Package org.camunda.bpm.webapp.impl.security.filter

Class SecurityFilter

  • All Implemented Interfaces:
    javax.servlet.Filter
    Direct Known Subclasses:
    ResourceLoadingSecurityFilter
    public class SecurityFilter
extends java.lang.Object
implements javax.servlet.Filter

    Simple filter implementation which delegates to a list of FilterRules, evaluating their SecurityFilterRule#setAuthorized(org.camunda.bpm.webapp.impl.security.filter.AppRequest) condition for the given request.

    This filter must be configured using a init-param in the web.xml file. The parameter must be named "configFile" and point to the configuration file located in the servlet context.

    Author:
    Daniel Meyer, nico.rehwaldt

    • Constructor Summary

      Constructors 
      Constructor Description
      SecurityFilter()  

    • Method Summary

      All Methods Static Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      static Authorization authorize​(java.lang.String requestMethod, java.lang.String requestUri, java.util.List<SecurityFilterRule> filterRules)
      Iterate over a number of filter rules and match them against the specified request.
      void destroy()  
      void doFilter​(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain)  
      void doFilterSecure​(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, javax.servlet.FilterChain chain)  
      protected java.lang.String getRequestUri​(javax.servlet.http.HttpServletRequest request)  
      void init​(javax.servlet.FilterConfig filterConfig)  
      protected boolean isAuthenticated​(javax.servlet.http.HttpServletRequest request)  
      protected void loadFilterRules​(javax.servlet.FilterConfig filterConfig, java.lang.String applicationPath)  
      protected void sendForbidden​(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)  
      protected void sendForbiddenApplicationAccess​(java.lang.String application, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)  
      protected void sendUnauthorized​(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)  

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Constructor Detail

      • SecurityFilter

        public SecurityFilter()

    • Method Detail

      • doFilter

        public void doFilter​(javax.servlet.ServletRequest request,
                     javax.servlet.ServletResponse response,
                     javax.servlet.FilterChain chain)
              throws java.io.IOException,
                     javax.servlet.ServletException
        Specified by:
        doFilter in interface javax.servlet.Filter
        Throws:
        java.io.IOException
        javax.servlet.ServletException

      • doFilterSecure

        public void doFilterSecure​(javax.servlet.http.HttpServletRequest request,
                           javax.servlet.http.HttpServletResponse response,
                           javax.servlet.FilterChain chain)
                    throws java.io.IOException,
                           javax.servlet.ServletException
        Throws:
        java.io.IOException
        javax.servlet.ServletException

      • init

        public void init​(javax.servlet.FilterConfig filterConfig)
          throws javax.servlet.ServletException
        Specified by:
        init in interface javax.servlet.Filter
        Throws:
        javax.servlet.ServletException

      • destroy

        public void destroy()
        Specified by:
        destroy in interface javax.servlet.Filter

      • authorize

        public static Authorization authorize​(java.lang.String requestMethod,
                                      java.lang.String requestUri,
                                      java.util.List<SecurityFilterRule> filterRules)
        Iterate over a number of filter rules and match them against the specified request.
        Parameters:
        request -
        filterRules -
        Returns:
        the joined AuthorizationStatus for this request matched against all filter rules

      • loadFilterRules

        protected void loadFilterRules​(javax.servlet.FilterConfig filterConfig,
                               java.lang.String applicationPath)
                        throws javax.servlet.ServletException
        Throws:
        javax.servlet.ServletException

      • sendForbidden

        protected void sendForbidden​(javax.servlet.http.HttpServletRequest request,
                             javax.servlet.http.HttpServletResponse response)
                      throws java.io.IOException
        Throws:
        java.io.IOException

      • sendUnauthorized

        protected void sendUnauthorized​(javax.servlet.http.HttpServletRequest request,
                                javax.servlet.http.HttpServletResponse response)
                         throws java.io.IOException
        Throws:
        java.io.IOException

      • sendForbiddenApplicationAccess

        protected void sendForbiddenApplicationAccess​(java.lang.String application,
                                              javax.servlet.http.HttpServletRequest request,
                                              javax.servlet.http.HttpServletResponse response)
                                       throws java.io.IOException
        Throws:
        java.io.IOException

      • isAuthenticated

        protected boolean isAuthenticated​(javax.servlet.http.HttpServletRequest request)

      • getRequestUri

        protected java.lang.String getRequestUri​(javax.servlet.http.HttpServletRequest request)