Package de.businesscode.bcdui.subjectsettings

Class AuthenticationFilter

  • All Implemented Interfaces:
    javax.servlet.Filter, org.apache.shiro.util.Nameable, org.apache.shiro.web.filter.PathConfigProcessor
    public class AuthenticationFilter
extends org.apache.shiro.web.filter.authc.FormAuthenticationFilter

    extending Shiro's FormAuthenticationFilter to add additional authentication scheme.

    uses ExternalAuthenticationToken which shall be supported by any of registered realm, the default JdbcRealm supports such token. To enable SPNEGO you have also to attach de.businesscode.bcdui.security.SpnegoValve to your context, i.e in context.xml: 

     <Context className="de.businesscode.bcdui.security.SpnegoValve">
    the implementation is provided by bcd-spnego.jar library located in externallib folder of BCD-UI, that library has to be available to tomcat's common classloader, i.e. in TOMCAT_HOME/lib

    Usage: override the default 'authc' filter by setting to this class in [main] section of Shiro configuration: 

     [main]
 authc = de.businesscode.bcdui.subjectsettings.AuthenticationFilter
 realm = de.businesscode.bcdui.subjectsettings.JdbcRealm
 ...

    • Field Summary

      • Fields inherited from class org.apache.shiro.web.filter.authc.FormAuthenticationFilter

        DEFAULT_ERROR_KEY_ATTRIBUTE_NAME, DEFAULT_PASSWORD_PARAM, DEFAULT_REMEMBER_ME_PARAM, DEFAULT_USERNAME_PARAM

      • Fields inherited from class org.apache.shiro.web.filter.authc.AuthenticatingFilter

        PERMISSIVE

      • Fields inherited from class org.apache.shiro.web.filter.authc.AuthenticationFilter

        DEFAULT_SUCCESS_URL

      • Fields inherited from class org.apache.shiro.web.filter.AccessControlFilter

        DEFAULT_LOGIN_URL, GET_METHOD, POST_METHOD

      • Fields inherited from class org.apache.shiro.web.filter.PathMatchingFilter

        appliedPaths, pathMatcher

      • Fields inherited from class org.apache.shiro.web.servlet.OncePerRequestFilter

        ALREADY_FILTERED_SUFFIX

      • Fields inherited from class org.apache.shiro.web.servlet.AbstractFilter

        filterConfig

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      void doFilterInternal​(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain)  

      • Methods inherited from class org.apache.shiro.web.filter.authc.FormAuthenticationFilter

        createToken, getFailureKeyAttribute, getPassword, getPasswordParam, getRememberMeParam, getUsername, getUsernameParam, isLoginSubmission, isRememberMe, onAccessDenied, onLoginFailure, onLoginSuccess, setFailureAttribute, setFailureKeyAttribute, setLoginUrl, setPasswordParam, setRememberMeParam, setUsernameParam

      • Methods inherited from class org.apache.shiro.web.filter.authc.AuthenticatingFilter

        cleanup, createToken, createToken, executeLogin, getHost, isAccessAllowed, isPermissive

      • Methods inherited from class org.apache.shiro.web.filter.authc.AuthenticationFilter

        getSuccessUrl, issueSuccessRedirect, setSuccessUrl

      • Methods inherited from class org.apache.shiro.web.filter.AccessControlFilter

        getLoginUrl, getSubject, isLoginRequest, onAccessDenied, onPreHandle, redirectToLogin, saveRequest, saveRequestAndRedirectToLogin

      • Methods inherited from class org.apache.shiro.web.filter.PathMatchingFilter

        getPathWithinApplication, isEnabled, pathsMatch, pathsMatch, preHandle, processPathConfig

      • Methods inherited from class org.apache.shiro.web.servlet.AdviceFilter

        afterCompletion, executeChain, postHandle

      • Methods inherited from class org.apache.shiro.web.servlet.OncePerRequestFilter

        doFilter, getAlreadyFilteredAttributeName, isEnabled, isEnabled, setEnabled, shouldNotFilter

      • Methods inherited from class org.apache.shiro.web.servlet.NameableFilter

        getName, setName, toStringBuilder

      • Methods inherited from class org.apache.shiro.web.servlet.AbstractFilter

        destroy, getFilterConfig, getInitParam, init, onFilterConfigSet, setFilterConfig

      • Methods inherited from class org.apache.shiro.web.servlet.ServletContextSupport

        getContextAttribute, getContextInitParam, getServletContext, removeContextAttribute, setContextAttribute, setServletContext, toString

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

    • Constructor Detail

      • AuthenticationFilter

        public AuthenticationFilter()

    • Method Detail

      • doFilterInternal

        public void doFilterInternal​(javax.servlet.ServletRequest request,
                             javax.servlet.ServletResponse response,
                             javax.servlet.FilterChain chain)
                      throws javax.servlet.ServletException,
                             java.io.IOException
        Overrides:
        doFilterInternal in class org.apache.shiro.web.servlet.AdviceFilter
        Throws:
        javax.servlet.ServletException
        java.io.IOException