Package org.dspace.app.rest.security

Class ShibbolethAuthenticationFilter

  • All Implemented Interfaces:
    javax.servlet.Filter, org.springframework.beans.factory.Aware, org.springframework.beans.factory.BeanNameAware, org.springframework.beans.factory.DisposableBean, org.springframework.beans.factory.InitializingBean, org.springframework.context.ApplicationEventPublisherAware, org.springframework.context.EnvironmentAware, org.springframework.context.MessageSourceAware, org.springframework.core.env.EnvironmentCapable, org.springframework.web.context.ServletContextAware
    public class ShibbolethAuthenticationFilter
extends StatelessLoginFilter
    This class will filter Shibboleth requests to see if the user has been authenticated via Shibboleth.

    This filter runs before the ShibbolethRestController, in order to verify Shibboleth authentication succeeded, and create the authentication token (JWT).

    Author:
    Giuseppe Digilio (giuseppe dot digilio at 4science dot it)
    See Also:
    ShibbolethRestController, ShibAuthentication

    • Field Summary

      • Fields inherited from class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

        authenticationDetailsSource, eventPublisher, messages

      • Fields inherited from class org.springframework.web.filter.GenericFilterBean

        logger

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      org.springframework.security.core.Authentication attemptAuthentication​(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse res)
      Attempt to authenticate the user by using Spring Security's AuthenticationManager.
      protected void successfulAuthentication​(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse res, javax.servlet.FilterChain chain, org.springframework.security.core.Authentication auth)
      If the above attemptAuthentication() call was successful (no authentication error was thrown), then this method will take the returned DSpaceAuthentication class (which includes all the data from the authenticated user) and add the authentication data to the response.

      • Methods inherited from class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

        doFilter, getAllowSessionCreation, getAuthenticationManager, getFailureHandler, getRememberMeServices, getSuccessHandler, requiresAuthentication, setAllowSessionCreation, setApplicationEventPublisher, setAuthenticationDetailsSource, setAuthenticationFailureHandler, setAuthenticationManager, setAuthenticationSuccessHandler, setContinueChainBeforeSuccessfulAuthentication, setFilterProcessesUrl, setMessageSource, setRememberMeServices, setRequiresAuthenticationRequestMatcher, setSessionAuthenticationStrategy

      • Methods inherited from class org.springframework.web.filter.GenericFilterBean

        addRequiredProperty, createEnvironment, destroy, getEnvironment, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext

    • Constructor Detail

      • ShibbolethAuthenticationFilter

        public ShibbolethAuthenticationFilter​(String url,
                                      org.springframework.security.authentication.AuthenticationManager authenticationManager,
                                      RestAuthenticationService restAuthenticationService)

    • Method Detail

      • attemptAuthentication

        public org.springframework.security.core.Authentication attemptAuthentication​(javax.servlet.http.HttpServletRequest req,
                                                                              javax.servlet.http.HttpServletResponse res)
                                                                       throws org.springframework.security.core.AuthenticationException
        Description copied from class: StatelessLoginFilter
        Attempt to authenticate the user by using Spring Security's AuthenticationManager. The AuthenticationManager will delegate this task to one or more AuthenticationProvider classes.

        For DSpace, our custom AuthenticationProvider is EPersonRestAuthenticationProvider, so that is the authenticate() method which is called below.

        Overrides:
        attemptAuthentication in class StatelessLoginFilter
        Parameters:
        req - current request
        res - current response
        Returns:
        a valid Spring Security Authentication object if authentication succeeds
        Throws:
        org.springframework.security.core.AuthenticationException - if authentication fails
        See Also:
        EPersonRestAuthenticationProvider

      • successfulAuthentication

        protected void successfulAuthentication​(javax.servlet.http.HttpServletRequest req,
                                        javax.servlet.http.HttpServletResponse res,
                                        javax.servlet.FilterChain chain,
                                        org.springframework.security.core.Authentication auth)
                                 throws IOException,
                                        javax.servlet.ServletException
        Description copied from class: StatelessLoginFilter
        If the above attemptAuthentication() call was successful (no authentication error was thrown), then this method will take the returned DSpaceAuthentication class (which includes all the data from the authenticated user) and add the authentication data to the response.

        For DSpace, this is calling our JWTTokenRestAuthenticationServiceImpl in order to create a JWT based on the authentication data & send that JWT back in the response.

        Overrides:
        successfulAuthentication in class StatelessLoginFilter
        Parameters:
        req - current request
        res - response
        chain - FilterChain
        auth - Authentication object containing info about user who had a successful authentication
        Throws:
        IOException
        javax.servlet.ServletException
        See Also:
        JWTTokenRestAuthenticationServiceImpl