org.norther.tammi.spray.authenticator
Class AbstractAuthenticatorFilter

java.lang.Object
  extended by org.norther.tammi.core.base.Adaptee
      extended by org.norther.tammi.spray.filter.DefaultFilter
          extended by org.norther.tammi.spray.authenticator.AbstractAuthenticatorFilter
All Implemented Interfaces:
Serializable, NotificationBroadcaster, NotificationEmitter, Filter, Manageable, MBeanDelegate, AuthenticatorFilter
Direct Known Subclasses:
DefaultCachedAuthFilter, DefaultHttpBasicAuthFilter, DefaultHttpDigestAuthFilter, DefaultHttpServiceAuthFilter, DefaultHttpSspiAuthFilter, DefaultMsisdnAuthFilter, DefaultSSLCertAuthFilter

public abstract class AbstractAuthenticatorFilter
extends DefaultFilter
implements AuthenticatorFilter

An abstract implementation of AuthenticatorFilter providing the base functionality for subclasses implementing specific authentication schemes.

This implementation requires that the principal has READ permission to the path info of the request in addition to authentication to allow filtering of the request to continue. Note that undefined permissions imply full access to everyone.

Based on AuthenticatorBase in the Apache Jakarta Tomcat project.

Version:
$Id: AbstractAuthenticatorFilter.java,v 1.23 2009/10/29 21:39:55 cvsimp Exp $
Author:
Craig R. McClanahan, Ilkka Priha
See Also:
Serialized Form

Field Summary
static String DEFAULT_USER_ACCOUNT_ID_ATTIBUTE
          The default account id attribute.
 
Fields inherited from class org.norther.tammi.core.base.Adaptee
ADAPTEE_NOTIF_DESCRIPTION, ADAPTEE_NOTIFICATIONS
 
Constructor Summary
AbstractAuthenticatorFilter()
          Constructs a new filter.
 
Method Summary
abstract  Principal authenticate(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
          Authenticates a request within the realm of this filter.
 Principal authenticate(Principal principal, HttpServletRequest request, HttpServletResponse response, FilterChain chain)
          Authenticates a principal within the realm of this filter.
 Principal authenticate(String user, String pswd, HttpServletRequest request, HttpServletResponse response, FilterChain chain)
          Authenticates a user within the realm of this filter.
protected  void decrementLoginAttempts(HttpServletRequest request)
          Deccrements login attempts of the specified request by one.
 void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
           
