Package de.businesscode.bcdui.subjectsettings

Class AuthenticationFilter

java.lang.Object
org.apache.shiro.web.servlet.ServletContextSupport
org.apache.shiro.web.servlet.AbstractFilter
org.apache.shiro.web.servlet.NameableFilter
org.apache.shiro.web.servlet.OncePerRequestFilter
org.apache.shiro.web.servlet.AdviceFilter
org.apache.shiro.web.filter.PathMatchingFilter
org.apache.shiro.web.filter.AccessControlFilter
org.apache.shiro.web.filter.authc.AuthenticationFilter
org.apache.shiro.web.filter.authc.AuthenticatingFilter
org.apache.shiro.web.filter.authc.FormAuthenticationFilter
de.businesscode.bcdui.subjectsettings.AuthenticationFilter
All Implemented Interfaces:
jakarta.servlet.Filter, org.apache.shiro.lang.util.Nameable, org.apache.shiro.web.filter.PathConfigProcessor
public class AuthenticationFilter extends org.apache.shiro.web.filter.authc.FormAuthenticationFilter

extending Shiro's FormAuthenticationFilter to add additional authentication scheme.

uses ExternalAuthenticationToken which shall be supported by any of registered realm, the default JdbcRealm supports such token. To enable SPNEGO you have also to attach de.businesscode.bcdui.security.SpnegoValve to your context, i.e in context.xml: 

 <Context className="de.businesscode.bcdui.security.SpnegoValve">
the implementation is provided by bcd-spnego.jar library located in externallib folder of BCD-UI, that library has to be available to tomcat's common classloader, i.e. in TOMCAT_HOME/lib

Usage: override the default 'authc' filter by setting to this class in [main] section of Shiro configuration: 

 [main]
 authc = de.businesscode.bcdui.subjectsettings.AuthenticationFilter
 realm = de.businesscode.bcdui.subjectsettings.JdbcRealm
 ...

  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    static final String
    X_BCD_LOCATION_HEADER
     

    Fields inherited from class org.apache.shiro.web.filter.authc.FormAuthenticationFilter

    DEFAULT_ERROR_KEY_ATTRIBUTE_NAME, DEFAULT_PASSWORD_PARAM, DEFAULT_REMEMBER_ME_PARAM, DEFAULT_USERNAME_PARAM

    Fields inherited from class org.apache.shiro.web.filter.authc.AuthenticatingFilter

    PERMISSIVE

    Fields inherited from class org.apache.shiro.web.filter.authc.AuthenticationFilter

    DEFAULT_SUCCESS_URL

    Fields inherited from class org.apache.shiro.web.filter.AccessControlFilter

    DEFAULT_LOGIN_URL, GET_METHOD, POST_METHOD

    Fields inherited from class org.apache.shiro.web.filter.PathMatchingFilter

    appliedPaths, pathMatcher

    Fields inherited from class org.apache.shiro.web.servlet.OncePerRequestFilter

    ALREADY_FILTERED_SUFFIX

    Fields inherited from class org.apache.shiro.web.servlet.AbstractFilter

    filterConfig

  • Constructor Summary

    Constructors
    Constructor
    Description
    AuthenticationFilter()
     

  • Method Summary

    Modifier and Type
    Method
    Description
    void
    doFilterInternal(jakarta.servlet.ServletRequest request, jakarta.servlet.ServletResponse response, jakarta.servlet.FilterChain chain)
    handle explicit SPNEGO preauthentication
    protected void
    issueSuccessRedirect(jakarta.servlet.ServletRequest request, jakarta.servlet.ServletResponse response)
    implement response flow upon successful authentication, instead of responding http 301 we return the "X-BCD.Location" header to be evaluated by the login script.
    protected void
    redirectToLogin(jakarta.servlet.ServletRequest request, jakarta.servlet.ServletResponse response)
    Here we redirect to login.html We save the originally requested URL here in the session as obviously it's the last chance in the login flow to do so

    Methods inherited from class org.apache.shiro.web.filter.authc.FormAuthenticationFilter

    createToken, getFailureKeyAttribute, getPassword, getPasswordParam, getRememberMeParam, getUsername, getUsernameParam, isLoginSubmission, isRememberMe, onAccessDenied, onLoginFailure, onLoginSuccess, setFailureAttribute, setFailureKeyAttribute, setLoginUrl, setPasswordParam, setRememberMeParam, setUsernameParam

    Methods inherited from class org.apache.shiro.web.filter.authc.AuthenticatingFilter

    cleanup, createToken, createToken, executeLogin, getHost, isAccessAllowed, isPermissive

    Methods inherited from class org.apache.shiro.web.filter.authc.AuthenticationFilter

    getSuccessUrl, setSuccessUrl

    Methods inherited from class org.apache.shiro.web.filter.AccessControlFilter

    getLoginUrl, getSubject, isLoginRequest, onAccessDenied, onPreHandle, saveRequest, saveRequestAndRedirectToLogin

    Methods inherited from class org.apache.shiro.web.filter.PathMatchingFilter

    getPathWithinApplication, isEnabled, pathsMatch, pathsMatch, preHandle, processPathConfig

    Methods inherited from class org.apache.shiro.web.servlet.AdviceFilter

    afterCompletion, executeChain, postHandle

    Methods inherited from class org.apache.shiro.web.servlet.OncePerRequestFilter

    doFilter, getAlreadyFilteredAttributeName, isEnabled, isEnabled, isFilterOncePerRequest, setEnabled, setFilterOncePerRequest, shouldNotFilter

    Methods inherited from class org.apache.shiro.web.servlet.NameableFilter

    getName, setName, toStringBuilder

    Methods inherited from class org.apache.shiro.web.servlet.AbstractFilter

    destroy, getFilterConfig, getInitParam, init, onFilterConfigSet, setFilterConfig

    Methods inherited from class org.apache.shiro.web.servlet.ServletContextSupport

    getContextAttribute, getContextInitParam, getServletContext, removeContextAttribute, setContextAttribute, setServletContext, toString

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

  • Field Details

  • Constructor Details

    • AuthenticationFilter

      public AuthenticationFilter()

  • Method Details

    • doFilterInternal

      public void doFilterInternal(jakarta.servlet.ServletRequest request, jakarta.servlet.ServletResponse response, jakarta.servlet.FilterChain chain) throws jakarta.servlet.ServletException, IOException
      handle explicit SPNEGO preauthentication
      Overrides:
      doFilterInternal in class org.apache.shiro.web.servlet.AdviceFilter
      Throws:
      jakarta.servlet.ServletException
      IOException

    • issueSuccessRedirect

      protected void issueSuccessRedirect(jakarta.servlet.ServletRequest request, jakarta.servlet.ServletResponse response) throws Exception
      implement response flow upon successful authentication, instead of responding http 301 we return the "X-BCD.Location" header to be evaluated by the login script.
      Overrides:
      issueSuccessRedirect in class org.apache.shiro.web.filter.authc.AuthenticationFilter
      Throws:
      Exception

    • redirectToLogin

      protected void redirectToLogin(jakarta.servlet.ServletRequest request, jakarta.servlet.ServletResponse response) throws IOException
      Here we redirect to login.html We save the originally requested URL here in the session as obviously it's the last chance in the login flow to do so
      Overrides:
      redirectToLogin in class org.apache.shiro.web.filter.AccessControlFilter
      Throws:
      IOException