamhsc.my.filters.IntranetAuthenticationFilter</filter-class>
</filter>

<filter-mapping>
  <filter-name>intranet_auth_filter</filter-name>
  <url-pattern> /intranet/* </url-pattern>
</filter-mapping>

That's more or less it. Restart 70-webserver, and place your authenticated content in the appropriate folder (here it's CP_ROOT/webapps/luminis/intranet). That's all there is to it =)

smcwhtdtmc's blog
Login or register to post comments

Comments

Submitted by thai on Wed, 2008-12-03 22:37.

Nice article

Very useful information.
Another way: create the folder 'intranet' under
$CP_DOC_ROOT/ipx
and the URL to access is: http://lum-server/cp/ips/intranet
will have the same affect.

--
Thai Nguyen

User login

Navigation

Active forum topics

Video in Luminis
1 day 52 min ago
What is the
1 day 7 hours ago
Can you log into SSB as a
1 day 7 hours ago
Double check your es.systems
1 day 7 hours ago
Sexy teen blonde squirt
1 day 7 hours ago
Thanks!!!
1 day 8 hours ago
Luminis 4 and athensda integration
1 day 9 hours ago
Cache control and minified Javascript/CSS
1 day 15 hours ago
Google Analytics to Luminis...
1 day 15 hours ago
Banner and iPhone integration
1 day 15 hours ago

Who's new

kelsohunter
rockyr27
pdeveau@uottawa.ca
rmorgan
bashibozuk

Hack Your Knowledge

Adding Google Analytics
Demo Accounts Summit 08 Presentations Summit 07 Presentations
LumDev CVS
Adding a customization layer
Hacking Luminis v0.06
iPerson Object v1.2.1
Targeted Channel Tutorial v2.0

Recent blog posts

LUMTECH List

LUMPLATFORM List

Poll

What do you think of the new LumDev Theme ?

Thumbs Up

61%

Thumbs Down

16%

Don't Care

23%

Total votes: 77

LDN - Luminis Developer Network