Source code

001/*
002 * (C) Copyright 2006-2010 Nuxeo SA (http://nuxeo.com/) and contributors.
003 *
004 * All rights reserved. This program and the accompanying materials
005 * are made available under the terms of the GNU Lesser General Public License
006 * (LGPL) version 2.1 which accompanies this distribution, and is available at
007 * http://www.gnu.org/licenses/lgpl.html
008 *
009 * This library is distributed in the hope that it will be useful,
010 * but WITHOUT ANY WARRANTY; without even the implied warranty of
011 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
012 * Lesser General Public License for more details.
013 *
014 * Contributors:
015 *     Thierry Delprat
016 */
017package org.nuxeo.apidoc.filter;
018
019import java.io.IOException;
020import java.text.DateFormat;
021import java.text.SimpleDateFormat;
022import java.util.Date;
023import java.util.Locale;
024import java.util.TimeZone;
025
026import javax.servlet.FilterChain;
027import javax.servlet.ServletException;
028import javax.servlet.ServletRequest;
029import javax.servlet.ServletResponse;
030import javax.servlet.http.HttpServletRequest;
031import javax.servlet.http.HttpServletResponse;
032
033import org.nuxeo.ecm.platform.ui.web.auth.plugins.AnonymousAuthenticator;
034import org.nuxeo.runtime.api.Framework;
035
036public class CacheAndAuthFilter extends BaseApiDocFilter {
037
038    public static final DateFormat HTTP_EXPIRES_DATE_FORMAT = httpExpiresDateFormat();
039
040    protected Boolean forceAnonymous;
041
042    protected boolean forceAnonymous() {
043        if (forceAnonymous == null) {
044            forceAnonymous = Boolean.valueOf(Framework.isBooleanPropertyTrue("org.nuxeo.apidoc.forceanonymous"));
045        }
046        return forceAnonymous.booleanValue();
047    }
048
049    @Override
050    protected void internalDoFilter(ServletRequest request, ServletResponse response, FilterChain chain)
051            throws IOException, ServletException {
052
053        HttpServletRequest httpRequest = (HttpServletRequest) request;
054        HttpServletResponse httpResponse = (HttpServletResponse) response;
055
056        boolean activateCaching = false;
057        String anonymousHeader = httpRequest.getHeader("X-NUXEO-ANONYMOUS-ACCESS");
058        if ("true".equals(anonymousHeader) || forceAnonymous()) {
059            // activate cache
060            activateCaching = true;
061        } else {
062            // deactivate anonymous login
063            httpRequest.setAttribute(AnonymousAuthenticator.BLOCK_ANONYMOUS_LOGIN_KEY, Boolean.TRUE);
064        }
065
066        if (activateCaching) {
067            addCacheHeader(httpResponse, false, "600");
068        }
069
070        chain.doFilter(httpRequest, httpResponse);
071
072    }
073
074    private static DateFormat httpExpiresDateFormat() {
075        // formatted http Expires: Thu, 01 Dec 1994 16:00:00 GMT
076        DateFormat df = new SimpleDateFormat("EEE, dd MMM yyyy HH:mm:ss z", Locale.US);
077        df.setTimeZone(TimeZone.getTimeZone("GMT"));
078        return df;
079    }
080
081    public static void addCacheHeader(HttpServletResponse httpResponse, boolean isPrivate, String cacheTime) {
082        if (isPrivate) {
083            httpResponse.addHeader("Cache-Control", "private, max-age=" + cacheTime);
084        } else {
085            httpResponse.addHeader("Cache-Control", "public, max-age=" + cacheTime);
086        }
087
088        // Generating expires using current date and adding cache time.
089        // we are using the format Expires: Thu, 01 Dec 1994 16:00:00 GMT
090        Date date = new Date();
091        long newDate = date.getTime() + Long.parseLong(cacheTime) * 1000;
092        date.setTime(newDate);
093
094        httpResponse.setHeader("Expires", HTTP_EXPIRES_DATE_FORMAT.format(date));
095    }
096
097}