SiteminderAuthenticationProcessingFilter

Overview

Package

Class

Use

Deprecated

Index

Home >> All >> org >> acegisecurity >> ui >> [ webapp overview ]

PREV CLASS NEXT CLASS

SUMMARY:

JAVADOC |

Sourc code of org.acegisecurity.ui.webapp.SiteminderAuthenticationProcessingFilter

SOURCE |

Download org.acegisecurity.ui.webapp.SiteminderAuthenticationProcessingFilter

DOWNLOAD | NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.acegisecurity.ui.webapp
Class SiteminderAuthenticationProcessingFilter

java.lang.Object
  org.acegisecurity.ui.AbstractProcessingFilter
      org.acegisecurity.ui.webapp.AuthenticationProcessingFilter
          org.acegisecurity.ui.webapp.SiteminderAuthenticationProcessingFilter

All Implemented Interfaces:: org.springframework.context.ApplicationEventPublisherAware, javax.servlet.Filter, org.springframework.beans.factory.InitializingBean, org.springframework.context.MessageSourceAware

public class SiteminderAuthenticationProcessingFilter
extends AuthenticationProcessingFilter

Extends Acegi's AuthenticationProcessingFilter to pick up Netegrity Siteminder's headers.

Also provides a backup form-based authentication and the ability set source key names.

Siteminder must present two headers to this filter, a username and password. You must set the header keys before this filter is used for authentication, otherwise Siteminder checks will be skipped. If the Siteminder check is unsuccessful (i.e. if the headers are not found), then the form parameters will be checked (see next paragraph). This allows applications to optionally function even when their Siteminder infrastructure is unavailable, as is often the case during development.

Login forms must present two parameters to this filter: a username and password. If not specified, the parameter names to use are contained in the static fields AuthenticationProcessingFilter.ACEGI_SECURITY_FORM_USERNAME_KEY 55 and AuthenticationProcessingFilter.ACEGI_SECURITY_FORM_PASSWORD_KEY 55 .

Do not use this class directly. Instead, configure web.xml to use the org.acegisecurity.util.FilterToBeanProxy.

Field Summary

private java.lang.String formPasswordParameterKey
          Form password request key.

private java.lang.String formUsernameParameterKey
          Form username request key.

private java.lang.String siteminderPasswordHeaderKey
          Siteminder password header key.

private java.lang.String siteminderUsernameHeaderKey
          Siteminder username header key.

Fields inherited from class org.acegisecurity.ui.webapp.AuthenticationProcessingFilter

ACEGI_SECURITY_FORM_PASSWORD_KEY, ACEGI_SECURITY_FORM_USERNAME_KEY, ACEGI_SECURITY_LAST_USERNAME_KEY

Fields inherited from class org.acegisecurity.ui.AbstractProcessingFilter

ACEGI_SECURITY_LAST_EXCEPTION_KEY, ACEGI_SECURITY_TARGET_URL_KEY, logger, messages

Constructor Summary

SiteminderAuthenticationProcessingFilter()
          Basic constructor.

Method Summary

org.acegisecurity.Authentication attemptAuthentication(javax.servlet.http.HttpServletRequest request)
          Performs actual authentication.

java.lang.String getDefaultFilterProcessesUrl()
          This filter by default responds to /j_acegi_security_check.

java.lang.String getFormPasswordParameterKey()
          Returns the form password parameter key.

java.lang.String getFormUsernameParameterKey()
          Returns the form username parameter key.

java.lang.String getSiteminderPasswordHeaderKey()
          Returns the Siteminder password header key.

java.lang.String getSiteminderUsernameHeaderKey()
          Returns the Siteminder username header key.

void init(javax.servlet.FilterConfig filterConfig)
          Does nothing.

protected java.lang.String obtainPassword(javax.servlet.http.HttpServletRequest request)
          Enables subclasses to override the composition of the password, such as by including additional values and a separator.

protected void setDetails(javax.servlet.http.HttpServletRequest request, org.acegisecurity.providers.UsernamePasswordAuthenticationToken authRequest)
          Provided so that subclasses may configure what is put into the authentication request's details property.

void setFormPasswordParameterKey(java.lang.String key)
          Sets the form password parameter key.

void setFormUsernameParameterKey(java.lang.String key)
          Sets the form username parameter key.

void setSiteminderPasswordHeaderKey(java.lang.String key)
          Sets the Siteminder password header key.

void setSiteminderUsernameHeaderKey(java.lang.String key)
          Sets the Siteminder username header key.

