Source code: org/acegisecurity/adapters/HttpRequestIntegrationFilter.java
1 /* Copyright 2004, 2005 Acegi Technology Pty Limited
2 *
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 package org.acegisecurity.adapters;
17
18 import org.acegisecurity.Authentication;
19 import org.acegisecurity.context.SecurityContextHolder;
20
21 import org.apache.commons.logging.Log;
22 import org.apache.commons.logging.LogFactory;
23
24 import java.io.IOException;
25
26 import java.security.Principal;
27
28 import javax.servlet.Filter;
29 import javax.servlet.FilterChain;
30 import javax.servlet.FilterConfig;
31 import javax.servlet.ServletException;
32 import javax.servlet.ServletRequest;
33 import javax.servlet.ServletResponse;
34 import javax.servlet.http.HttpServletRequest;
35
36
37 /**
38 * Populates <code>SecurityContext</code> with the <code>Authentication</code>
39 * obtained from the container's
40 * <code>HttpServletRequest.getUserPrincipal()</code>.
41 *
42 * <p>
43 * Use this filter with container adapters only.
44 * </p>
45 *
46 * <p>
47 * This filter <b>never</b> preserves the <code>Authentication</code> on the
48 * <code>SecurityContext</code> - it is replaced every request.
49 * </p>
50 *
51 * <p>
52 * See {@link org.acegisecurity.context.HttpSessionContextIntegrationFilter}
53 * for further information.
54 * </p>
55 *
56 * @author Ben Alex
57 * @version $Id: HttpRequestIntegrationFilter.java,v 1.11 2005/11/17 00:55:49 benalex Exp $
58 */
59 public class HttpRequestIntegrationFilter implements Filter {
60 //~ Static fields/initializers =============================================
61
62 private static final Log logger = LogFactory.getLog(HttpRequestIntegrationFilter.class);
63
64 //~ Methods ================================================================
65
66 /**
67 * Does nothing. We use IoC container lifecycle services instead.
68 */
69 public void destroy() {}
70
71 public void doFilter(ServletRequest request, ServletResponse response,
72 FilterChain chain) throws IOException, ServletException {
73 if (request instanceof HttpServletRequest) {
74 Principal principal = ((HttpServletRequest) request)
75 .getUserPrincipal();
76
77 if ((principal != null) && principal instanceof Authentication) {
78 SecurityContextHolder.getContext().setAuthentication((Authentication) principal);
79
80 if (logger.isDebugEnabled()) {
81 logger.debug(
82 "SecurityContextHolder updated with Authentication from container: '"
83 + principal + "'");
84 }
85 } else {
86 if (logger.isDebugEnabled()) {
87 logger.debug(
88 "SecurityContextHolder not set with new Authentication as Principal was: '"
89 + principal + "'");
90 }
91 }
92 } else {
93 throw new IllegalArgumentException(
94 "Only HttpServletRequest is acceptable");
95 }
96
97 chain.doFilter(request, response);
98 }
99
100 /**
101 * Does nothing. We use IoC container lifecycle services instead.
102 *
103 * @param arg0 ignored
104 *
105 * @throws ServletException ignored
106 */
107 public void init(FilterConfig arg0) throws ServletException {}
108 }