com.atlassian.crowd.integration.http.filter

Class CrowdSecurityFilter

java.lang.Object

com.atlassian.crowd.integration.http.filter.CrowdSecurityFilter

All Implemented Interfaces:

javax.servlet.Filter

public class CrowdSecurityFilter
extends Object
implements javax.servlet.Filter

This filter manages protecting a web.xml url-pattern. If the requesting user does not have a valid token, they will be redirected to the authentication path specified in the crowd.properties configuration file. Additional values are stored to the user's session such as their originally requested URL should their authentication be found invalid.

Field Summary

Fields

Modifier and Type	Field and Description
static String	ORIGINAL_URL The session key stored as a String, is the requested secure url before redirect to the authentication page.

Constructor Summary

Constructors

Constructor and Description
CrowdSecurityFilter(CrowdHttpAuthenticator httpAuthenticator, AuthenticationUrlProvider authenticationUrlProvider)
CrowdSecurityFilter(CrowdHttpAuthenticator httpAuthenticator, ClientProperties clientProperties) Constructs a CrowdSecurityFilter.

Method Summary

Modifier and Type	Method and Description
protected String	authenticationUrl(javax.servlet.http.HttpServletRequest request) Override this to alter the destination of the redirect to the authentication page.
void	destroy() Shuts down the filter.
void	doFilter(javax.servlet.ServletRequest servletRequest, javax.servlet.ServletResponse servletResponse, javax.servlet.FilterChain filterChain) Executes the filter.
void	init(javax.servlet.FilterConfig filterConfig) Configures the filter.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

ORIGINAL_URL

public static final String ORIGINAL_URL

The session key stored as a String, is the requested secure url before redirect to the authentication page.

See Also:

Constant Field Values

Constructor Detail

CrowdSecurityFilter

public CrowdSecurityFilter(CrowdHttpAuthenticator httpAuthenticator,
                           ClientProperties clientProperties)

Constructs a CrowdSecurityFilter.

Parameters:

httpAuthenticator - CrowdHttpAuthenticator

clientProperties - ClientProperties

CrowdSecurityFilter

public CrowdSecurityFilter(CrowdHttpAuthenticator httpAuthenticator,
                           AuthenticationUrlProvider authenticationUrlProvider)

Method Detail

init

public void init(javax.servlet.FilterConfig filterConfig)
          throws javax.servlet.ServletException

Configures the filter.

Specified by:

init in interface javax.servlet.Filter

Parameters:

filterConfig - the FilterConfig to use.

Throws:

javax.servlet.ServletException - Filter related problems.

destroy

public void destroy()

Shuts down the filter.

Specified by:

destroy in interface javax.servlet.Filter

doFilter

public void doFilter(javax.servlet.ServletRequest servletRequest,
                     javax.servlet.ServletResponse servletResponse,
                     javax.servlet.FilterChain filterChain)
              throws IOException,
                     javax.servlet.ServletException

Executes the filter.

Specified by:

doFilter in interface javax.servlet.Filter

Parameters:

servletRequest - the ServletRequest to use.

servletResponse - the ServletResponse to use.

filterChain - the FilterChain to use.

Throws:

IOException - I/O related problems.

javax.servlet.ServletException - Servlet related problems.

authenticationUrl

protected String authenticationUrl(javax.servlet.http.HttpServletRequest request)

Override this to alter the destination of the redirect to the authentication page. The HTTP request is provided so as to allow access to the session.

Parameters:

request - the HTTP request.

Returns:

the destination URL.

See Also:

HttpServletResponse.sendRedirect(String)