public abstract class BaseSSOAuthenticationFilter extends BaseAuthenticationFilter implements DependencyInjectedFilter, AuthenticationDriver, ActivateableBean, org.springframework.beans.factory.InitializingBean
Modifier and Type | Field and Description |
---|---|
protected String |
loginPageLink |
protected static String |
MIME_HTML_TEXT |
ARG_TICKET, AUTHENTICATION_USER, authenticationComponent, authenticationListener, authenticationService, NO_AUTH_REQUIRED, nodeService, personService, remoteUserMapper, transactionService
AUTHENTICATION_USER
Constructor and Description |
---|
BaseSSOAuthenticationFilter() |
Modifier and Type | Method and Description |
---|---|
void |
afterPropertiesSet() |
protected boolean |
allowsTicketLogons()
Check if ticket based logons are allowed
|
protected boolean |
checkForTicketParameter(ServletContext servletContext,
HttpServletRequest req,
HttpServletResponse resp)
Check if the request has specified a ticket parameter to bypass the standard authentication.
|
void |
doFilter(ServletContext context,
ServletRequest request,
ServletResponse response,
FilterChain chain)
The
doFilter method of the Filter is called by the container each time a request/response pair is
passed through the chain due to a client request for a resource at the end of the chain. |
protected String |
getLoginPage()
Return the login page address
|
String |
getLoginPageLink() |
protected org.alfresco.jlan.server.config.SecurityConfigSection |
getSecurityConfigSection() |
protected String |
getServerName()
Because the file server configuration may change during the lifetime of this filter, this method checks against
the last configured server name before returning a cached result
|
protected boolean |
hasLoginPage()
Determine if the login page is available
|
protected void |
includeFallbackAuth(ServletContext context,
HttpServletRequest req,
HttpServletResponse resp)
Include into response authentication method that is supported by fallback mechanism
|
protected void |
init()
Initializes the filter.
|
boolean |
isActive()
Determines whether this bean is active.
|
boolean |
isFallbackEnabled() |
protected boolean |
isNTLMSSPBlob(byte[] byts,
int offset)
Check if a security blob starts with the NTLMSSP signature
|
protected String |
mapClientAddressToDomain(String clientIP)
Map a client IP address to a domain
|
protected boolean |
onLoginComplete(ServletContext sc,
HttpServletRequest req,
HttpServletResponse res,
boolean userInit)
Callback executed on completion of NTLM login
|
protected void |
onValidate(ServletContext sc,
HttpServletRequest req,
HttpServletResponse res,
WebCredentials credentials)
Callback executed on successful ticket validation during Type3 Message processing.
|
protected void |
onValidateFailed(ServletContext sc,
HttpServletRequest req,
HttpServletResponse res,
HttpSession session,
WebCredentials credentials)
Callback executed on failed authentication of a user ticket during Type3 Message processing
|
protected boolean |
performFallbackAuthentication(ServletContext context,
HttpServletRequest req,
HttpServletResponse resp)
Delegate authentication to the fallback mechanism
|
protected void |
redirectToLoginPage(HttpServletRequest req,
HttpServletResponse res)
Redirect to the login page
|
void |
setActive(boolean active)
Activates or deactivates the bean
|
void |
setFallback(AuthenticationDriver delegate)
Sets the fallback authentication support for this filter
|
void |
setFallbackEnabled(boolean fallbackEnabled)
Activates or deactivates the fallback authentication support for this filter
|
protected void |
setLoginPage(String loginPage)
Set the login page address
|
void |
setLoginPageLink(String loginPageLink) |
void |
setServerConfiguration(ExtendedServerConfigurationAccessor serverConfiguration) |
void |
setTicketLogons(boolean ticketsAllowed)
Set the ticket based logons allowed flag
|
protected void |
writeLoginPageLink(ServletContext context,
HttpServletRequest req,
HttpServletResponse resp)
Writes link to login page and refresh tag which cause user
to be redirected to the login page.
