Package org.camunda.bpm.engine.rest.security.auth

Class ProcessEngineAuthenticationFilter

  • All Implemented Interfaces:
    javax.servlet.Filter
    public class ProcessEngineAuthenticationFilter
extends java.lang.Object
implements javax.servlet.Filter

    Servlet filter to plug in authentication.

    Valid init-params:

    ParameterRequiredExpected value
    "authentication-provider"yesAn implementation of AuthenticationProvider
    "rest-url-pattern-prefix" no The expected servlet path. Should only be set, if the underlying JAX-RS application is not deployed as a servlet (e.g. Resteasy allows deployments as a servlet filter). Value has to match what would be the HttpServletRequest.getServletPath() if it was deployed as a servlet.
    Author:
    Thorben Lindhauer

    • Field Detail

      • WHITE_LISTED_URL_PATTERNS

        protected static final java.util.regex.Pattern[] WHITE_LISTED_URL_PATTERNS

      • ENGINE_REQUEST_URL_PATTERN

        protected static final java.util.regex.Pattern ENGINE_REQUEST_URL_PATTERN

      • DEFAULT_ENGINE_NAME

        protected static final java.lang.String DEFAULT_ENGINE_NAME
        See Also:
        Constant Field Values

      • AUTHENTICATION_PROVIDER_PARAM

        public static final java.lang.String AUTHENTICATION_PROVIDER_PARAM
        See Also:
        Constant Field Values

      • SERVLET_PATH_PREFIX

        public static final java.lang.String SERVLET_PATH_PREFIX
        See Also:
        Constant Field Values

      • servletPathPrefix

        protected java.lang.String servletPathPrefix

    • Constructor Detail

      • ProcessEngineAuthenticationFilter

        public ProcessEngineAuthenticationFilter()

    • Method Detail

      • init

        public void init​(javax.servlet.FilterConfig filterConfig)
          throws javax.servlet.ServletException
        Specified by:
        init in interface javax.servlet.Filter
        Throws:
        javax.servlet.ServletException

      • doFilter

        public void doFilter​(javax.servlet.ServletRequest request,
                     javax.servlet.ServletResponse response,
                     javax.servlet.FilterChain chain)
              throws java.io.IOException,
                     javax.servlet.ServletException
        Specified by:
        doFilter in interface javax.servlet.Filter
        Throws:
        java.io.IOException
        javax.servlet.ServletException

      • destroy

        public void destroy()
        Specified by:
        destroy in interface javax.servlet.Filter

      • setAuthenticatedUser

        protected void setAuthenticatedUser​(ProcessEngine engine,
                                    java.lang.String userId,
                                    java.util.List<java.lang.String> groupIds,
                                    java.util.List<java.lang.String> tenantIds)

      • getGroupsOfUser

        protected java.util.List<java.lang.String> getGroupsOfUser​(ProcessEngine engine,
                                                           java.lang.String userId)

      • getTenantsOfUser

        protected java.util.List<java.lang.String> getTenantsOfUser​(ProcessEngine engine,
                                                            java.lang.String userId)

      • clearAuthentication

        protected void clearAuthentication​(ProcessEngine engine)

      • requiresEngineAuthentication

        protected boolean requiresEngineAuthentication​(java.lang.String requestUrl)

      • extractEngineName

        protected java.lang.String extractEngineName​(java.lang.String requestUrl)
        May not return null

      • getAddressedEngine

        protected ProcessEngine getAddressedEngine​(java.lang.String engineName)