remove auth filter

src/main/java/org/codelibs/fess/filter/AdminAuthFilter.java

@@ -1,41 +0,0 @@
-/*
- * Copyright 2012-2016 CodeLibs Project and the Others.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
- * either express or implied. See the License for the specific language
- * governing permissions and limitations under the License.
- */
-package org.codelibs.fess.filter;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpSession;
-
-import org.codelibs.fess.Constants;
-import org.codelibs.fess.entity.LoginInfo;
-import org.codelibs.fess.entity.UserInfo;
-
-public class AdminAuthFilter extends AuthFilter {
-    @Override
-    protected UserInfo getUserInfo(final HttpServletRequest req) {
-        final HttpSession session = req.getSession(false);
-        if (session == null) {
-            return null;
-        }
-        final Object obj = session.getAttribute(Constants.USER_INFO);
-        if (obj instanceof LoginInfo) {
-            final LoginInfo loginInfo = (LoginInfo) obj;
-            if (loginInfo.isAdministrator()) {
-                return loginInfo;
-            }
-        }
-        return null;
-    }
-}

src/main/java/org/codelibs/fess/filter/AuthFilter.java

@@ -1,192 +0,0 @@
-/*
- * Copyright 2012-2016 CodeLibs Project and the Others.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
- * either express or implied. See the License for the specific language
- * governing permissions and limitations under the License.
- */
-package org.codelibs.fess.filter;
-
-import java.io.IOException;
-import java.net.URLEncoder;
-import java.util.ArrayList;
-import java.util.List;
-import java.util.regex.Matcher;
-import java.util.regex.Pattern;
-
-import javax.servlet.Filter;
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletRequestWrapper;
-import javax.servlet.http.HttpServletResponse;
-
-import org.codelibs.core.CoreLibConstants;
-import org.codelibs.core.crypto.CachedCipher;
-import org.codelibs.core.lang.StringUtil;
-import org.codelibs.fess.Constants;
-import org.codelibs.fess.entity.UserInfo;
-import org.codelibs.fess.util.ActivityUtil;
-import org.lastaflute.di.core.SingletonLaContainer;
-
-/**
- * A filter implementation to process a container based authentication.
- *
- * @author shinsuke
- *
- */
-public class AuthFilter implements Filter {
-
-    private static final String DEFAULT_LOGIN_PATH = "/login/";
-
-    private static final String HTTPS = "https:";
-
-    private static final String HTTP = "http:";
-
-    public List<Pattern> urlPatternList = new ArrayList<Pattern>();
-
-    protected String cipherName;
-
-    protected String loginPath;
-
-    protected boolean useSecureLogin;
-
-    protected String returnPathName;
-
-    @Override
-    public void init(final FilterConfig filterConfig) throws ServletException {
-        String value = filterConfig.getInitParameter("urlPatterns");
-        if (value != null) {
-            final String[] urlPatterns = value.split(",");
-            for (final String urlPattern : urlPatterns) {
-                urlPatternList.add(Pattern.compile(urlPattern.trim()));
-            }
-        }
-
-        cipherName = filterConfig.getInitParameter("cipherName");
-        if (StringUtil.isBlank(cipherName)) {
-            cipherName = "authCipher";
-        }
-
-        loginPath = filterConfig.getInitParameter("loginPath");
-
-        value = filterConfig.getInitParameter("useSecureLogin");
-        if (StringUtil.isNotBlank(value)) {
-            useSecureLogin = Boolean.parseBoolean(value);
-        } else {
-            useSecureLogin = false;
-        }
-
-        returnPathName = filterConfig.getInitParameter("returnPathName");
-        if (StringUtil.isBlank(returnPathName)) {
-            returnPathName = "returnPath";
-        }
-    }
-
-    @Override
-    public void destroy() {
-        urlPatternList = null;
-        cipherName = null;
-    }
-
-    @Override
-    public void doFilter(final ServletRequest request, final ServletResponse response, final FilterChain chain) throws IOException,
-            ServletException {
-        final HttpServletRequest req = (HttpServletRequest) request;
-        final HttpServletResponse res = (HttpServletResponse) response;
-        final String uri = req.getRequestURI();
-        final CachedCipher cipher = getCachedCipher();
-        for (final Pattern pattern : urlPatternList) {
-            final Matcher matcher = pattern.matcher(uri);
-            if (matcher.matches()) {
-                final String requestURL = req.getRequestURL().toString();
-                if (useSecureLogin) {
-                    if (requestURL.startsWith(HTTP)) {
-                        // redirect
-                        res.sendRedirect(requestURL.replaceFirst(HTTP, HTTPS));
-                        return;
-                    }
-                }
-
-                // require authentication
-                final UserInfo userInfo = getUserInfo(req);
-                if (userInfo != null) {
-                    ActivityUtil.access(userInfo.getUsername(), req);
-                    chain.doFilter(new AuthHttpServletRequest(req, userInfo), response);
-                } else {
-                    final StringBuilder buf = new StringBuilder(256);
-                    buf.append(System.currentTimeMillis());
-                    buf.append('|');
-                    buf.append(requestURL);
-
-                    String encoding = request.getCharacterEncoding();
-                    if (encoding == null) {
-                        encoding = CoreLibConstants.UTF_8;
-                    }
-
-                    final StringBuilder urlBuf = new StringBuilder(1000);
-                    if (StringUtil.isBlank(loginPath)) {
-                        final String contextPath = req.getContextPath();
-                        if (contextPath != null) {
-                            urlBuf.append(contextPath);
-                        }
-                        urlBuf.append(DEFAULT_LOGIN_PATH);
-                    } else {
-                        urlBuf.append(res.encodeURL(loginPath));
-                    }
-                    urlBuf.append('?').append(returnPathName).append('=');
-                    urlBuf.append(URLEncoder.encode(cipher.encryptoText(buf.toString()), encoding));
-
-                    // redirect
-                    res.sendRedirect(urlBuf.toString());
-                }
-                return;
-            }
-        }
-
-        chain.doFilter(request, response);
-    }
-
-    protected UserInfo getUserInfo(final HttpServletRequest req) {
-        final Object obj = req.getSession().getAttribute(Constants.USER_INFO);
-        if (obj instanceof UserInfo) {
-            return (UserInfo) obj;
-        }
-        return null;
-    }
-
-    protected CachedCipher getCachedCipher() {
-        return SingletonLaContainer.getComponent(cipherName);
-    }
-
-    protected static class AuthHttpServletRequest extends HttpServletRequestWrapper {
-        protected UserInfo userInfo;
-
-        protected AuthHttpServletRequest(final HttpServletRequest request, final UserInfo userInfo) {
-            super(request);
-            this.userInfo = userInfo;
-        }
-
-        @Override
-        public String getRemoteUser() {
-            return userInfo.getUsername();
-        }
-
-        @Override
-        public boolean isUserInRole(final String role) {
-            return userInfo.isUserInRole(role);
-        }
-
-    }
-}

