JaasApiIntegrationFilter (Spring Security 3.1.4.RELEASE API)

Overview

Package

Class

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.springframework.security.web.jaasapi
Class JaasApiIntegrationFilter

java.lang.Object
  org.springframework.web.filter.GenericFilterBean
      org.springframework.security.web.jaasapi.JaasApiIntegrationFilter

All Implemented Interfaces:: javax.servlet.Filter, BeanNameAware, DisposableBean, InitializingBean, ServletContextAware

public class JaasApiIntegrationFilter
extends GenericFilterBean
extends GenericFilterBean

A Filter which attempts to obtain a JAAS Subject and continue the FilterChain running as that Subject.

By using this Filter in conjunction with Spring's JaasAuthenticationProvider both Spring's SecurityContext and a JAAS Subject can be populated simultaneously. This is useful when integrating with code that requires a JAAS Subject to be populated.

See Also:: doFilter(ServletRequest, ServletResponse, FilterChain), obtainSubject(ServletRequest)

Field Summary

Fields inherited from class org.springframework.web.filter.GenericFilterBean
`logger`

Constructor Summary
`JaasApiIntegrationFilter()`

Method Summary
`void`	`doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain)` Attempts to obtain and run as a JAAS `Subject` using `obtainSubject(ServletRequest)`.
`protected Subject`	`obtainSubject(javax.servlet.ServletRequest request)` Obtains the `Subject` to run as or `null` if no `Subject` is available.
`void`	`setCreateEmptySubject(boolean createEmptySubject)` Sets `createEmptySubject`.

Methods inherited from class org.springframework.web.filter.GenericFilterBean
`addRequiredProperty, afterPropertiesSet, destroy, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setServletContext`

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Constructor Detail

JaasApiIntegrationFilter

public JaasApiIntegrationFilter()

Method Detail

doFilter

public final void doFilter(javax.servlet.ServletRequest request,
                           javax.servlet.ServletResponse response,
                           javax.servlet.FilterChain chain)
                    throws javax.servlet.ServletException,
                           IOException

Attempts to obtain and run as a JAAS Subject using obtainSubject(ServletRequest).

If the Subject is null and createEmptySubject is true, an empty, writeable Subject is used. This allows for the Subject to be populated at the time of login. If the Subject is null, the FilterChain continues with no additional processing. If the Subject is not null, the FilterChain is ran with Subject.doAs(Subject, PrivilegedExceptionAction) in conjunction with the Subject obtained.

Throws:: javax.servlet.ServletException; IOException

obtainSubject

protected Subject obtainSubject(javax.servlet.ServletRequest request)

Obtains the Subject to run as or null if no Subject is available.

The default implementation attempts to obtain the Subject from the SecurityContext's Authentication. If it is of type JaasAuthenticationToken and is authenticated, the Subject is returned from it. Otherwise, null is returned.

Parameters:: request - the current ServletRequest
Returns:: the Subject to run as or null if no Subject is available.

setCreateEmptySubject

public final void setCreateEmptySubject(boolean createEmptySubject)

Sets createEmptySubject. If the value is true, and obtainSubject(ServletRequest) returns null, an empty, writeable Subject is created instead. Otherwise no Subject is used. The default is false.

Parameters:: createEmptySubject - the new value