 String getAuthDomain()
          Gets the authentication domain.
protected  StringBuilder getAuthenticationURL(String host, boolean secure, String service, String pipe, String flow, String page, HttpServletRequest request, HttpServletResponse response, HttpFilterChain chain)
          Gets the authentication URL.
abstract  String getAuthType()
          Gets the authentication scheme.
protected  String getCredentials(HttpServletRequest request)
          Gets the credentials from the HTTP authorization header.
 String getFaultyUser(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
          Gets the faulty user of the specified request.
 int getLoginAttempts()
          Gets the number of allowed login attempts.
 int getLoginAttempts(HttpServletRequest request)
          Gets the number of performed login attempts for the specified request.
 String getLogoutFlow()
          Gets the logout flow.
 String getLogoutHost()
          Gets the logout host.
 String getLogoutPipe()
          Gets the logout pipe.
 String getLogoutService()
          Gets the logout service.
 String getLogoutTemplate()
          Gets the logout template.
 String getLogoutURI()
          Gets the logout URI.
 StringBuilder getLogoutURL(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
          Gets the logout URL, with the scheme, host and port if required, for the specified request.
 String getPublicRealmName()
          Gets the public name of the realm.
protected  Realm getRealm()
          Gets the refernt of the realm MBean associated to this authenticator.
 String getRealmDomain()
          Gets the realm domain.
 ObjectName getRealmName()
          Gets the user authentication realm.
 String getUnauthorizedTemplate()
          Gets the unauthorized template.
 StringBuilder getUserURL(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
          Gets the user URL for the specified request.
protected  void incrementLoginAttempts(HttpServletRequest request)
          Increments login attempts of the specified request by one.
 boolean isAnonymousPrincipalAccepted()
          Checks whether anonymous principals optionally provided by attached realms are accepted.
 boolean isAuthenticationRequired()
          Checks whether authentication is required for unidentified requests.
 boolean isAutoLoginEnabled(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
          Checks whether automatic login is enabled for the specified request.
 boolean isCachedPrincipalDiscarded()
          Checks whether principals authenticated and cached by other authentication objects are discarded and re-authenticated.
 boolean isUserInRole(Principal principal, String role)
          Checks whether the specified principal is in the specified security role within the context of the realm of this filter.
 void postmanaged()
          This method is called when the implementing adaptee has been managed either during post-registration of the corresponding adapter MBean or just after it is explicitly added to the adapter MBean during run-time.
 void setAnonymousPrincipalAccepted(boolean flag)
          Sets whether anonymous principals optionally provided by attached realms are accepted.
 void setAuthDomain(String domain)
          Sets the the authentication domain.
 void setAuthenticationRequired(boolean flag)
          Sets the authentication required flag.
 void setAutoLoginEnabled(HttpServletRequest request, HttpServletResponse response, FilterChain chain, boolean flag)
          Sets whether automatic login is enabled for the specified request.
 void setCachedPrincipalDiscarded(boolean flag)
          Sets whether principals authenticated and cached by other authentication objects are discarded and re-authenticated.
protected  void setFaultyUser(HttpServletRequest request, String username)
          Sets the faulty user of the specified request.
 void setLoginAttempts(int count)
          Sets the number of allowed login attempts.
 void setLogoutFlow(String flow)
          Sets the logout flow.
 void setLogoutHost(String host)
          Sets the logout host.
 void setLogoutPipe(String pipe)
          Sets the logout pipe.
 void setLogoutService(String service)
          Sets the logout service.
 void setLogoutTemplate(String template)
          Sets the logout template.
 void setLogoutURI(String uri)
          Sets the logout URI.
 void setPublicRealmName(String name)
          Sets the public name of the realm.
 void setRealmName(ObjectName realm)
          Sets the user authentication realm.
 void setUnauthorizedTemplate(String template)
          Sets the unauthorized template.
 void unauthenticated(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
          A handler for unauthenticated requests that should provide an opportunity for the user to re-authenticate himself.
 void unmanaged()
          This method is called when the implementing adaptee is unmanaged either during pre-deregistration of the corresponding adapter MBean or just before it is explicitly removed from the adapter MBean during run-time.
protected  Principal verifyAuthentication(Principal principal, HttpServletRequest request, HttpServletResponse response, FilterChain chain)
          Verifies whether authentication is required.
 
Methods inherited from class org.norther.tammi.spray.filter.DefaultFilter
destroy, getFilterConfig, getRequestMap, getSessionMap, init
 
Methods inherited from class org.norther.tammi.core.base.Adaptee
addAdaptee, addNotificationListener, getAttributeSupport, getBroker, getCanonicalName, getDomain, getFactory, getLoader, getLog, getLog, getMBean, getMBeanServer, getNotificationInfo, getObjectName, getRegistrationTime, getSequenceNumber, hasListeners, isRegistered, premanaged, removeNotificationListener, removeNotificationListener, sendNotification, sendNotification, sendNotification, sendNotification, unregister
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 
Methods inherited from interface javax.servlet.Filter
destroy, init
 

Field Detail

DEFAULT_USER_ACCOUNT_ID_ATTIBUTE

public static final String DEFAULT_USER_ACCOUNT_ID_ATTIBUTE
The default account id attribute.

See Also:
Constant Field Values
Constructor Detail

AbstractAuthenticatorFilter

public AbstractAuthenticatorFilter()
Constructs a new filter.

