Class JaasApiIntegrationFilter
- All Implemented Interfaces:
jakarta.servlet.Filter
,org.springframework.beans.factory.Aware
,org.springframework.beans.factory.BeanNameAware
,org.springframework.beans.factory.DisposableBean
,org.springframework.beans.factory.InitializingBean
,org.springframework.context.EnvironmentAware
,org.springframework.core.env.EnvironmentCapable
,org.springframework.web.context.ServletContextAware
A Filter
which attempts to obtain a JAAS Subject
and continue
the FilterChain
running as that Subject
.
By using this Filter
in conjunction with Spring's
JaasAuthenticationProvider
both Spring's SecurityContext
and
a JAAS Subject
can be populated simultaneously. This is useful when
integrating with code that requires a JAAS Subject
to be populated.
-
Field Summary
Fields inherited from class org.springframework.web.filter.GenericFilterBean
logger
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionfinal void
doFilter
(jakarta.servlet.ServletRequest request, jakarta.servlet.ServletResponse response, jakarta.servlet.FilterChain chain) Attempts to obtain and run as a JAASSubject
usingobtainSubject(ServletRequest)
.protected Subject
obtainSubject
(jakarta.servlet.ServletRequest request) Obtains theSubject
to run as ornull
if noSubject
is available.final void
setCreateEmptySubject
(boolean createEmptySubject) SetscreateEmptySubject
.void
setSecurityContextHolderStrategy
(SecurityContextHolderStrategy securityContextHolderStrategy) Sets theSecurityContextHolderStrategy
to use.Methods inherited from class org.springframework.web.filter.GenericFilterBean
addRequiredProperty, afterPropertiesSet, createEnvironment, destroy, getEnvironment, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext
-
Constructor Details
-
JaasApiIntegrationFilter
public JaasApiIntegrationFilter()
-
-
Method Details
-
doFilter
public final void doFilter(jakarta.servlet.ServletRequest request, jakarta.servlet.ServletResponse response, jakarta.servlet.FilterChain chain) throws jakarta.servlet.ServletException, IOException Attempts to obtain and run as a JAAS
Subject
usingobtainSubject(ServletRequest)
.If the
Subject
isnull
and createEmptySubject istrue
, an empty, writeableSubject
is used. This allows for theSubject
to be populated at the time of login. If theSubject
isnull
, theFilterChain
continues with no additional processing. If theSubject
is notnull
, theFilterChain
is ran withSubject.doAs(Subject, PrivilegedExceptionAction)
in conjunction with theSubject
obtained.- Throws:
jakarta.servlet.ServletException
IOException
-
obtainSubject
Obtains the
Subject
to run as ornull
if noSubject
is available.The default implementation attempts to obtain the
Subject
from theSecurityContext
'sAuthentication
. If it is of typeJaasAuthenticationToken
and is authenticated, theSubject
is returned from it. Otherwise,null
is returned.- Parameters:
request
- the currentServletRequest
- Returns:
- the Subject to run as or
null
if noSubject
is available.
-
setCreateEmptySubject
public final void setCreateEmptySubject(boolean createEmptySubject) SetscreateEmptySubject
. If the value istrue
, andobtainSubject(ServletRequest)
returnsnull
, an empty, writeableSubject
is created instead. Otherwise noSubject
is used. The default isfalse
.- Parameters:
createEmptySubject
- the new value
-
setSecurityContextHolderStrategy
public void setSecurityContextHolderStrategy(SecurityContextHolderStrategy securityContextHolderStrategy) Sets theSecurityContextHolderStrategy
to use. The default action is to use theSecurityContextHolderStrategy
stored inSecurityContextHolder
.- Since:
- 5.8
-