public class RequestAttributeAuthenticationFilter extends AbstractPreAuthenticatedProcessingFilter
As with most pre-authenticated scenarios, it is essential that the external authentication system is set up correctly as this filter does no authentication whatsoever.
The property principalEnvironmentVariable
is the name of the request attribute
that contains the username. It defaults to "REMOTE_USER" for compatibility with WebAuth
and Shibboleth.
If the environment variable is missing from the request,
getPreAuthenticatedPrincipal
will throw an exception. You can override this
behaviour by setting the exceptionIfVariableMissing
property.
Constructor and Description |
---|
RequestAttributeAuthenticationFilter() |
Modifier and Type | Method and Description |
---|---|
protected java.lang.Object |
getPreAuthenticatedCredentials(javax.servlet.http.HttpServletRequest request)
Credentials aren't usually applicable, but if a
credentialsEnvironmentVariable is set, this will be read and used as the
credentials value. |
protected java.lang.Object |
getPreAuthenticatedPrincipal(javax.servlet.http.HttpServletRequest request)
Read and returns the variable named by
principalEnvironmentVariable from
the request. |
void |
setCredentialsEnvironmentVariable(java.lang.String credentialsEnvironmentVariable) |
void |
setExceptionIfVariableMissing(boolean exceptionIfVariableMissing)
Defines whether an exception should be raised if the principal variable is missing.
|
void |
setPrincipalEnvironmentVariable(java.lang.String principalEnvironmentVariable) |
afterPropertiesSet, doFilter, getAuthenticationDetailsSource, principalChanged, setApplicationEventPublisher, setAuthenticationDetailsSource, setAuthenticationFailureHandler, setAuthenticationManager, setAuthenticationSuccessHandler, setCheckForPrincipalChanges, setContinueFilterChainOnUnsuccessfulAuthentication, setInvalidateSessionOnPrincipalChange, successfulAuthentication, unsuccessfulAuthentication
public RequestAttributeAuthenticationFilter()
protected java.lang.Object getPreAuthenticatedPrincipal(javax.servlet.http.HttpServletRequest request)
principalEnvironmentVariable
from
the request.getPreAuthenticatedPrincipal
in class AbstractPreAuthenticatedProcessingFilter
PreAuthenticatedCredentialsNotFoundException
- if the environment variable is
missing and exceptionIfVariableMissing
is set to true
.protected java.lang.Object getPreAuthenticatedCredentials(javax.servlet.http.HttpServletRequest request)
credentialsEnvironmentVariable
is set, this will be read and used as the
credentials value. Otherwise a dummy value will be used.getPreAuthenticatedCredentials
in class AbstractPreAuthenticatedProcessingFilter
public void setPrincipalEnvironmentVariable(java.lang.String principalEnvironmentVariable)
public void setCredentialsEnvironmentVariable(java.lang.String credentialsEnvironmentVariable)
public void setExceptionIfVariableMissing(boolean exceptionIfVariableMissing)
true
.exceptionIfVariableMissing
- set to false
to override the default
behaviour and allow the request to proceed if no variable is found.