001/* 002 * (C) Copyright 2006-2010 Nuxeo SA (http://nuxeo.com/) and others. 003 * 004 * Licensed under the Apache License, Version 2.0 (the "License"); 005 * you may not use this file except in compliance with the License. 006 * You may obtain a copy of the License at 007 * 008 * http://www.apache.org/licenses/LICENSE-2.0 009 * 010 * Unless required by applicable law or agreed to in writing, software 011 * distributed under the License is distributed on an "AS IS" BASIS, 012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 013 * See the License for the specific language governing permissions and 014 * limitations under the License. 015 * 016 * Contributors: 017 * Thierry Delprat 018 */ 019package org.nuxeo.apidoc.filter; 020 021import java.io.IOException; 022import java.text.DateFormat; 023import java.text.SimpleDateFormat; 024import java.util.Date; 025import java.util.Locale; 026import java.util.TimeZone; 027 028import javax.servlet.FilterChain; 029import javax.servlet.ServletException; 030import javax.servlet.ServletRequest; 031import javax.servlet.ServletResponse; 032import javax.servlet.http.HttpServletRequest; 033import javax.servlet.http.HttpServletResponse; 034 035import org.nuxeo.ecm.platform.ui.web.auth.plugins.AnonymousAuthenticator; 036import org.nuxeo.runtime.api.Framework; 037 038public class CacheAndAuthFilter extends BaseApiDocFilter { 039 040 public static final DateFormat HTTP_EXPIRES_DATE_FORMAT = httpExpiresDateFormat(); 041 042 protected Boolean forceAnonymous; 043 044 protected boolean forceAnonymous() { 045 if (forceAnonymous == null) { 046 forceAnonymous = Boolean.valueOf(Framework.isBooleanPropertyTrue("org.nuxeo.apidoc.forceanonymous")); 047 } 048 return forceAnonymous.booleanValue(); 049 } 050 051 @Override 052 protected void internalDoFilter(ServletRequest request, ServletResponse response, FilterChain chain) 053 throws IOException, ServletException { 054 055 HttpServletRequest httpRequest = (HttpServletRequest) request; 056 HttpServletResponse httpResponse = (HttpServletResponse) response; 057 058 boolean activateCaching = false; 059 String anonymousHeader = httpRequest.getHeader("X-NUXEO-ANONYMOUS-ACCESS"); 060 if ("true".equals(anonymousHeader) || forceAnonymous()) { 061 // activate cache 062 activateCaching = true; 063 } else { 064 // deactivate anonymous login 065 httpRequest.setAttribute(AnonymousAuthenticator.BLOCK_ANONYMOUS_LOGIN_KEY, Boolean.TRUE); 066 } 067 068 if (activateCaching) { 069 addCacheHeader(httpResponse, false, "600"); 070 } 071 072 chain.doFilter(httpRequest, httpResponse); 073 074 } 075 076 private static DateFormat httpExpiresDateFormat() { 077 // formatted http Expires: Thu, 01 Dec 1994 16:00:00 GMT 078 DateFormat df = new SimpleDateFormat("EEE, dd MMM yyyy HH:mm:ss z", Locale.US); 079 df.setTimeZone(TimeZone.getTimeZone("GMT")); 080 return df; 081 } 082 083 public static void addCacheHeader(HttpServletResponse httpResponse, boolean isPrivate, String cacheTime) { 084 if (isPrivate) { 085 httpResponse.addHeader("Cache-Control", "private, max-age=" + cacheTime); 086 } else { 087 httpResponse.addHeader("Cache-Control", "public, max-age=" + cacheTime); 088 } 089 090 // Generating expires using current date and adding cache time. 091 // we are using the format Expires: Thu, 01 Dec 1994 16:00:00 GMT 092 Date date = new Date(); 093 long newDate = date.getTime() + Long.parseLong(cacheTime) * 1000; 094 date.setTime(newDate); 095 096 httpResponse.setHeader("Expires", HTTP_EXPIRES_DATE_FORMAT.format(date)); 097 } 098 099}