Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.norther.tammi.spray.authenticator
Class AbstractAuthenticatorFilter

java.lang.Object
  extended by org.norther.tammi.core.base.Adaptee
      extended by org.norther.tammi.spray.filter.DefaultFilter
          extended by org.norther.tammi.spray.authenticator.AbstractAuthenticatorFilter
All Implemented Interfaces:
Serializable, NotificationBroadcaster, NotificationEmitter, Filter, Manageable, MBeanDelegate, AuthenticatorFilter
Direct Known Subclasses:
DefaultCachedAuthFilter, DefaultHttpBasicAuthFilter, DefaultHttpDigestAuthFilter, DefaultHttpFormAuthFilter, DefaultHttpSspiAuthFilter, DefaultSSLCertAuthFilter, DefaultTerminalAuthFilter
public abstract class AbstractAuthenticatorFilter
extends DefaultFilter
implements AuthenticatorFilter

An abstract implementation of AuthenticatorFilter providing the base functionality for subclasses implementing specific authentication schemes.

This implementation requires that the principal has READ permission to the path info of the request in addition to authentication to allow filtering of the request to continue. Note that undefined permissions imply full access to everyone.

Based on AuthenticatorBase in the Apache Jakarta Tomcat project.

Author:
Craig R. McClanahan, Ilkka Priha
See Also:
Serialized Form

Field Summary
static String DEFAULT_USER_ACCOUNT_ID_ATTIBUTE
          The default account id attribute.
 
Fields inherited from class org.norther.tammi.core.base.Adaptee
ADAPTEE_NOTIF_DESCRIPTION, ADAPTEE_NOTIFICATIONS
 
Fields inherited from interface org.norther.tammi.core.base.MBeanDelegate
ARRAY_TYPE, OBJECT_TYPE, PRIMITIVE_TYPE, STRING_TYPE
 
Constructor Summary
AbstractAuthenticatorFilter()
          Constructs a new filter.
 
Method Summary
abstract  Principal authenticate(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
          Authenticates a request within the realm of this filter.
protected  void decrementLoginAttempts(HttpServletRequest request)
          Deccrements login attempts of the specified request by one.
 void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
           
protected  String generateAuthenticate(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
          Generates the WWW-Authenticate header.
protected  StringBuilder getAuthenticationURL(String host, boolean secure, String service, String pipe, String flow, String page, HttpServletRequest request, HttpServletResponse response, HttpFilterChain chain)
          Gets the authentication URL.
abstract  String getAuthType()
          Gets the authentication scheme.
protected  String getCredentials(HttpServletRequest request)
          Gets the credentials from the HTTP authorization header.
 String getDefaultDomain()
          Gets the default domain.
 String getFaultyUser(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
          Gets the faulty user of the specified request.
 int getLoginAttempts()
          Gets the number of allowed login attempts.
 int getLoginAttempts(HttpServletRequest request)
          Gets the number of login attempts of the specified request.
 String getLogoutFlow()
          Gets the logout flow.
 String getLogoutHost()
          Gets the logout host.
 String getLogoutPipe()
          Gets the logout pipe.
 String getLogoutService()
          Gets the logout service.
 String getLogoutTemplate()
          Gets the logout template.
 String getLogoutURI()
          Gets the logout URI.
 StringBuilder getLogoutURL(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
          Gets the logout URL, with the scheme, host and port if required, for the specified request.
 String getPublicRealmName()
          Gets the public name of the realm.
protected  Realm getRealm()
          Gets the refernt of the realm MBean associated to this authenticator.
 ObjectName getRealmName()
          Gets the user authentication realm.
 String getUnauthorizedTemplate()
          Gets the unauthorized template.
protected  void incrementLoginAttempts(HttpServletRequest request)
          Increments login attempts of the specified request by one.
 boolean isAuthenticationRequired()
          Checks whether authentication is required for unidentified requests.
 boolean isAutoLoginEnabled(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
          Checks whether automatic login is enabled for the specified request.
 boolean isCachedPrincipalDiscarded()
          Checks whether principals authenticated and cached by other authentication objects are discarded and re-authenticated.
 boolean isUserInRole(Principal principal, String role)
          Checks whether the specified principal is in the specified security role within the context of the realm of this filter.
 void postmanaged()
          This method is called when the implementing adaptee has been managed either during post-registration of the corresponding adapter MBean or just after it is explicitly added to the adapter MBean during run-time.
 void setAuthenticationRequired(boolean flag)
          Sets the authentication required flag.
 void setAutoLoginEnabled(HttpServletRequest request, HttpServletResponse response, FilterChain chain, boolean flag)
          Sets whether automatic login is enabled for the specified request.
 void setCachedPrincipalDiscarded(boolean flag)
          Sets whether principals authenticated and cached by other authentication objects are discarded and re-authenticated.
 void setDefaultDomain(String domain)
          Sets the the default domain.
protected  void setFaultyUser(HttpServletRequest request, String username)
          Sets the faulty user of the specified request.
 void setLoginAttempts(int count)
          Sets the number of allowed login attempts.
 void setLogoutFlow(String flow)
          Sets the logout flow.
 void setLogoutHost(String host)
          Sets the logout host.
 void setLogoutPipe(String pipe)
          Sets the logout pipe.
 void setLogoutService(String service)
          Sets the logout service.
 void setLogoutTemplate(String template)
          Sets the logout template.
 void setLogoutURI(String uri)
          Sets the logout URI.
 void setPublicRealmName(String name)
          Sets the public name of the realm.
 void setRealmName(ObjectName realm)
          Sets the user authentication realm.
 void setUnauthorizedTemplate(String template)
          Sets the unauthorized template.
 void unauthenticated(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
          A handler for unauthenticated requests that should provide an opportunity for the user to re-authenticate himself.
 void unmanaged()
          This method is called when the implementing adaptee is unmanaged either during pre-deregistration of the corresponding adapter MBean or just before it is explicitly removed from the adapter MBean during run-time.
protected  Principal verifyAuthentication(Principal principal)
          Verifies whether authentication is required.
 
