org.broadleafcommerce.profile.web.core.security

Class RestApiCustomerStateFilter

java.lang.Object

org.springframework.web.filter.GenericFilterBean

org.broadleafcommerce.profile.web.core.security.RestApiCustomerStateFilter

All Implemented Interfaces:

javax.servlet.Filter, org.springframework.beans.factory.Aware, org.springframework.beans.factory.BeanNameAware, org.springframework.beans.factory.DisposableBean, org.springframework.beans.factory.InitializingBean, org.springframework.context.EnvironmentAware, org.springframework.core.Ordered, org.springframework.web.context.ServletContextAware

public class RestApiCustomerStateFilter
extends org.springframework.web.filter.GenericFilterBean
implements org.springframework.core.Ordered

This is a basic filter for finding the customer ID on the request and setting the customer object on the request. This must come after the BroadleafRequestFilter (blRequestFilter). This should come after any security filters. This filter DOES NOT provide any security. It simply looks for a "customerId" parameter on the request or in the request header. If it finds this parameter it looks up the customer and makes it available as a request attribute. This is generally for use in a filter chain for RESTful web services, allowing the client consuming services to specify the customerId on whos behalf they are invoking the service. It is assumed that services are invoked either in a trusted, secured network where no additional security is required. Or using OAuth or a similar trusted security model. Whatever security model is used, it should ensure that the caller has access to call the system, and that they have access to do so on behalf of the client whos ID is being determined by this class. For RESTful services, this should be used instead of CustomerStateFilter since it does not look at or touch cookies or session.

User: Kelly Tisdell Date: 4/18/12

Field Summary

Fields

Modifier and Type	Field and Description
protected String	customerIdAttributeName
protected CustomerService	customerService
protected static org.apache.commons.logging.Log	LOG

Fields inherited from class org.springframework.web.filter.GenericFilterBean

logger

Fields inherited from interface org.springframework.core.Ordered

HIGHEST_PRECEDENCE, LOWEST_PRECEDENCE

Constructor Summary

Constructors

Constructor and Description
RestApiCustomerStateFilter()

Method Summary

Methods

Modifier and Type	Method and Description
void	doFilter(javax.servlet.ServletRequest servletRequest, javax.servlet.ServletResponse servletResponse, javax.servlet.FilterChain filterChain)
String	getCustomerIdAttributeName()
int	getOrder()
void	setCustomerIdAttributeName(String customerIdAttributeName)

Methods inherited from class org.springframework.web.filter.GenericFilterBean

addRequiredProperty, afterPropertiesSet, destroy, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

LOG

protected static final org.apache.commons.logging.Log LOG

customerService

protected CustomerService customerService

customerIdAttributeName

protected String customerIdAttributeName

Constructor Detail

RestApiCustomerStateFilter

public RestApiCustomerStateFilter()

Method Detail

doFilter

public void doFilter(javax.servlet.ServletRequest servletRequest,
            javax.servlet.ServletResponse servletResponse,
            javax.servlet.FilterChain filterChain)
              throws IOException,
                     javax.servlet.ServletException

Specified by:

doFilter in interface javax.servlet.Filter

Throws:

IOException

javax.servlet.ServletException

getOrder

public int getOrder()

Specified by:

getOrder in interface org.springframework.core.Ordered

getCustomerIdAttributeName

public String getCustomerIdAttributeName()

setCustomerIdAttributeName

public void setCustomerIdAttributeName(String customerIdAttributeName)