src/main/webapp/WEB-INF/web.xml

@@ -35,23 +35,6 @@
     </init-param>
   </filter>
 
-  <filter>
-    <filter-name>authenticationFilter</filter-name>
-    <filter-class>org.codelibs.fess.filter.AdminAuthFilter</filter-class>
-    <init-param>
-      <param-name>urlPatterns</param-name>
-      <param-value>/fess/admin.*</param-value>
-    </init-param>
-    <init-param>
-      <param-name>loginPath</param-name>
-      <param-value>/fess/login/</param-value>
-    </init-param>
-    <init-param>
-      <param-name>cipherName</param-name>
-      <param-value>authenticationCipher</param-value>
-    </init-param>
-  </filter>
-
   <filter>
     <filter-name>webApiFilter</filter-name>
     <filter-class>org.codelibs.fess.filter.WebApiFilter</filter-class>
@@ -153,13 +136,6 @@
     <dispatcher>INCLUDE</dispatcher>
   </filter-mapping>
 
-<!-- TODO
-  <filter-mapping>
-    <filter-name>authenticationFilter</filter-name>
-    <url-pattern>/*</url-pattern>
-  </filter-mapping>
- -->
-
   <filter-mapping>
     <filter-name>webApiFilter</filter-name>
     <url-pattern>/*</url-pattern>