public class BasicHeaderProcessor extends Object implements javax.servlet.Filter
Implementations of BasicHeaderAuthenticator
includes one that accepts the real password,
then one that checks the user's API token. We call them all from a single Filter like this,
as opposed to using a list of Filter
s, so that multiple filters don't end up trying
to authenticate the same header differently and fail.
ZD-19640
Constructor and Description |
---|
BasicHeaderProcessor() |
Modifier and Type | Method and Description |
---|---|
protected List<? extends BasicHeaderAuthenticator> |
all() |
protected boolean |
authenticationIsRequired(String username)
If the request is already authenticated to the same user that the Authorization header claims,
for example through the HTTP session, then there's no need to re-authenticate the Authorization header,
so we skip that.
|
void |
destroy() |
void |
doFilter(javax.servlet.ServletRequest request,
javax.servlet.ServletResponse response,
javax.servlet.FilterChain chain) |
protected void |
fail(javax.servlet.http.HttpServletRequest req,
javax.servlet.http.HttpServletResponse rsp,
org.acegisecurity.BadCredentialsException failure) |
void |
init(javax.servlet.FilterConfig filterConfig) |
void |
setAuthenticationEntryPoint(org.acegisecurity.ui.AuthenticationEntryPoint authenticationEntryPoint) |
void |
setRememberMeServices(org.acegisecurity.ui.rememberme.RememberMeServices rememberMeServices) |
protected void |
success(javax.servlet.http.HttpServletRequest req,
javax.servlet.http.HttpServletResponse rsp,
javax.servlet.FilterChain chain,
org.acegisecurity.Authentication auth) |
public void init(javax.servlet.FilterConfig filterConfig) throws javax.servlet.ServletException
init
in interface javax.servlet.Filter
javax.servlet.ServletException
public void setAuthenticationEntryPoint(org.acegisecurity.ui.AuthenticationEntryPoint authenticationEntryPoint)
public void setRememberMeServices(org.acegisecurity.ui.rememberme.RememberMeServices rememberMeServices)
public void doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain) throws IOException, javax.servlet.ServletException
doFilter
in interface javax.servlet.Filter
IOException
javax.servlet.ServletException
protected boolean authenticationIsRequired(String username)
SecurityRealm
.
This method returns false if we can take this short-cut.protected void success(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse rsp, javax.servlet.FilterChain chain, org.acegisecurity.Authentication auth) throws IOException, javax.servlet.ServletException
IOException
javax.servlet.ServletException
protected void fail(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse rsp, org.acegisecurity.BadCredentialsException failure) throws IOException, javax.servlet.ServletException
IOException
javax.servlet.ServletException
protected List<? extends BasicHeaderAuthenticator> all()
public void destroy()
destroy
in interface javax.servlet.Filter
Copyright © 2019. All rights reserved.