Class ProcessEngineAuthenticationFilter

  • All Implemented Interfaces:
    javax.servlet.Filter

    public class ProcessEngineAuthenticationFilter
    extends java.lang.Object
    implements javax.servlet.Filter

    Servlet filter to plug in authentication.

    Valid init-params:

    ParameterRequiredExpected value
    "authentication-provider"yesAn implementation of AuthenticationProvider
    "rest-url-pattern-prefix" no The expected servlet path. Should only be set, if the underlying JAX-RS application is not deployed as a servlet (e.g. Resteasy allows deployments as a servlet filter). Value has to match what would be the HttpServletRequest.getServletPath() if it was deployed as a servlet.
    Author:
    Thorben Lindhauer
    • Field Detail

      • WHITE_LISTED_URL_PATTERNS

        protected static final java.util.regex.Pattern[] WHITE_LISTED_URL_PATTERNS
      • ENGINE_REQUEST_URL_PATTERN

        protected static final java.util.regex.Pattern ENGINE_REQUEST_URL_PATTERN
      • DEFAULT_ENGINE_NAME

        protected static final java.lang.String DEFAULT_ENGINE_NAME
        See Also:
        Constant Field Values
      • AUTHENTICATION_PROVIDER_PARAM

        public static final java.lang.String AUTHENTICATION_PROVIDER_PARAM
        See Also:
        Constant Field Values
      • SERVLET_PATH_PREFIX

        public static final java.lang.String SERVLET_PATH_PREFIX
        See Also:
        Constant Field Values
      • servletPathPrefix

        protected java.lang.String servletPathPrefix
    • Constructor Detail

      • ProcessEngineAuthenticationFilter

        public ProcessEngineAuthenticationFilter()
    • Method Detail

      • init

        public void init​(javax.servlet.FilterConfig filterConfig)
                  throws javax.servlet.ServletException
        Specified by:
        init in interface javax.servlet.Filter
        Throws:
        javax.servlet.ServletException
      • doFilter

        public void doFilter​(javax.servlet.ServletRequest request,
                             javax.servlet.ServletResponse response,
                             javax.servlet.FilterChain chain)
                      throws java.io.IOException,
                             javax.servlet.ServletException
        Specified by:
        doFilter in interface javax.servlet.Filter
        Throws:
        java.io.IOException
        javax.servlet.ServletException
      • destroy

        public void destroy()
        Specified by:
        destroy in interface javax.servlet.Filter
      • setAuthenticatedUser

        protected void setAuthenticatedUser​(ProcessEngine engine,
                                            java.lang.String userId,
                                            java.util.List<java.lang.String> groupIds,
                                            java.util.List<java.lang.String> tenantIds)
      • getGroupsOfUser

        protected java.util.List<java.lang.String> getGroupsOfUser​(ProcessEngine engine,
                                                                   java.lang.String userId)
      • getTenantsOfUser

        protected java.util.List<java.lang.String> getTenantsOfUser​(ProcessEngine engine,
                                                                    java.lang.String userId)
      • clearAuthentication

        protected void clearAuthentication​(ProcessEngine engine)
      • requiresEngineAuthentication

        protected boolean requiresEngineAuthentication​(java.lang.String requestUrl)
      • extractEngineName

        protected java.lang.String extractEngineName​(java.lang.String requestUrl)
        May not return null
      • getAddressedEngine

        protected ProcessEngine getAddressedEngine​(java.lang.String engineName)