Methods inherited from class org.norther.tammi.spray.filter.DefaultFilter
destroy, getFilterConfig, getRequestMap, getSessionMap, init
 
Methods inherited from class org.norther.tammi.core.base.Adaptee
addAdaptee, addNotificationListener, getAttributeSupport, getBroker, getCanonicalName, getDomain, getFactory, getLoader, getLog, getLog, getMBean, getMBeanServer, getNotificationInfo, getObjectName, getRegistrationTime, getSequenceNumber, hasListeners, isRegistered, premanaged, removeNotificationListener, removeNotificationListener, sendNotification, sendNotification, sendNotification, sendNotification, unregister
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 
Methods inherited from interface javax.servlet.Filter
destroy, init
 

Field Detail

DEFAULT_USER_ACCOUNT_ID_ATTIBUTE

public static final String DEFAULT_USER_ACCOUNT_ID_ATTIBUTE
The default account id attribute.

See Also:
Constant Field Values
Constructor Detail

AbstractAuthenticatorFilter

public AbstractAuthenticatorFilter()
Constructs a new filter.

Method Detail

postmanaged

public void postmanaged()
Description copied from interface: Manageable
This method is called when the implementing adaptee has been managed either during post-registration of the corresponding adapter MBean or just after it is explicitly added to the adapter MBean during run-time.

Specified by:
postmanaged in interface Manageable
Overrides:
postmanaged in class Adaptee

unmanaged

public void unmanaged()
               throws Exception
Description copied from interface: Manageable
This method is called when the implementing adaptee is unmanaged either during pre-deregistration of the corresponding adapter MBean or just before it is explicitly removed from the adapter MBean during run-time.

Specified by:
unmanaged in interface Manageable
Overrides:
unmanaged in class Adaptee
Throws:
Exception - if the adaptee refused to be unmanaged.

getRealmName

public ObjectName getRealmName()
Description copied from interface: AuthenticatorFilter
Gets the user authentication realm.

Specified by:
getRealmName in interface AuthenticatorFilter
Returns:
the name of the realm or a query.

setRealmName

public void setRealmName(ObjectName realm)
Description copied from interface: AuthenticatorFilter
Sets the user authentication realm.

Specified by:
setRealmName in interface AuthenticatorFilter
Parameters:
realm - the name of the realm or a query.

getPublicRealmName

public String getPublicRealmName()
Description copied from interface: AuthenticatorFilter
Gets the public name of the realm.