Method Detail

postmanaged

public void postmanaged()
Description copied from interface: Manageable
This method is called when the implementing adaptee has been managed either during post-registration of the corresponding adapter MBean or just after it is explicitly added to the adapter MBean during run-time.

Specified by:
postmanaged in interface Manageable
Overrides:
postmanaged in class Adaptee

unmanaged

public void unmanaged()
               throws Exception
Description copied from interface: Manageable
This method is called when the implementing adaptee is unmanaged either during pre-deregistration of the corresponding adapter MBean or just before it is explicitly removed from the adapter MBean during run-time.

Specified by:
unmanaged in interface Manageable
Overrides:
unmanaged in class Adaptee
Throws:
Exception - if the adaptee refused to be unmanaged.

getRealmName

public ObjectName getRealmName()
Description copied from interface: AuthenticatorFilter
Gets the user authentication realm.

Specified by:
getRealmName in interface AuthenticatorFilter
Returns:
the name of the realm or a query.

setRealmName

public void setRealmName(ObjectName realm)
Description copied from interface: AuthenticatorFilter
Sets the user authentication realm.

Specified by:
setRealmName in interface AuthenticatorFilter
Parameters:
realm - the name of the realm or a query.

getPublicRealmName

public String getPublicRealmName()
Description copied from interface: AuthenticatorFilter
Gets the public name of the realm.

Specified by:
getPublicRealmName in interface AuthenticatorFilter
Returns:
the public name of the realm.

setPublicRealmName

public void setPublicRealmName(String name)
Description copied from interface: AuthenticatorFilter
Sets the public name of the realm. The public name is included in generated challenges when required.

Specified by:
setPublicRealmName in interface AuthenticatorFilter
Parameters:
name - the public name of the realm.

getRealmDomain

public String getRealmDomain()
Description copied from interface: AuthenticatorFilter
Gets the realm domain. The realm domain is either the authentication domain if specified or the default domain of the realm.

Specified by:
getRealmDomain in interface AuthenticatorFilter
Returns:
the realm domain.

getAuthDomain

public String getAuthDomain()
Description copied from interface: AuthenticatorFilter
Gets the authentication domain.

Specified by:
getAuthDomain in interface AuthenticatorFilter
Returns:
the authentication domain.

setAuthDomain

public void setAuthDomain(String domain)
Description copied from interface: AuthenticatorFilter
Sets the the authentication domain. The domain name is inserted to usernames separated by a slash if an explicit domain is not already included.

Specified by:
setAuthDomain in interface AuthenticatorFilter
Parameters:
domain - the authentication domain.

isAuthenticationRequired

public boolean isAuthenticationRequired()
Description copied from interface: AuthenticatorFilter
Checks whether authentication is required for unidentified requests.

Specified by:
isAuthenticationRequired in interface AuthenticatorFilter
Returns:
true if authentication is required, otherwise false.

setAuthenticationRequired

public void setAuthenticationRequired(boolean flag)
Description copied from interface: AuthenticatorFilter
Sets the authentication required flag.

Specified by:
setAuthenticationRequired in interface AuthenticatorFilter
Parameters:
flag - the authentication required flag.

isCachedPrincipalDiscarded

public boolean isCachedPrincipalDiscarded()
Description copied from interface: AuthenticatorFilter
Checks whether principals authenticated and cached by other authentication objects are discarded and re-authenticated.

Specified by:
isCachedPrincipalDiscarded in interface AuthenticatorFilter
Returns:
true if cached principals are discarded, otherwise false.

setCachedPrincipalDiscarded

public void setCachedPrincipalDiscarded(boolean flag)
Description copied from interface: AuthenticatorFilter
Sets whether principals authenticated and cached by other authentication objects are discarded and re-authenticated.

Specified by:
setCachedPrincipalDiscarded in interface AuthenticatorFilter
Parameters:
flag - the cached principals discarded flag.

isAnonymousPrincipalAccepted

public boolean isAnonymousPrincipalAccepted()
Description copied from interface: AuthenticatorFilter
Checks whether anonymous principals optionally provided by attached realms are accepted.

