package org.restafarian.core.filters;
   
   import java.io.IOException;
   import java.net.URLEncoder;
   
   import javax.servlet.FilterChain;
   import javax.servlet.ServletException;
   import javax.servlet.ServletRequest;
   import javax.servlet.ServletResponse;
  import javax.servlet.http.HttpServletRequest;
  import javax.servlet.http.HttpServletResponse;
  
  import org.apache.commons.configuration.Configuration;
  import org.restafarian.core.beans.Person;
  import org.restafarian.core.security.AuthenticatedUserManager;
  
  /***
   * <p>This filter redirects all traffic to a specified page if
   * the authenticated user object is not present.</p>
   */
  public class SecurityFilter extends FilterBase {
  
  	/***
  	 * <p>Filter "do filter" method.</p>
  	 *
  	 * @param req the servlet request object
  	 * @param res the servlet response object
  	 * @param chain the filter chain object
  	 */
  	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws ServletException, IOException {
  		// convert request and response objects
  		HttpServletRequest req = (HttpServletRequest) request;
  		HttpServletResponse res = (HttpServletResponse) response;
  		// get authenticated user using configured manager
  		Person authenticatedUser = AuthenticatedUserManager.getAuthenticatedUser(req);
  
  		if (authenticatedUser == null) {
  			// no authenticated user -- redirect to the logon page
  			Configuration configuration = (Configuration) context.getAttribute("configuration");
  			if (configuration != null) {
  				// get logon page from configuration
  				String redirectTo = configuration.getString("userLogonPage");
  				if (redirectTo != null && redirectTo.length() > 0) {
  					// get the current URL for the return path
  					String originalURL = req.getRequestURI();
  					String connector = "?";
  					if (redirectTo.indexOf("?") != -1) {
  						connector = "&";
  					}
  					redirectTo += connector + "returnurl=" + URLEncoder.encode(originalURL, "ISO-8859-1");
  					res.sendRedirect(redirectTo);
  				} else {
  					throw new ServletException("SecurityFilter has not been properly initialized -- check configuration.");
  				}
  			} else {
  				throw new ServletException("SecurityFilter has not been properly initialized -- check configuration.");
  			}
  		}
  
  		chain.doFilter(req, res);
  	}
  }