public class JaasApiIntegrationFilter
extends org.springframework.web.filter.GenericFilterBean
A Filter
which attempts to obtain a JAAS Subject
and continue
the FilterChain
running as that Subject
.
By using this Filter
in conjunction with Spring's
JaasAuthenticationProvider
both Spring's SecurityContext
and
a JAAS Subject
can be populated simultaneously. This is useful when
integrating with code that requires a JAAS Subject
to be populated.
Constructor and Description |
---|
JaasApiIntegrationFilter() |
Modifier and Type | Method and Description |
---|---|
void |
doFilter(javax.servlet.ServletRequest request,
javax.servlet.ServletResponse response,
javax.servlet.FilterChain chain)
Attempts to obtain and run as a JAAS
Subject using
obtainSubject(ServletRequest) . |
protected javax.security.auth.Subject |
obtainSubject(javax.servlet.ServletRequest request)
Obtains the
Subject to run as or null if no
Subject is available. |
void |
setCreateEmptySubject(boolean createEmptySubject)
Sets
createEmptySubject . |
public final void doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain) throws javax.servlet.ServletException, java.io.IOException
Attempts to obtain and run as a JAAS Subject
using
obtainSubject(ServletRequest)
.
If the Subject
is null
and createEmptySubject is
true
, an empty, writeable Subject
is used. This allows
for the Subject
to be populated at the time of login. If the
Subject
is null
, the FilterChain
continues
with no additional processing. If the Subject
is not null
, the FilterChain
is ran with
Subject.doAs(Subject, PrivilegedExceptionAction)
in conjunction with the
Subject
obtained.
javax.servlet.ServletException
java.io.IOException
protected javax.security.auth.Subject obtainSubject(javax.servlet.ServletRequest request)
Obtains the Subject
to run as or null
if no
Subject
is available.
The default implementation attempts to obtain the Subject
from the
SecurityContext
's Authentication
. If it is of type
JaasAuthenticationToken
and is authenticated, the Subject
is returned from it. Otherwise, null
is returned.
request
- the current ServletRequest
null
if no Subject
is
available.public final void setCreateEmptySubject(boolean createEmptySubject)
createEmptySubject
. If the value is true
, and
obtainSubject(ServletRequest)
returns null
, an empty,
writeable Subject
is created instead. Otherwise no
Subject
is used. The default is false
.createEmptySubject
- the new value