Class JaasApiIntegrationFilter

  • All Implemented Interfaces:
    javax.servlet.Filter, org.springframework.beans.factory.Aware, org.springframework.beans.factory.BeanNameAware, org.springframework.beans.factory.DisposableBean, org.springframework.beans.factory.InitializingBean, org.springframework.context.EnvironmentAware, org.springframework.core.env.EnvironmentCapable, org.springframework.web.context.ServletContextAware

    public class JaasApiIntegrationFilter
    extends org.springframework.web.filter.GenericFilterBean

    A Filter which attempts to obtain a JAAS Subject and continue the FilterChain running as that Subject.

    By using this Filter in conjunction with Spring's JaasAuthenticationProvider both Spring's SecurityContext and a JAAS Subject can be populated simultaneously. This is useful when integrating with code that requires a JAAS Subject to be populated.

    See Also:
    doFilter(ServletRequest, ServletResponse, FilterChain), obtainSubject(ServletRequest)
    • Field Summary

      • Fields inherited from class org.springframework.web.filter.GenericFilterBean

        logger
    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      void doFilter​(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain)
      Attempts to obtain and run as a JAAS Subject using obtainSubject(ServletRequest).
      protected javax.security.auth.Subject obtainSubject​(javax.servlet.ServletRequest request)
      Obtains the Subject to run as or null if no Subject is available.
      void setCreateEmptySubject​(boolean createEmptySubject)
      Sets createEmptySubject.
      • Methods inherited from class org.springframework.web.filter.GenericFilterBean

        addRequiredProperty, afterPropertiesSet, createEnvironment, destroy, getEnvironment, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Constructor Detail

      • JaasApiIntegrationFilter

        public JaasApiIntegrationFilter()
    • Method Detail

      • doFilter

        public final void doFilter​(javax.servlet.ServletRequest request,
                                   javax.servlet.ServletResponse response,
                                   javax.servlet.FilterChain chain)
                            throws javax.servlet.ServletException,
                                   java.io.IOException

        Attempts to obtain and run as a JAAS Subject using obtainSubject(ServletRequest).

        If the Subject is null and createEmptySubject is true, an empty, writeable Subject is used. This allows for the Subject to be populated at the time of login. If the Subject is null, the FilterChain continues with no additional processing. If the Subject is not null , the FilterChain is ran with Subject.doAs(Subject, PrivilegedExceptionAction) in conjunction with the Subject obtained.

        Throws:
        javax.servlet.ServletException
        java.io.IOException
      • obtainSubject

        protected javax.security.auth.Subject obtainSubject​(javax.servlet.ServletRequest request)

        Obtains the Subject to run as or null if no Subject is available.

        The default implementation attempts to obtain the Subject from the SecurityContext's Authentication. If it is of type JaasAuthenticationToken and is authenticated, the Subject is returned from it. Otherwise, null is returned.

        Parameters:
        request - the current ServletRequest
        Returns:
        the Subject to run as or null if no Subject is available.
      • setCreateEmptySubject

        public final void setCreateEmptySubject​(boolean createEmptySubject)
        Sets createEmptySubject. If the value is true, and obtainSubject(ServletRequest) returns null, an empty, writeable Subject is created instead. Otherwise no Subject is used. The default is false.
        Parameters:
        createEmptySubject - the new value