Specified by:
getPublicRealmName in interface AuthenticatorFilter
Returns:
the public name of the realm.

setPublicRealmName

public void setPublicRealmName(String name)
Description copied from interface: AuthenticatorFilter
Sets the public name of the realm. The public name is included in generated challenges when required.

Specified by:
setPublicRealmName in interface AuthenticatorFilter
Parameters:
name - the public name of the realm.

getDefaultDomain

public String getDefaultDomain()
Description copied from interface: AuthenticatorFilter
Gets the default domain.

Specified by:
getDefaultDomain in interface AuthenticatorFilter
Returns:
the default domain.

setDefaultDomain

public void setDefaultDomain(String domain)
Description copied from interface: AuthenticatorFilter
Sets the the default domain. The default domain is inserted to usernames separated by a slash if an explicit domain is not already included.

Specified by:
setDefaultDomain in interface AuthenticatorFilter
Parameters:
domain - the default domain.

isAuthenticationRequired

public boolean isAuthenticationRequired()
Description copied from interface: AuthenticatorFilter
Checks whether authentication is required for unidentified requests.

Specified by:
isAuthenticationRequired in interface AuthenticatorFilter
Returns:
true if authentication is required, otherwise false.

setAuthenticationRequired

public void setAuthenticationRequired(boolean flag)
Description copied from interface: AuthenticatorFilter
Sets the authentication required flag.

Specified by:
setAuthenticationRequired in interface AuthenticatorFilter
Parameters:
flag - the authentication required flag.

isCachedPrincipalDiscarded

public boolean isCachedPrincipalDiscarded()
Description copied from interface: AuthenticatorFilter
Checks whether principals authenticated and cached by other authentication objects are discarded and re-authenticated.

Specified by:
isCachedPrincipalDiscarded in interface AuthenticatorFilter
Returns:
true if cached principals are discarded, otherwise false.

setCachedPrincipalDiscarded

public void setCachedPrincipalDiscarded(boolean flag)
Description copied from interface: AuthenticatorFilter
Sets whether principals authenticated and cached by other authentication objects are discarded and re-authenticated.

Specified by:
setCachedPrincipalDiscarded in interface AuthenticatorFilter
Parameters:
flag - the cached principals discarded flag.

getUnauthorizedTemplate

public String getUnauthorizedTemplate()
Description copied from interface: AuthenticatorFilter
Gets the unauthorized template.

Specified by:
getUnauthorizedTemplate in interface AuthenticatorFilter
Returns:
the unauthorized template.

setUnauthorizedTemplate

public void setUnauthorizedTemplate(String template)
Description copied from interface: AuthenticatorFilter
Sets the unauthorized template.

Specified by:
setUnauthorizedTemplate in interface AuthenticatorFilter
Parameters:
template - the unauthorized template.

getLoginAttempts

public int getLoginAttempts()
Description copied from interface: AuthenticatorFilter
Gets the number of allowed login attempts.

Specified by:
getLoginAttempts in interface AuthenticatorFilter
Returns:
the number of login attempts, -1 = unlimited.

setLoginAttempts

public void setLoginAttempts(int count)
Description copied from interface: AuthenticatorFilter
Sets the number of allowed login attempts.

Specified by:
setLoginAttempts in interface AuthenticatorFilter
Parameters:
count - the number of login attempts, -1 = unlimited.

getLoginAttempts

public int getLoginAttempts(HttpServletRequest request)
Description copied from interface: AuthenticatorFilter
Gets the number of login attempts of the specified request.

Specified by:
getLoginAttempts in interface AuthenticatorFilter
Parameters:
request - the request.
Returns:
the number of login attempts.

getLogoutURI

public String getLogoutURI()
Description copied from interface: AuthenticatorFilter
Gets the logout URI.

Specified by:
getLogoutURI in interface AuthenticatorFilter
Returns:
the logout URI.

setLogoutURI

public void setLogoutURI(String uri)
Description copied from interface: AuthenticatorFilter
Sets the logout URI. An explicit URI overrides the logout host, service, pipe, template and flow.