|
createUserEnvironment, createUserEnvironment, createUserObject, doInSystemTransaction, getLogger, getSessionUser, getUserAttributeName, handleLoginForm, invalidateSession, setAuthenticationComponent, setAuthenticationListener, setAuthenticationService, setNodeService, setPersonService, setRemoteUserMapper, setTransactionService, setUserAttributeName
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
authenticateRequest, restartLoginChallenge
protected static final String MIME_HTML_TEXT
protected String loginPageLink
public String getLoginPageLink()
public void setLoginPageLink(String loginPageLink)
public void setServerConfiguration(ExtendedServerConfigurationAccessor serverConfiguration)
serverConfiguration
- the serverConfiguration to setpublic final void setActive(boolean active)
active
- true
if the bean is active and initialization should completepublic final boolean isActive()
ActivateableBean
isActive
in interface ActivateableBean
true
if this bean is activepublic final void setFallback(AuthenticationDriver delegate)
delegate
- AuthenticationDriverpublic final void setFallbackEnabled(boolean fallbackEnabled)
fallbackEnabled
- public final boolean isFallbackEnabled()
true
if fallback authentication enabledpublic final void afterPropertiesSet() throws ServletException
afterPropertiesSet
in interface org.springframework.beans.factory.InitializingBean
ServletException
public void doFilter(ServletContext context, ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException
DependencyInjectedFilter
doFilter
method of the Filter is called by the container each time a request/response pair is
passed through the chain due to a client request for a resource at the end of the chain. The FilterChain passed
in to this method allows the Filter to pass on the request and response to the next entity in the chain.
A typical implementation of this method would follow the following pattern:-
1. Examine the request
2. Optionally wrap the request object with a custom implementation to filter content or headers for input
filtering
3. Optionally wrap the response object with a custom implementation to filter content or headers for output
filtering
4. a) Either invoke the next entity in the chain using the FilterChain object (
chain.doFilter()
),
4. b) or not pass on the request/response pair to the next entity in the filter chain to block
the request processing
5. Directly set headers on the response after invocation of the next entity in the filter chain.
doFilter
in interface DependencyInjectedFilter
IOException
ServletException
protected void init() throws ServletException
isActive()
. Subclasses
should override.ServletException
protected void onValidate(ServletContext sc, HttpServletRequest req, HttpServletResponse res, WebCredentials credentials)
sc
- the servlet contextreq
- the requestres
- the responseprotected void onValidateFailed(ServletContext sc, HttpServletRequest req, HttpServletResponse res, HttpSession session, WebCredentials credentials) throws IOException
sc
- the servlet contextreq
- HttpServletRequestres
- HttpServletResponsesession
- HttpSessionIOException
protected boolean onLoginComplete(ServletContext sc, HttpServletRequest req, HttpServletResponse res, boolean userInit) throws IOException
req
- HttpServletRequestres
- HttpServletResponseIOException
protected final String mapClientAddressToDomain(String clientIP)
clientIP
- Stringprotected boolean checkForTicketParameter(ServletContext servletContext, HttpServletRequest req, HttpServletResponse resp)
servletContext
- the servlet contextreq
- the requestresp
- the responseprotected void redirectToLoginPage(HttpServletRequest req, HttpServletResponse res) throws IOException
req
- HttpServletRequestres
- HttpServletResponseIOException
protected final boolean hasLoginPage()
protected final String getLoginPage()
protected final void setLoginPage(String loginPage)
loginPage
- Stringprotected final boolean allowsTicketLogons()
public final void setTicketLogons(boolean ticketsAllowed)
ticketsAllowed
- booleanprotected final boolean isNTLMSSPBlob(byte[] byts, int offset)
byts
- byte[]offset
- intprotected String getServerName()
protected org.alfresco.jlan.server.config.SecurityConfigSection getSecurityConfigSection()
protected void writeLoginPageLink(ServletContext context, HttpServletRequest req, HttpServletResponse resp) throws IOException
context
- ServletContextreq
- HttpServletRequestresp
- HttpServletResponseIOException
protected void includeFallbackAuth(ServletContext context, HttpServletRequest req, HttpServletResponse resp) throws IOException
context
- ServletContextreq
- HttpServletRequestresp
- HttpServletResponseIOException
protected boolean performFallbackAuthentication(ServletContext context, HttpServletRequest req, HttpServletResponse resp) throws IOException, ServletException
context
- ServletContextreq
- HttpServletRequestresp
- HttpServletResponseIOException
ServletException
Copyright © 2005–2017 Alfresco Software. All rights reserved.