Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.broadleafcommerce.profile.web.core.security
Class RestApiCustomerStateFilter

java.lang.Object
  extended by org.springframework.web.filter.GenericFilterBean
      extended by org.broadleafcommerce.profile.web.core.security.RestApiCustomerStateFilter
All Implemented Interfaces:
javax.servlet.Filter, org.springframework.beans.factory.Aware, org.springframework.beans.factory.BeanNameAware, org.springframework.beans.factory.DisposableBean, org.springframework.beans.factory.InitializingBean, org.springframework.context.EnvironmentAware, org.springframework.core.Ordered, org.springframework.web.context.ServletContextAware
public class RestApiCustomerStateFilter
extends org.springframework.web.filter.GenericFilterBean
implements org.springframework.core.Ordered

This is a basic filter for finding the customer ID on the request and setting the customer object on the request. This should come after any security filters. This filter DOES NOT provide any security. It simply looks for a "customerId" parameter on the request or in the request header. If it finds this parameter it looks up the customer and makes it available as a request attribute. This is generally for use in a filter chain for RESTful web services, allowing the client consuming services to specify the customerId on whos behalf they are invoking the service. It is assumed that services are invoked either in a trusted, secured network where no additional security is required. Or using OAuth or a similar trusted security model. Whatever security model is used, it should ensure that the caller has access to call the system, and that they have access to do so on behalf of the client whos ID is being determined by this class. For RESTful services, this should be used instead of CustomerStateFilter since it does not look at or touch cookies or session.

User: Kelly Tisdell Date: 4/18/12

Field Summary
 
Fields inherited from class org.springframework.web.filter.GenericFilterBean
logger
 
Fields inherited from interface org.springframework.core.Ordered
HIGHEST_PRECEDENCE, LOWEST_PRECEDENCE
 
Constructor Summary
RestApiCustomerStateFilter()
           
 
Method Summary
 void doFilter(javax.servlet.ServletRequest servletRequest, javax.servlet.ServletResponse servletResponse, javax.servlet.FilterChain filterChain)
           
 String getCustomerIdAttributeName()
           
 int getOrder()
           
 void setCustomerIdAttributeName(String customerIdAttributeName)
           
 
Methods inherited from class org.springframework.web.filter.GenericFilterBean
addRequiredProperty, afterPropertiesSet, destroy, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

RestApiCustomerStateFilter

public RestApiCustomerStateFilter()
Method Detail

doFilter

public void doFilter(javax.servlet.ServletRequest servletRequest,
                     javax.servlet.ServletResponse servletResponse,
                     javax.servlet.FilterChain filterChain)
              throws IOException,
                     javax.servlet.ServletException
Specified by:
doFilter in interface javax.servlet.Filter
Throws:
IOException
javax.servlet.ServletException

getOrder

public int getOrder()
Specified by:
getOrder in interface org.springframework.core.Ordered

getCustomerIdAttributeName

public String getCustomerIdAttributeName()

setCustomerIdAttributeName

public void setCustomerIdAttributeName(String customerIdAttributeName)
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2013. All Rights Reserved.