001/*
002 * (C) Copyright 2006-2010 Nuxeo SA (http://nuxeo.com/) and others.
003 *
004 * Licensed under the Apache License, Version 2.0 (the "License");
005 * you may not use this file except in compliance with the License.
006 * You may obtain a copy of the License at
007 *
008 *     http://www.apache.org/licenses/LICENSE-2.0
009 *
010 * Unless required by applicable law or agreed to in writing, software
011 * distributed under the License is distributed on an "AS IS" BASIS,
012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 * See the License for the specific language governing permissions and
014 * limitations under the License.
015 *
016 * Contributors:
017 *     Thierry Delprat
018 */
019package org.nuxeo.apidoc.filter;
020
021import java.io.IOException;
022import java.text.DateFormat;
023import java.text.SimpleDateFormat;
024import java.util.Date;
025import java.util.Locale;
026import java.util.TimeZone;
027
028import javax.servlet.FilterChain;
029import javax.servlet.ServletException;
030import javax.servlet.ServletRequest;
031import javax.servlet.ServletResponse;
032import javax.servlet.http.HttpServletRequest;
033import javax.servlet.http.HttpServletResponse;
034
035import org.nuxeo.ecm.platform.ui.web.auth.plugins.AnonymousAuthenticator;
036import org.nuxeo.runtime.api.Framework;
037
038public class CacheAndAuthFilter extends BaseApiDocFilter {
039
040    public static final DateFormat HTTP_EXPIRES_DATE_FORMAT = httpExpiresDateFormat();
041
042    protected Boolean forceAnonymous;
043
044    protected boolean forceAnonymous() {
045        if (forceAnonymous == null) {
046            forceAnonymous = Boolean.valueOf(Framework.isBooleanPropertyTrue("org.nuxeo.apidoc.forceanonymous"));
047        }
048        return forceAnonymous.booleanValue();
049    }
050
051    @Override
052    protected void internalDoFilter(ServletRequest request, ServletResponse response, FilterChain chain)
053            throws IOException, ServletException {
054
055        HttpServletRequest httpRequest = (HttpServletRequest) request;
056        HttpServletResponse httpResponse = (HttpServletResponse) response;
057
058        boolean activateCaching = false;
059        String anonymousHeader = httpRequest.getHeader("X-NUXEO-ANONYMOUS-ACCESS");
060        if ("true".equals(anonymousHeader) || forceAnonymous()) {
061            // activate cache
062            activateCaching = true;
063        } else {
064            // deactivate anonymous login
065            httpRequest.setAttribute(AnonymousAuthenticator.BLOCK_ANONYMOUS_LOGIN_KEY, Boolean.TRUE);
066        }
067
068        if (activateCaching) {
069            addCacheHeader(httpResponse, false, "600");
070        }
071
072        chain.doFilter(httpRequest, httpResponse);
073
074    }
075
076    private static DateFormat httpExpiresDateFormat() {
077        // formatted http Expires: Thu, 01 Dec 1994 16:00:00 GMT
078        DateFormat df = new SimpleDateFormat("EEE, dd MMM yyyy HH:mm:ss z", Locale.US);
079        df.setTimeZone(TimeZone.getTimeZone("GMT"));
080        return df;
081    }
082
083    public static void addCacheHeader(HttpServletResponse httpResponse, boolean isPrivate, String cacheTime) {
084        if (isPrivate) {
085            httpResponse.addHeader("Cache-Control", "private, max-age=" + cacheTime);
086        } else {
087            httpResponse.addHeader("Cache-Control", "public, max-age=" + cacheTime);
088        }
089
090        // Generating expires using current date and adding cache time.
091        // we are using the format Expires: Thu, 01 Dec 1994 16:00:00 GMT
092        Date date = new Date();
093        long newDate = date.getTime() + Long.parseLong(cacheTime) * 1000;
094        date.setTime(newDate);
095
096        httpResponse.setHeader("Expires", HTTP_EXPIRES_DATE_FORMAT.format(date));
097    }
098
099}