Specified by:
isAnonymousPrincipalAccepted in interface AuthenticatorFilter
Returns:
true if cached principals are discarded, otherwise false.

setAnonymousPrincipalAccepted

public void setAnonymousPrincipalAccepted(boolean flag)
Description copied from interface: AuthenticatorFilter
Sets whether anonymous principals optionally provided by attached realms are accepted.

Specified by:
setAnonymousPrincipalAccepted in interface AuthenticatorFilter
Parameters:
flag - the cached principals discarded flag.

getUnauthorizedTemplate

public String getUnauthorizedTemplate()
Description copied from interface: AuthenticatorFilter
Gets the unauthorized template.

Specified by:
getUnauthorizedTemplate in interface AuthenticatorFilter
Returns:
the unauthorized template.

setUnauthorizedTemplate

public void setUnauthorizedTemplate(String template)
Description copied from interface: AuthenticatorFilter
Sets the unauthorized template.

Specified by:
setUnauthorizedTemplate in interface AuthenticatorFilter
Parameters:
template - the unauthorized template.

getLoginAttempts

public int getLoginAttempts()
Description copied from interface: AuthenticatorFilter
Gets the number of allowed login attempts.

Specified by:
getLoginAttempts in interface AuthenticatorFilter
Returns:
the number of login attempts, -1 = unlimited.

setLoginAttempts

public void setLoginAttempts(int count)
Description copied from interface: AuthenticatorFilter
Sets the number of allowed login attempts.

Specified by:
setLoginAttempts in interface AuthenticatorFilter
Parameters:
count - the number of login attempts, -1 = unlimited.

getLoginAttempts

public int getLoginAttempts(HttpServletRequest request)
Description copied from interface: AuthenticatorFilter
Gets the number of performed login attempts for the specified request.

Specified by:
getLoginAttempts in interface AuthenticatorFilter
Parameters:
request - the request.
Returns:
the number of login attempts.

getLogoutURI

public String getLogoutURI()
Description copied from interface: AuthenticatorFilter
Gets the logout URI.

Specified by:
getLogoutURI in interface AuthenticatorFilter
Returns:
the logout URI.

setLogoutURI

public void setLogoutURI(String uri)
Description copied from interface: AuthenticatorFilter
Sets the logout URI. An explicit URI overrides the logout host, service, pipe, template and flow.

Specified by:
setLogoutURI in interface AuthenticatorFilter
Parameters:
uri - the logout URI.

getLogoutHost

public String getLogoutHost()
Description copied from interface: AuthenticatorFilter
Gets the logout host.

Specified by:
getLogoutHost in interface AuthenticatorFilter
Returns:
the logout host.

setLogoutHost

public void setLogoutHost(String host)
Description copied from interface: AuthenticatorFilter
Sets the logout host.

Specified by:
setLogoutHost in interface AuthenticatorFilter
Parameters:
host - the logout host.

getLogoutService

public String getLogoutService()
Description copied from interface: AuthenticatorFilter
Gets the logout service.

Specified by:
getLogoutService in interface AuthenticatorFilter
Returns:
the logout service.

setLogoutService

public void setLogoutService(String service)
Description copied from interface: AuthenticatorFilter
Sets the logout service. The service is applied to the logout URI if an explicit one is not specified.

Specified by:
setLogoutService in interface AuthenticatorFilter
Parameters:
service - the logout service.

getLogoutPipe

public String getLogoutPipe()
Description copied from interface: AuthenticatorFilter
Gets the logout pipe.

Specified by:
getLogoutPipe in interface AuthenticatorFilter
Returns:
the logout pipe.

setLogoutPipe

public void setLogoutPipe(String pipe)
Description copied from interface: AuthenticatorFilter
Sets the logout pipe. The pipe is applied to the logout URI if an explicit one is not specified.

