Class JaasApiIntegrationFilter
- java.lang.Object
-
- org.springframework.web.filter.GenericFilterBean
-
- org.springframework.security.web.jaasapi.JaasApiIntegrationFilter
-
- All Implemented Interfaces:
javax.servlet.Filter
,org.springframework.beans.factory.Aware
,org.springframework.beans.factory.BeanNameAware
,org.springframework.beans.factory.DisposableBean
,org.springframework.beans.factory.InitializingBean
,org.springframework.context.EnvironmentAware
,org.springframework.core.env.EnvironmentCapable
,org.springframework.web.context.ServletContextAware
public class JaasApiIntegrationFilter extends org.springframework.web.filter.GenericFilterBean
A
Filter
which attempts to obtain a JAASSubject
and continue theFilterChain
running as thatSubject
.By using this
Filter
in conjunction with Spring'sJaasAuthenticationProvider
both Spring'sSecurityContext
and a JAASSubject
can be populated simultaneously. This is useful when integrating with code that requires a JAASSubject
to be populated.
-
-
Constructor Summary
Constructors Constructor Description JaasApiIntegrationFilter()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain)
Attempts to obtain and run as a JAASSubject
usingobtainSubject(ServletRequest)
.protected javax.security.auth.Subject
obtainSubject(javax.servlet.ServletRequest request)
Obtains theSubject
to run as ornull
if noSubject
is available.void
setCreateEmptySubject(boolean createEmptySubject)
SetscreateEmptySubject
.
-
-
-
Method Detail
-
doFilter
public final void doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain) throws javax.servlet.ServletException, java.io.IOException
Attempts to obtain and run as a JAAS
Subject
usingobtainSubject(ServletRequest)
.If the
Subject
isnull
and createEmptySubject istrue
, an empty, writeableSubject
is used. This allows for theSubject
to be populated at the time of login. If theSubject
isnull
, theFilterChain
continues with no additional processing. If theSubject
is notnull
, theFilterChain
is ran withSubject.doAs(Subject, PrivilegedExceptionAction)
in conjunction with theSubject
obtained.- Throws:
javax.servlet.ServletException
java.io.IOException
-
obtainSubject
protected javax.security.auth.Subject obtainSubject(javax.servlet.ServletRequest request)
Obtains the
Subject
to run as ornull
if noSubject
is available.The default implementation attempts to obtain the
Subject
from theSecurityContext
'sAuthentication
. If it is of typeJaasAuthenticationToken
and is authenticated, theSubject
is returned from it. Otherwise,null
is returned.- Parameters:
request
- the currentServletRequest
- Returns:
- the Subject to run as or
null
if noSubject
is available.
-
setCreateEmptySubject
public final void setCreateEmptySubject(boolean createEmptySubject)
SetscreateEmptySubject
. If the value istrue
, andobtainSubject(ServletRequest)
returnsnull
, an empty, writeableSubject
is created instead. Otherwise noSubject
is used. The default isfalse
.- Parameters:
createEmptySubject
- the new value
-
-