Methods inherited from class org.acegisecurity.ui.webapp.AuthenticationProcessingFilter

obtainUsername

Methods inherited from class org.acegisecurity.ui.AbstractProcessingFilter

afterPropertiesSet, destroy, doFilter, getAuthenticationFailureUrl, getAuthenticationManager, getDefaultTargetUrl, getExceptionMappings, getFilterProcessesUrl, getRememberMeServices, isAlwaysUseDefaultTargetUrl, isContinueChainBeforeSuccessfulAuthentication, onPreAuthentication, onSuccessfulAuthentication, onUnsuccessfulAuthentication, requiresAuthentication, setAlwaysUseDefaultTargetUrl, setApplicationEventPublisher, setAuthenticationFailureUrl, setAuthenticationManager, setContinueChainBeforeSuccessfulAuthentication, setDefaultTargetUrl, setExceptionMappings, setFilterProcessesUrl, setMessageSource, setRememberMeServices, successfulAuthentication, unsuccessfulAuthentication

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

formPasswordParameterKey

private java.lang.String formPasswordParameterKey

Form password request key.

formUsernameParameterKey

private java.lang.String formUsernameParameterKey

Form username request key.

siteminderPasswordHeaderKey

private java.lang.String siteminderPasswordHeaderKey

Siteminder password header key.

siteminderUsernameHeaderKey

private java.lang.String siteminderUsernameHeaderKey

Siteminder username header key.

Constructor Detail

SiteminderAuthenticationProcessingFilter

public SiteminderAuthenticationProcessingFilter()

Basic constructor.

Method Detail

attemptAuthentication

public org.acegisecurity.Authentication attemptAuthentication(javax.servlet.http.HttpServletRequest request)
                                                       throws org.acegisecurity.AuthenticationException

Description copied from class: org.acegisecurity.ui.AbstractProcessingFilter

Performs actual authentication.

Overrides:: attemptAuthentication in class AuthenticationProcessingFilter

getDefaultFilterProcessesUrl

public java.lang.String getDefaultFilterProcessesUrl()

This filter by default responds to /j_acegi_security_check.

Overrides:: getDefaultFilterProcessesUrl in class AuthenticationProcessingFilter

getFormPasswordParameterKey

public java.lang.String getFormPasswordParameterKey()

Returns the form password parameter key.

getFormUsernameParameterKey

public java.lang.String getFormUsernameParameterKey()

Returns the form username parameter key.

getSiteminderPasswordHeaderKey

public java.lang.String getSiteminderPasswordHeaderKey()

Returns the Siteminder password header key.

getSiteminderUsernameHeaderKey

public java.lang.String getSiteminderUsernameHeaderKey()

Returns the Siteminder username header key.

init

public void init(javax.servlet.FilterConfig filterConfig)
          throws javax.servlet.ServletException

Description copied from class: org.acegisecurity.ui.AbstractProcessingFilter

Does nothing. We use IoC container lifecycle services instead.

Specified by:: init in interface javax.servlet.Filter
Overrides:: init in class AuthenticationProcessingFilter

obtainPassword

protected java.lang.String obtainPassword(javax.servlet.http.HttpServletRequest request)

Enables subclasses to override the composition of the password, such as by including additional values and a separator.

This might be used for example if a postcode/zipcode was required in addition to the password. A delimiter such as a pipe (|) should be used to separate the password and extended value(s). The AuthenticationDao will need to generate the expected password in a corresponding manner.

