001/* 002 * (C) Copyright 2006-2010 Nuxeo SA (http://nuxeo.com/) and contributors. 003 * 004 * All rights reserved. This program and the accompanying materials 005 * are made available under the terms of the GNU Lesser General Public License 006 * (LGPL) version 2.1 which accompanies this distribution, and is available at 007 * http://www.gnu.org/licenses/lgpl.html 008 * 009 * This library is distributed in the hope that it will be useful, 010 * but WITHOUT ANY WARRANTY; without even the implied warranty of 011 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 012 * Lesser General Public License for more details. 013 * 014 * Contributors: 015 * Thierry Delprat 016 */ 017package org.nuxeo.apidoc.filter; 018 019import java.io.IOException; 020import java.text.DateFormat; 021import java.text.SimpleDateFormat; 022import java.util.Date; 023import java.util.Locale; 024import java.util.TimeZone; 025 026import javax.servlet.FilterChain; 027import javax.servlet.ServletException; 028import javax.servlet.ServletRequest; 029import javax.servlet.ServletResponse; 030import javax.servlet.http.HttpServletRequest; 031import javax.servlet.http.HttpServletResponse; 032 033import org.nuxeo.ecm.platform.ui.web.auth.plugins.AnonymousAuthenticator; 034import org.nuxeo.runtime.api.Framework; 035 036public class CacheAndAuthFilter extends BaseApiDocFilter { 037 038 public static final DateFormat HTTP_EXPIRES_DATE_FORMAT = httpExpiresDateFormat(); 039 040 protected Boolean forceAnonymous; 041 042 protected boolean forceAnonymous() { 043 if (forceAnonymous == null) { 044 forceAnonymous = Boolean.valueOf(Framework.isBooleanPropertyTrue("org.nuxeo.apidoc.forceanonymous")); 045 } 046 return forceAnonymous.booleanValue(); 047 } 048 049 @Override 050 protected void internalDoFilter(ServletRequest request, ServletResponse response, FilterChain chain) 051 throws IOException, ServletException { 052 053 HttpServletRequest httpRequest = (HttpServletRequest) request; 054 HttpServletResponse httpResponse = (HttpServletResponse) response; 055 056 boolean activateCaching = false; 057 String anonymousHeader = httpRequest.getHeader("X-NUXEO-ANONYMOUS-ACCESS"); 058 if ("true".equals(anonymousHeader) || forceAnonymous()) { 059 // activate cache 060 activateCaching = true; 061 } else { 062 // deactivate anonymous login 063 httpRequest.setAttribute(AnonymousAuthenticator.BLOCK_ANONYMOUS_LOGIN_KEY, Boolean.TRUE); 064 } 065 066 if (activateCaching) { 067 addCacheHeader(httpResponse, false, "600"); 068 } 069 070 chain.doFilter(httpRequest, httpResponse); 071 072 } 073 074 private static DateFormat httpExpiresDateFormat() { 075 // formatted http Expires: Thu, 01 Dec 1994 16:00:00 GMT 076 DateFormat df = new SimpleDateFormat("EEE, dd MMM yyyy HH:mm:ss z", Locale.US); 077 df.setTimeZone(TimeZone.getTimeZone("GMT")); 078 return df; 079 } 080 081 public static void addCacheHeader(HttpServletResponse httpResponse, boolean isPrivate, String cacheTime) { 082 if (isPrivate) { 083 httpResponse.addHeader("Cache-Control", "private, max-age=" + cacheTime); 084 } else { 085 httpResponse.addHeader("Cache-Control", "public, max-age=" + cacheTime); 086 } 087 088 // Generating expires using current date and adding cache time. 089 // we are using the format Expires: Thu, 01 Dec 1994 16:00:00 GMT 090 Date date = new Date(); 091 long newDate = date.getTime() + Long.parseLong(cacheTime) * 1000; 092 date.setTime(newDate); 093 094 httpResponse.setHeader("Expires", HTTP_EXPIRES_DATE_FORMAT.format(date)); 095 } 096 097}