Class SecurityFilter
- java.lang.Object
-
- org.camunda.bpm.webapp.impl.security.filter.SecurityFilter
-
- All Implemented Interfaces:
javax.servlet.Filter
- Direct Known Subclasses:
ResourceLoadingSecurityFilter
public class SecurityFilter extends java.lang.Object implements javax.servlet.Filter
Simple filter implementation which delegates to a list of
FilterRules
, evaluating theirSecurityFilterRule#setAuthorized(org.camunda.bpm.webapp.impl.security.filter.AppRequest)
condition for the given request.This filter must be configured using a init-param in the web.xml file. The parameter must be named "configFile" and point to the configuration file located in the servlet context.
- Author:
- Daniel Meyer, nico.rehwaldt
-
-
Field Summary
Fields Modifier and Type Field Description java.util.List<SecurityFilterRule>
filterRules
-
Constructor Summary
Constructors Constructor Description SecurityFilter()
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description static Authorization
authorize(java.lang.String requestMethod, java.lang.String requestUri, java.util.List<SecurityFilterRule> filterRules)
Iterate over a number of filter rules and match them against the specified request.void
destroy()
void
doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain)
void
doFilterSecure(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, javax.servlet.FilterChain chain)
protected java.lang.String
getRequestUri(javax.servlet.http.HttpServletRequest request)
void
init(javax.servlet.FilterConfig filterConfig)
protected boolean
isAuthenticated(javax.servlet.http.HttpServletRequest request)
protected void
loadFilterRules(javax.servlet.FilterConfig filterConfig, java.lang.String applicationPath)
protected void
sendForbidden(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
protected void
sendForbiddenApplicationAccess(java.lang.String application, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
protected void
sendUnauthorized(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
-
-
-
Field Detail
-
filterRules
public java.util.List<SecurityFilterRule> filterRules
-
-
Method Detail
-
doFilter
public void doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain) throws java.io.IOException, javax.servlet.ServletException
- Specified by:
doFilter
in interfacejavax.servlet.Filter
- Throws:
java.io.IOException
javax.servlet.ServletException
-
doFilterSecure
public void doFilterSecure(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, javax.servlet.FilterChain chain) throws java.io.IOException, javax.servlet.ServletException
- Throws:
java.io.IOException
javax.servlet.ServletException
-
init
public void init(javax.servlet.FilterConfig filterConfig) throws javax.servlet.ServletException
- Specified by:
init
in interfacejavax.servlet.Filter
- Throws:
javax.servlet.ServletException
-
destroy
public void destroy()
- Specified by:
destroy
in interfacejavax.servlet.Filter
-
authorize
public static Authorization authorize(java.lang.String requestMethod, java.lang.String requestUri, java.util.List<SecurityFilterRule> filterRules)
Iterate over a number of filter rules and match them against the specified request.- Parameters:
request
-filterRules
-- Returns:
- the joined
AuthorizationStatus
for this request matched against all filter rules
-
loadFilterRules
protected void loadFilterRules(javax.servlet.FilterConfig filterConfig, java.lang.String applicationPath) throws javax.servlet.ServletException
- Throws:
javax.servlet.ServletException
-
sendForbidden
protected void sendForbidden(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws java.io.IOException
- Throws:
java.io.IOException
-
sendUnauthorized
protected void sendUnauthorized(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws java.io.IOException
- Throws:
java.io.IOException
-
sendForbiddenApplicationAccess
protected void sendForbiddenApplicationAccess(java.lang.String application, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws java.io.IOException
- Throws:
java.io.IOException
-
isAuthenticated
protected boolean isAuthenticated(javax.servlet.http.HttpServletRequest request)
-
getRequestUri
protected java.lang.String getRequestUri(javax.servlet.http.HttpServletRequest request)
-
-