SiteminderAuthenticationProcessingFilter (Acegi Security System for Spring 1.0.0-RC1 API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.acegisecurity.ui.webapp
Class SiteminderAuthenticationProcessingFilter

java.lang.Object
  org.acegisecurity.ui.AbstractProcessingFilter
      org.acegisecurity.ui.webapp.AuthenticationProcessingFilter
          org.acegisecurity.ui.webapp.SiteminderAuthenticationProcessingFilter

All Implemented Interfaces:: javax.servlet.Filter, InitializingBean, ApplicationEventPublisherAware, MessageSourceAware

public class SiteminderAuthenticationProcessingFilter
extends AuthenticationProcessingFilter
extends AuthenticationProcessingFilter

Extends Acegi's AuthenticationProcessingFilter to pick up Netegrity Siteminder's headers.

Also provides a backup form-based authentication and the ability set source key names.

Siteminder must present two headers to this filter, a username and password. You must set the header keys before this filter is used for authentication, otherwise Siteminder checks will be skipped. If the Siteminder check is unsuccessful (i.e. if the headers are not found), then the form parameters will be checked (see next paragraph). This allows applications to optionally function even when their Siteminder infrastructure is unavailable, as is often the case during development.

Login forms must present two parameters to this filter: a username and password. If not specified, the parameter names to use are contained in the static fields AuthenticationProcessingFilter.ACEGI_SECURITY_FORM_USERNAME_KEY and AuthenticationProcessingFilter.ACEGI_SECURITY_FORM_PASSWORD_KEY.

Do not use this class directly. Instead, configure web.xml to use the FilterToBeanProxy.

Field Summary

Fields inherited from class org.acegisecurity.ui.webapp.AuthenticationProcessingFilter
`ACEGI_SECURITY_FORM_PASSWORD_KEY, ACEGI_SECURITY_FORM_USERNAME_KEY, ACEGI_SECURITY_LAST_USERNAME_KEY`

Fields inherited from class org.acegisecurity.ui.AbstractProcessingFilter
`ACEGI_SECURITY_LAST_EXCEPTION_KEY, ACEGI_SECURITY_TARGET_URL_KEY, logger, messages`

Constructor Summary
`SiteminderAuthenticationProcessingFilter()` Basic constructor.

Method Summary
`Authentication`	`attemptAuthentication(javax.servlet.http.HttpServletRequest request)` Performs actual authentication.
`String`	`getDefaultFilterProcessesUrl()` This filter by default responds to `/j_acegi_security_check`.
`String`	`getFormPasswordParameterKey()` Returns the form password parameter key.
`String`	`getFormUsernameParameterKey()` Returns the form username parameter key.
`String`	`getSiteminderPasswordHeaderKey()` Returns the Siteminder password header key.
`String`	`getSiteminderUsernameHeaderKey()` Returns the Siteminder username header key.
`void`	`init(javax.servlet.FilterConfig filterConfig)` Does nothing.
`protected String`	`obtainPassword(javax.servlet.http.HttpServletRequest request)` Enables subclasses to override the composition of the password, such as by including additional values and a separator.
`protected void`	`setDetails(javax.servlet.http.HttpServletRequest request, UsernamePasswordAuthenticationToken authRequest)` Provided so that subclasses may configure what is put into the authentication request's details property.
`void`	`setFormPasswordParameterKey(String key)` Sets the form password parameter key.
`void`	`setFormUsernameParameterKey(String key)` Sets the form username parameter key.
`void`	`setSiteminderPasswordHeaderKey(String key)` Sets the Siteminder password header key.
`void`	`setSiteminderUsernameHeaderKey(String key)` Sets the Siteminder username header key.

Methods inherited from class org.acegisecurity.ui.webapp.AuthenticationProcessingFilter
`obtainUsername`

Methods inherited from class org.acegisecurity.ui.AbstractProcessingFilter
afterPropertiesSet, destroy, doFilter, getAuthenticationFailureUrl, getAuthenticationManager, getDefaultTargetUrl, getExceptionMappings, getFilterProcessesUrl, getRememberMeServices, isAlwaysUseDefaultTargetUrl, isContinueChainBeforeSuccessfulAuthentication, onPreAuthentication, onSuccessfulAuthentication, onUnsuccessfulAuthentication, requiresAuthentication, setAlwaysUseDefaultTargetUrl, setApplicationEventPublisher, setAuthenticationFailureUrl, setAuthenticationManager, setContinueChainBeforeSuccessfulAuthentication, setDefaultTargetUrl, setExceptionMappings, setFilterProcessesUrl, setMessageSource, setRememberMeServices, successfulAuthentication, unsuccessfulAuthentication