Overrides:: obtainPassword in class AuthenticationProcessingFilter

setDetails

protected void setDetails(javax.servlet.http.HttpServletRequest request,
                          org.acegisecurity.providers.UsernamePasswordAuthenticationToken authRequest)

Provided so that subclasses may configure what is put into the authentication request's details property. The default implementation simply constructs org.acegisecurity.ui.WebAuthenticationDetails.

Overrides:: setDetails in class AuthenticationProcessingFilter

setFormPasswordParameterKey

public void setFormPasswordParameterKey(java.lang.String key)

Sets the form password parameter key.

setFormUsernameParameterKey

public void setFormUsernameParameterKey(java.lang.String key)

Sets the form username parameter key.

setSiteminderPasswordHeaderKey

public void setSiteminderPasswordHeaderKey(java.lang.String key)

Sets the Siteminder password header key.

setSiteminderUsernameHeaderKey

public void setSiteminderUsernameHeaderKey(java.lang.String key)

Sets the Siteminder username header key.

Overview

Package

Class

Use

Deprecated

Index

Home >> All >> org >> acegisecurity >> ui >> [ webapp overview ]

PREV CLASS NEXT CLASS

SUMMARY:

JAVADOC |

SOURCE |

DOWNLOAD | NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

Field Summary
`private java.lang.String`	`formPasswordParameterKey` Form password request key.
`private java.lang.String`	`formUsernameParameterKey` Form username request key.
`private java.lang.String`	`siteminderPasswordHeaderKey` Siteminder password header key.
`private java.lang.String`	`siteminderUsernameHeaderKey` Siteminder username header key.

Constructor Summary
`SiteminderAuthenticationProcessingFilter()` Basic constructor.

Method Summary
`org.acegisecurity.Authentication`	`attemptAuthentication(javax.servlet.http.HttpServletRequest request)` Performs actual authentication.
`java.lang.String`	`getDefaultFilterProcessesUrl()` This filter by default responds to `/j_acegi_security_check`.
`java.lang.String`	`getFormPasswordParameterKey()` Returns the form password parameter key.
`java.lang.String`	`getFormUsernameParameterKey()` Returns the form username parameter key.
`java.lang.String`	`getSiteminderPasswordHeaderKey()` Returns the Siteminder password header key.
`java.lang.String`	`getSiteminderUsernameHeaderKey()` Returns the Siteminder username header key.
`void`	`init(javax.servlet.FilterConfig filterConfig)` Does nothing.
`protected java.lang.String`	`obtainPassword(javax.servlet.http.HttpServletRequest request)` Enables subclasses to override the composition of the password, such as by including additional values and a separator.
`protected void`	`setDetails(javax.servlet.http.HttpServletRequest request, org.acegisecurity.providers.UsernamePasswordAuthenticationToken authRequest)` Provided so that subclasses may configure what is put into the authentication request's details property.
`void`	`setFormPasswordParameterKey(java.lang.String key)` Sets the form password parameter key.
`void`	`setFormUsernameParameterKey(java.lang.String key)` Sets the form username parameter key.
`void`	`setSiteminderPasswordHeaderKey(java.lang.String key)` Sets the Siteminder password header key.
`void`	`setSiteminderUsernameHeaderKey(java.lang.String key)` Sets the Siteminder username header key.

org.acegisecurity.ui.webapp Class SiteminderAuthenticationProcessingFilter

formPasswordParameterKey

formUsernameParameterKey

siteminderPasswordHeaderKey

siteminderUsernameHeaderKey

SiteminderAuthenticationProcessingFilter

attemptAuthentication

getDefaultFilterProcessesUrl

getFormPasswordParameterKey

getFormUsernameParameterKey

getSiteminderPasswordHeaderKey

getSiteminderUsernameHeaderKey

init

obtainPassword

setDetails

setFormPasswordParameterKey

setFormUsernameParameterKey

setSiteminderPasswordHeaderKey

setSiteminderUsernameHeaderKey

org.acegisecurity.ui.webapp
Class SiteminderAuthenticationProcessingFilter