+ }
+
+ /**
+ * Containers call "destroy" when time to cleanup
+ */
+ public void destroy() {
+ // Synchronize, in case multiCadiFilters are used.
+ synchronized(CadiHTTPManip.noAdditional) {
+ if (--count<=0 && httpChecker!=null) {
+ httpChecker.destroy();
+ httpChecker=null;
+ access=null;
+ pathExceptions=null;
+ }
+ }
+ }
+
+ /**
+ * doFilter
+ *
+ * This is the standard J2EE invocation. Analyze the request, modify response as necessary, and
+ * only call the next item in the filterChain if request is suitably Authenticated.
+ */
+ //TODO Always validate changes against Tomcat AbsCadiValve and Jaspi CadiSAM functions
+ public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
+ final long startAll = System.nanoTime();
+ long startCode, startValidate;
+ float code=0f, validate=0f;
+ String user = "n/a";
+ String tag = "";
+ TafResp tresp = null;
+ try {
+ HttpServletRequest hreq = (HttpServletRequest)request;
+ if (noAuthn(hreq)) {
+ startCode=System.nanoTime();
+ chain.doFilter(request, response);
+ code = Timing.millis(startCode);
+ } else {
+ HttpServletResponse hresp = (HttpServletResponse)response;
+ startValidate=System.nanoTime();
+ tresp = httpChecker.validate(hreq, hresp, hreq);
+ validate = Timing.millis(startValidate);
+ if (tresp.isAuthenticated()==RESP.IS_AUTHENTICATED) {
+ user = tresp.getPrincipal().personalName();
+ tag = tresp.getPrincipal().tag();
+ CadiWrap cw = new CadiWrap(hreq, tresp, httpChecker.getLur(),getConverter(hreq));
+ if (httpChecker.notCadi(cw, hresp)) {
+ startCode=System.nanoTime();
+ sideChain.doFilter(cw,response,chain);
+ code = Timing.millis(startCode);
+ }
+ }
+ }
+ } catch (ClassCastException e) {
+ throw new ServletException("CadiFilter expects Servlet to be an HTTP Servlet",e);
+ } finally {
+ if (tresp != null) {
+ access.printf(Level.INFO, "Trans: user=%s[%s],ip=%s,ms=%f,validate=%f,code=%f,result=%s",
+ user,tag,request.getRemoteAddr(),
+ Timing.millis(startAll),validate,code,tresp.isAuthenticated().toString());
+ } else {
+ access.printf(Level.INFO, "Trans: user=%s[%s],ip=%s,ms=%f,validate=%f,code=%f,result=FAIL",
+ user,tag,request.getRemoteAddr(),
+ Timing.millis(startAll),validate,code);
+ }
+ }
+ }