Methods inherited from class org.acegisecurity.ui.AbstractProcessingFilter

afterPropertiesSet, destroy, doFilter, getAuthenticationFailureUrl, getAuthenticationManager, getDefaultTargetUrl, getExceptionMappings, getFilterProcessesUrl, getRememberMeServices, isAlwaysUseDefaultTargetUrl, isContinueChainBeforeSuccessfulAuthentication, onPreAuthentication, onSuccessfulAuthentication, onUnsuccessfulAuthentication, requiresAuthentication, setAlwaysUseDefaultTargetUrl, setApplicationEventPublisher, setAuthenticationFailureUrl, setAuthenticationManager, setContinueChainBeforeSuccessfulAuthentication, setDefaultTargetUrl, setExceptionMappings, setFilterProcessesUrl, setMessageSource, setRememberMeServices, successfulAuthentication, unsuccessfulAuthentication

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Constructor Detail

SiteminderAuthenticationProcessingFilter

public SiteminderAuthenticationProcessingFilter()

Basic constructor.

Method Detail

attemptAuthentication

public Authentication attemptAuthentication(javax.servlet.http.HttpServletRequest request)
                                     throws AuthenticationException

Description copied from class: AbstractProcessingFilter

Performs actual authentication.

Overrides:: attemptAuthentication in class AuthenticationProcessingFilter

Parameters:: request - from which to extract parameters and perform the authentication
Returns:: the authenticated user
Throws:: AuthenticationException - if authentication fails
See Also:: AbstractProcessingFilter.attemptAuthentication(javax.servlet.http.HttpServletRequest)

getDefaultFilterProcessesUrl

public String getDefaultFilterProcessesUrl()

This filter by default responds to /j_acegi_security_check.

Overrides:: getDefaultFilterProcessesUrl in class AuthenticationProcessingFilter

Returns:: the default

getFormPasswordParameterKey

public String getFormPasswordParameterKey()

Returns the form password parameter key.

Returns:: The form password parameter key.

getFormUsernameParameterKey

public String getFormUsernameParameterKey()

Returns the form username parameter key.

Returns:: The form username parameter key.

getSiteminderPasswordHeaderKey

public String getSiteminderPasswordHeaderKey()

Returns the Siteminder password header key.

Returns:: The Siteminder password header key.

getSiteminderUsernameHeaderKey

public String getSiteminderUsernameHeaderKey()

Returns the Siteminder username header key.

Returns:: The Siteminder username header key.

init

public void init(javax.servlet.FilterConfig filterConfig)
          throws javax.servlet.ServletException

Description copied from class: AbstractProcessingFilter

Does nothing. We use IoC container lifecycle services instead.

Specified by:: init in interface javax.servlet.Filter
Overrides:: init in class AuthenticationProcessingFilter

Parameters:: filterConfig - ignored
Throws:: javax.servlet.ServletException - ignored
See Also:: Filter.init(javax.servlet.FilterConfig)

obtainPassword

protected String obtainPassword(javax.servlet.http.HttpServletRequest request)

Enables subclasses to override the composition of the password, such as by including additional values and a separator.

This might be used for example if a postcode/zipcode was required in addition to the password. A delimiter such as a pipe (|) should be used to separate the password and extended value(s). The AuthenticationDao will need to generate the expected password in a corresponding manner.

Overrides:: obtainPassword in class AuthenticationProcessingFilter

Parameters:: request - so that request attributes can be retrieved
Returns:: the password that will be presented in the Authentication request token to the AuthenticationManager

setDetails

protected void setDetails(javax.servlet.http.HttpServletRequest request,
                          UsernamePasswordAuthenticationToken authRequest)

Provided so that subclasses may configure what is put into the authentication request's details property. The default implementation simply constructs WebAuthenticationDetails.

Overrides:: setDetails in class AuthenticationProcessingFilter

Parameters:: request - that an authentication request is being created for; authRequest - the authentication request object that should have its details set

setFormPasswordParameterKey

public void setFormPasswordParameterKey(String key)

Sets the form password parameter key.

Parameters:: key - The form password parameter key.

setFormUsernameParameterKey

public void setFormUsernameParameterKey(String key)

Sets the form username parameter key.

Parameters:: key - The form username parameter key.

setSiteminderPasswordHeaderKey

public void setSiteminderPasswordHeaderKey(String key)

Sets the Siteminder password header key.

Parameters:: key - The Siteminder password header key.

setSiteminderUsernameHeaderKey

public void setSiteminderUsernameHeaderKey(String key)

Sets the Siteminder username header key.

Parameters:: key - The Siteminder username header key.