2 * Copyright (c) 2013 Cisco Systems, Inc. and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
9 package org.opendaylight.controller.web;
11 import java.io.IOException;
12 import java.util.List;
15 import javax.servlet.FilterChain;
16 import javax.servlet.ServletException;
17 import javax.servlet.ServletRequest;
18 import javax.servlet.ServletResponse;
19 import javax.servlet.http.Cookie;
20 import javax.servlet.http.HttpServletRequest;
21 import javax.servlet.http.HttpServletResponse;
23 import org.opendaylight.controller.sal.utils.ServiceHelper;
24 import org.opendaylight.controller.usermanager.IUserManager;
25 import org.slf4j.Logger;
26 import org.slf4j.LoggerFactory;
27 import org.springframework.security.access.AccessDeniedException;
28 import org.springframework.security.core.context.SecurityContextHolder;
29 import org.springframework.web.filter.GenericFilterBean;
31 public class ControllerCustomFilter extends GenericFilterBean {
33 private static final Logger logger = LoggerFactory
34 .getLogger(ControllerCustomFilter.class);
38 public void doFilter(ServletRequest req, ServletResponse resp,
39 FilterChain chain) throws IOException, ServletException {
40 //custom filter to handle logged out users
41 HttpServletRequest request = (HttpServletRequest) req;
42 HttpServletResponse response = (HttpServletResponse) resp;
44 String url = request.getRequestURL().toString();
47 if (!(url.indexOf("login") > -1) && !(url.indexOf("logout") > -1)) {
48 if (SecurityContextHolder.getContext().getAuthentication() != null
49 && SecurityContextHolder.getContext().getAuthentication()
52 IUserManager userManager = (IUserManager) ServiceHelper
53 .getGlobalInstance(IUserManager.class, this);
54 if (userManager != null) {
55 Map<String, List<String>> activeUsers = userManager
57 if (activeUsers != null && activeUsers.size() > 0) {
59 String username = SecurityContextHolder.getContext()
60 .getAuthentication().getName();
61 if (!activeUsers.containsKey(username)) {
62 throw new AccessDeniedException(
63 "UserManager activeUserList does not contain user "
67 logger.error("UserManager return empty activeusers");
68 throw new AccessDeniedException(
69 "UserManager activeUserList is empty. ");
72 logger.error("UserManager Ref is null. ");
73 throw new RuntimeException("UserManager Ref is null. ");
77 logger.error("SecurityContextHolder getAuthentication is null");
78 throw new AccessDeniedException(
79 "SecurityContextHolder is not populated");
83 chain.doFilter(request, response);