Source code

001/*
002 * (C) Copyright 2006-2010 Nuxeo SA (http://nuxeo.com/) and others.
003 *
004 * Licensed under the Apache License, Version 2.0 (the "License");
005 * you may not use this file except in compliance with the License.
006 * You may obtain a copy of the License at
007 *
008 *     http://www.apache.org/licenses/LICENSE-2.0
009 *
010 * Unless required by applicable law or agreed to in writing, software
011 * distributed under the License is distributed on an "AS IS" BASIS,
012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 * See the License for the specific language governing permissions and
014 * limitations under the License.
015 *
016 * Contributors:
017 *     Thierry Delprat
018 */
019package org.nuxeo.apidoc.filter;
020
021import java.io.IOException;
022import java.util.Date;
023import java.util.Locale;
024import java.util.TimeZone;
025
026import javax.servlet.FilterChain;
027import javax.servlet.ServletException;
028import javax.servlet.ServletRequest;
029import javax.servlet.ServletResponse;
030import javax.servlet.http.HttpServletRequest;
031import javax.servlet.http.HttpServletResponse;
032
033import org.apache.commons.lang3.time.FastDateFormat;
034import org.nuxeo.ecm.platform.ui.web.auth.plugins.AnonymousAuthenticator;
035import org.nuxeo.runtime.api.Framework;
036
037public class CacheAndAuthFilter extends BaseApiDocFilter {
038
039    // formatted http Expires: Thu, 01 Dec 1994 16:00:00 GMT
040    public static final FastDateFormat HTTP_EXPIRES_DATE_FORMAT = FastDateFormat.getInstance(
041            "EEE, dd MMM yyyy HH:mm:ss z", TimeZone.getTimeZone("GMT"), Locale.US);
042
043    protected Boolean forceAnonymous;
044
045    protected boolean forceAnonymous() {
046        if (forceAnonymous == null) {
047            forceAnonymous = Boolean.valueOf(Framework.isBooleanPropertyTrue("org.nuxeo.apidoc.forceanonymous"));
048        }
049        return forceAnonymous.booleanValue();
050    }
051
052    @Override
053    protected void internalDoFilter(ServletRequest request, ServletResponse response, FilterChain chain)
054            throws IOException, ServletException {
055
056        HttpServletRequest httpRequest = (HttpServletRequest) request;
057        HttpServletResponse httpResponse = (HttpServletResponse) response;
058
059        boolean activateCaching = false;
060        String anonymousHeader = httpRequest.getHeader("X-NUXEO-ANONYMOUS-ACCESS");
061        if ("true".equals(anonymousHeader) || forceAnonymous()) {
062            // activate cache
063            activateCaching = true;
064        } else {
065            // deactivate anonymous login
066            httpRequest.setAttribute(AnonymousAuthenticator.BLOCK_ANONYMOUS_LOGIN_KEY, Boolean.TRUE);
067        }
068
069        if (activateCaching) {
070            addCacheHeader(httpResponse, false, "600");
071        }
072
073        chain.doFilter(httpRequest, httpResponse);
074
075    }
076
077    public static void addCacheHeader(HttpServletResponse httpResponse, boolean isPrivate, String cacheTime) {
078        if (isPrivate) {
079            httpResponse.addHeader("Cache-Control", "private, max-age=" + cacheTime);
080        } else {
081            httpResponse.addHeader("Cache-Control", "public, max-age=" + cacheTime);
082        }
083
084        // Generating expires using current date and adding cache time.
085        // we are using the format Expires: Thu, 01 Dec 1994 16:00:00 GMT
086        Date date = new Date();
087        long newDate = date.getTime() + Long.parseLong(cacheTime) * 1000;
088        date.setTime(newDate);
089
090        httpResponse.setHeader("Expires", HTTP_EXPIRES_DATE_FORMAT.format(date));
091    }
092
093}