Specified by:
setLogoutURI in interface AuthenticatorFilter
Parameters:
uri - the logout URI.

getLogoutHost

public String getLogoutHost()
Description copied from interface: AuthenticatorFilter
Gets the logout host.

Specified by:
getLogoutHost in interface AuthenticatorFilter
Returns:
the logout host.

setLogoutHost

public void setLogoutHost(String host)
Description copied from interface: AuthenticatorFilter
Sets the logout host.

Specified by:
setLogoutHost in interface AuthenticatorFilter
Parameters:
host - the logout host.

getLogoutService

public String getLogoutService()
Description copied from interface: AuthenticatorFilter
Gets the logout service.

Specified by:
getLogoutService in interface AuthenticatorFilter
Returns:
the logout service.

setLogoutService

public void setLogoutService(String service)
Description copied from interface: AuthenticatorFilter
Sets the logout service. The service is applied to the logout URI if an explicit one is not specified.

Specified by:
setLogoutService in interface AuthenticatorFilter
Parameters:
service - the logout service.

getLogoutPipe

public String getLogoutPipe()
Description copied from interface: AuthenticatorFilter
Gets the logout pipe.

Specified by:
getLogoutPipe in interface AuthenticatorFilter
Returns:
the logout pipe.

setLogoutPipe

public void setLogoutPipe(String pipe)
Description copied from interface: AuthenticatorFilter
Sets the logout pipe. The pipe is applied to the logout URI if an explicit one is not specified.

Specified by:
setLogoutPipe in interface AuthenticatorFilter
Parameters:
pipe - the logout pipe.

getLogoutFlow

public String getLogoutFlow()
Description copied from interface: AuthenticatorFilter
Gets the logout flow.

Specified by:
getLogoutFlow in interface AuthenticatorFilter
Returns:
the logout flow.

setLogoutFlow

public void setLogoutFlow(String flow)
Description copied from interface: AuthenticatorFilter
Sets the logout flow. The flow is applied to the logout URI if an explicit one is not specified.

Specified by:
setLogoutFlow in interface AuthenticatorFilter
Parameters:
flow - the login flow.

getLogoutTemplate

public String getLogoutTemplate()
Description copied from interface: AuthenticatorFilter
Gets the logout template.

Specified by:
getLogoutTemplate in interface AuthenticatorFilter
Returns:
the logout template.

setLogoutTemplate

public void setLogoutTemplate(String template)
Description copied from interface: AuthenticatorFilter
Sets the logout template. The template is applied to the logout URI if an explicit one is not specified.

Specified by:
setLogoutTemplate in interface AuthenticatorFilter
Parameters:
template - the logout template.

getLogoutURL

public StringBuilder getLogoutURL(HttpServletRequest request,
                                  HttpServletResponse response,
                                  FilterChain chain)
Description copied from interface: AuthenticatorFilter
Gets the logout URL, with the scheme, host and port if required, for the specified request.

Specified by:
getLogoutURL in interface AuthenticatorFilter
Parameters:
request - the request.
response - the response.
chain - the filter chain.
Returns:
the encoded logout URL or null if not defined.

getFaultyUser

public String getFaultyUser(HttpServletRequest request,
                            HttpServletResponse response,
                            FilterChain chain)
Description copied from interface: AuthenticatorFilter
Gets the faulty user of the specified request. The user is an unauthenticated identity given by the user himself.

Specified by:
getFaultyUser in interface AuthenticatorFilter
Parameters:
request - the request.
response - the response.
chain - the filter chain.
Returns:
the faulty user or null.

isUserInRole

public boolean isUserInRole(Principal principal,
                            String role)
Description copied from interface: AuthenticatorFilter
Checks whether the specified principal is in the specified security role within the context of the realm of this filter.

Specified by:
isUserInRole in interface AuthenticatorFilter
Parameters:
principal - the principal for whom the role is to be checked.
role - the security role to be checked.
Returns:
true or false.

doFilter

public void doFilter(ServletRequest request,
                     ServletResponse response,
                     FilterChain chain)
              throws ServletException,
                     IOException
Specified by:
doFilter in interface Filter
Overrides:
doFilter in class DefaultFilter
Throws:
ServletException
IOException

getAuthType

public abstract String getAuthType()
Description copied from interface: AuthenticatorFilter
Gets the authentication scheme.

