Class SecurityFilter
java.lang.Object
org.eximeebpms.bpm.webapp.impl.security.filter.SecurityFilter
- All Implemented Interfaces:
javax.servlet.Filter
Simple filter implementation which delegates to a list of FilterRules,
evaluating their SecurityFilterRule#setAuthorized(org.eximeebpms.bpm.webapp.impl.security.filter.AppRequest) condition
for the given request.
This filter must be configured using a init-param in the web.xml file. The parameter must be named "configFile" and point to the configuration file located in the servlet context.
- Author:
- Daniel Meyer, nico.rehwaldt
-
Field Summary
Fields -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionstatic Authorizationauthorize(String requestMethod, String requestUri, List<SecurityFilterRule> filterRules) Iterate over a number of filter rules and match them against the specified request.voiddestroy()voiddoFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain) voiddoFilterSecure(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, javax.servlet.FilterChain chain) protected StringgetRequestUri(javax.servlet.http.HttpServletRequest request) voidinit(javax.servlet.FilterConfig filterConfig) protected booleanisAuthenticated(javax.servlet.http.HttpServletRequest request) protected voidloadFilterRules(javax.servlet.FilterConfig filterConfig, String applicationPath) protected voidsendForbidden(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) protected voidsendForbiddenApplicationAccess(String application, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) protected voidsendUnauthorized(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
-
Field Details
-
filterRules
-
-
Constructor Details
-
SecurityFilter
public SecurityFilter()
-
-
Method Details
-
doFilter
public void doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain) throws IOException, javax.servlet.ServletException - Specified by:
doFilterin interfacejavax.servlet.Filter- Throws:
IOExceptionjavax.servlet.ServletException
-
doFilterSecure
public void doFilterSecure(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, javax.servlet.FilterChain chain) throws IOException, javax.servlet.ServletException - Throws:
IOExceptionjavax.servlet.ServletException
-
init
public void init(javax.servlet.FilterConfig filterConfig) throws javax.servlet.ServletException - Specified by:
initin interfacejavax.servlet.Filter- Throws:
javax.servlet.ServletException
-
destroy
public void destroy()- Specified by:
destroyin interfacejavax.servlet.Filter
-
authorize
public static Authorization authorize(String requestMethod, String requestUri, List<SecurityFilterRule> filterRules) Iterate over a number of filter rules and match them against the specified request.- Parameters:
request-filterRules-- Returns:
- the joined
AuthorizationStatusfor this request matched against all filter rules
-
loadFilterRules
protected void loadFilterRules(javax.servlet.FilterConfig filterConfig, String applicationPath) throws javax.servlet.ServletException - Throws:
javax.servlet.ServletException
-
sendForbidden
protected void sendForbidden(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws IOException - Throws:
IOException
-
sendUnauthorized
protected void sendUnauthorized(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws IOException - Throws:
IOException
-
sendForbiddenApplicationAccess
protected void sendForbiddenApplicationAccess(String application, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws IOException - Throws:
IOException
-
isAuthenticated
protected boolean isAuthenticated(javax.servlet.http.HttpServletRequest request) -
getRequestUri
-