Specified by:
setLogoutPipe in interface AuthenticatorFilter
Parameters:
pipe - the logout pipe.

getLogoutFlow

public String getLogoutFlow()
Description copied from interface: AuthenticatorFilter
Gets the logout flow.

Specified by:
getLogoutFlow in interface AuthenticatorFilter
Returns:
the logout flow.

setLogoutFlow

public void setLogoutFlow(String flow)
Description copied from interface: AuthenticatorFilter
Sets the logout flow. The flow is applied to the logout URI if an explicit one is not specified.

Specified by:
setLogoutFlow in interface AuthenticatorFilter
Parameters:
flow - the login flow.

getLogoutTemplate

public String getLogoutTemplate()
Description copied from interface: AuthenticatorFilter
Gets the logout template.

Specified by:
getLogoutTemplate in interface AuthenticatorFilter
Returns:
the logout template.

setLogoutTemplate

public void setLogoutTemplate(String template)
Description copied from interface: AuthenticatorFilter
Sets the logout template. The template is applied to the logout URI if an explicit one is not specified.

Specified by:
setLogoutTemplate in interface AuthenticatorFilter
Parameters:
template - the logout template.

getLogoutURL

public StringBuilder getLogoutURL(HttpServletRequest request,
                                  HttpServletResponse response,
                                  FilterChain chain)
Description copied from interface: AuthenticatorFilter
Gets the logout URL, with the scheme, host and port if required, for the specified request.

Specified by:
getLogoutURL in interface AuthenticatorFilter
Parameters:
request - the request.
response - the response.
chain - the filter chain.
Returns:
the encoded logout URL or null if not defined.

getUserURL

public StringBuilder getUserURL(HttpServletRequest request,
                                HttpServletResponse response,
                                FilterChain chain)
Description copied from interface: AuthenticatorFilter
Gets the user URL for the specified request. By default, the user URL is the logout URL without the flow and template.

Specified by:
getUserURL in interface AuthenticatorFilter
Parameters:
request - the request.
response - the response.
chain - the filter chain.
Returns:
the encoded user URL or null if not defined.

getFaultyUser

public String getFaultyUser(HttpServletRequest request,
                            HttpServletResponse response,
                            FilterChain chain)
Description copied from interface: AuthenticatorFilter
Gets the faulty user of the specified request. The user is an unauthenticated identity given by the user himself.

Specified by:
getFaultyUser in interface AuthenticatorFilter
Parameters:
request - the request.
response - the response.
chain - the filter chain.
Returns:
the faulty user or null.

isUserInRole

public boolean isUserInRole(Principal principal,
                            String role)
Description copied from interface: AuthenticatorFilter
Checks whether the specified principal is in the specified security role within the context of the realm of this filter.

Specified by:
isUserInRole in interface AuthenticatorFilter
Parameters:
principal - the principal for whom the role is to be checked.
role - the security role to be checked.
Returns:
true or false.

doFilter

public void doFilter(ServletRequest request,
                     ServletResponse response,
                     FilterChain chain)
              throws ServletException,
                     IOException
Specified by:
doFilter in interface Filter
Overrides:
doFilter in class DefaultFilter
Throws:
ServletException
IOException

getAuthType

public abstract String getAuthType()
Description copied from interface: AuthenticatorFilter
Gets the authentication scheme.

Specified by:
getAuthType in interface AuthenticatorFilter
Returns:
the authentication scheme.

authenticate

public abstract Principal authenticate(HttpServletRequest request,
                                       HttpServletResponse response,
                                       FilterChain chain)
Description copied from interface: AuthenticatorFilter
Authenticates a request within the realm of this filter.

Specified by:
authenticate in interface AuthenticatorFilter
Parameters:
request - the request.
response - the response.
chain - the filter chain.
Returns:
the authenticated user principal or null.

authenticate

public Principal authenticate(String user,
                              String pswd,
                              HttpServletRequest request,
                              HttpServletResponse response,
                              FilterChain chain)
Description copied from interface: AuthenticatorFilter
Authenticates a user within the realm of this filter.