Specified by:
getAuthType in interface AuthenticatorFilter
Returns:
the authentication scheme.

authenticate

public abstract Principal authenticate(HttpServletRequest request,
                                       HttpServletResponse response,
                                       FilterChain chain)
Description copied from interface: AuthenticatorFilter
Authenticates a request within the realm of this filter.

Specified by:
authenticate in interface AuthenticatorFilter
Parameters:
request - the request.
response - the response.
chain - the filter chain.
Returns:
the authenticated user principal or null.

unauthenticated

public void unauthenticated(HttpServletRequest request,
                            HttpServletResponse response,
                            FilterChain chain)
                     throws ServletException,
                            IOException
Description copied from interface: AuthenticatorFilter
A handler for unauthenticated requests that should provide an opportunity for the user to re-authenticate himself. Must either produce a valid response or throw an exception.

Specified by:
unauthenticated in interface AuthenticatorFilter
Parameters:
request - the request.
response - the response.
chain - the filter chain.
Throws:
ServletException - for servlet errors.
IOException - for general errors.

isAutoLoginEnabled

public boolean isAutoLoginEnabled(HttpServletRequest request,
                                  HttpServletResponse response,
                                  FilterChain chain)
Description copied from interface: AuthenticatorFilter
Checks whether automatic login is enabled for the specified request.

Specified by:
isAutoLoginEnabled in interface AuthenticatorFilter
Parameters:
request - the request.
response - the response.
chain - the filter chain.
Returns:
true if enabled, false otherwise.

setAutoLoginEnabled

public void setAutoLoginEnabled(HttpServletRequest request,
                                HttpServletResponse response,
                                FilterChain chain,
                                boolean flag)
Description copied from interface: AuthenticatorFilter
Sets whether automatic login is enabled for the specified request.

Specified by:
setAutoLoginEnabled in interface AuthenticatorFilter
Parameters:
request - the request.
response - the response.
chain - the filter chain.
flag - true if enabled, false otherwise.

getRealm

protected Realm getRealm()
Gets the refernt of the realm MBean associated to this authenticator.

Returns:
the referent of the realm MBean.

getAuthenticationURL

protected StringBuilder getAuthenticationURL(String host,
                                             boolean secure,
                                             String service,
                                             String pipe,
                                             String flow,
                                             String page,
                                             HttpServletRequest request,
                                             HttpServletResponse response,
                                             HttpFilterChain chain)
Gets the authentication URL.

Parameters:
host - the host.
secure - true if secure.
service - the service.
pipe - the pipe.
flow - the flow.
page - the page.
request - the request.
response - the response.
chain - the filter chain.
Returns:
the encoded URL or null.

verifyAuthentication

protected Principal verifyAuthentication(Principal principal)
Verifies whether authentication is required.

Parameters:
principal - the authenticated principal.
Returns:
the verified principal.

getCredentials

protected String getCredentials(HttpServletRequest request)
Gets the credentials from the HTTP authorization header.

Parameters:
request - the request.
Returns:
the credentials or null.
Throws:
IllegalArgumentException - for incorrect scheme.

generateAuthenticate

protected String generateAuthenticate(HttpServletRequest request,
                                      HttpServletResponse response,
                                      FilterChain chain)
Generates the WWW-Authenticate header.

The header MUST follow this template: 

 WWW-Authenticate = "WWW-Authenticate" ":" "Basic" 
     basic-challenge
 basic-challenge  = 1#(realm)
 realm            = "realm" "=" realm-value
 realm-value      = quoted-string

Parameters:
request - the request.
response - the response.
chain - the filter chain.
Returns:
the authentication.

incrementLoginAttempts

protected void incrementLoginAttempts(HttpServletRequest request)
Increments login attempts of the specified request by one.

Parameters:
request - the request.

decrementLoginAttempts

protected void decrementLoginAttempts(HttpServletRequest request)
Deccrements login attempts of the specified request by one.

Parameters:
request - the request.

setFaultyUser

protected void setFaultyUser(HttpServletRequest request,
                             String username)
Sets the faulty user of the specified request.

Parameters:
request - the request.
username - the remote user.
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2004 The Norther Organization. All rights reserved.