Specified by:
authenticate in interface AuthenticatorFilter
Parameters:
user - the username.
pswd - the password.
request - the request.
response - the response.
chain - the filter chain.
Returns:
the authenticated user principal or null.

authenticate

public Principal authenticate(Principal principal,
                              HttpServletRequest request,
                              HttpServletResponse response,
                              FilterChain chain)
Description copied from interface: AuthenticatorFilter
Authenticates a principal within the realm of this filter.

Specified by:
authenticate in interface AuthenticatorFilter
Parameters:
principal - the principal.
request - the request.
response - the response.
chain - the filter chain.
Returns:
the authenticated user principal or null.

unauthenticated

public void unauthenticated(HttpServletRequest request,
                            HttpServletResponse response,
                            FilterChain chain)
                     throws ServletException,
                            IOException
Description copied from interface: AuthenticatorFilter
A handler for unauthenticated requests that should provide an opportunity for the user to re-authenticate himself. Must either produce a valid response or throw an exception.

Specified by:
unauthenticated in interface AuthenticatorFilter
Parameters:
request - the request.
response - the response.
chain - the filter chain.
Throws:
ServletException - for servlet errors.
IOException - for general errors.

isAutoLoginEnabled

public boolean isAutoLoginEnabled(HttpServletRequest request,
                                  HttpServletResponse response,
                                  FilterChain chain)
Description copied from interface: AuthenticatorFilter
Checks whether automatic login is enabled for the specified request.

Specified by:
isAutoLoginEnabled in interface AuthenticatorFilter
Parameters:
request - the request.
response - the response.
chain - the filter chain.
Returns:
true if enabled, false otherwise.

setAutoLoginEnabled

public void setAutoLoginEnabled(HttpServletRequest request,
                                HttpServletResponse response,
                                FilterChain chain,
                                boolean flag)
Description copied from interface: AuthenticatorFilter
Sets whether automatic login is enabled for the specified request.

Specified by:
setAutoLoginEnabled in interface AuthenticatorFilter
Parameters:
request - the request.
response - the response.
chain - the filter chain.
flag - true if enabled, false otherwise.

getRealm

protected Realm getRealm()
Gets the refernt of the realm MBean associated to this authenticator.

Returns:
the referent of the realm MBean.

getAuthenticationURL

protected StringBuilder getAuthenticationURL(String host,
                                             boolean secure,
                                             String service,
                                             String pipe,
                                             String flow,
                                             String page,
                                             HttpServletRequest request,
                                             HttpServletResponse response,
                                             HttpFilterChain chain)
Gets the authentication URL.

Parameters:
host - the host.
secure - true if secure.
service - the service.
pipe - the pipe.
flow - the flow.
page - the page.
request - the request.
response - the response.
chain - the filter chain.
Returns:
the encoded URL or null.

verifyAuthentication

protected Principal verifyAuthentication(Principal principal,
                                         HttpServletRequest request,
                                         HttpServletResponse response,
                                         FilterChain chain)
Verifies whether authentication is required.

Parameters:
principal - the authenticated principal.
request - the request.
response - the response.
chain - the filter chain.
Returns:
the verified principal.

getCredentials

protected String getCredentials(HttpServletRequest request)
Gets the credentials from the HTTP authorization header.

Parameters:
request - the request.
Returns:
the credentials or null.
Throws:
IllegalArgumentException - for incorrect scheme.

incrementLoginAttempts

protected void incrementLoginAttempts(HttpServletRequest request)
Increments login attempts of the specified request by one.

Parameters:
request - the request.

decrementLoginAttempts

protected void decrementLoginAttempts(HttpServletRequest request)
Deccrements login attempts of the specified request by one.

Parameters:
request - the request.

setFaultyUser

protected void setFaultyUser(HttpServletRequest request,
                             String username)
Sets the faulty user of the specified request.

Parameters:
request - the request.
username - the remote user.


Copyright © 2004 The Norther Organization. All rights reserved.