Class ProcessEngineAuthenticationFilter
- java.lang.Object
-
- org.camunda.bpm.engine.rest.security.auth.ProcessEngineAuthenticationFilter
-
- All Implemented Interfaces:
javax.servlet.Filter
public class ProcessEngineAuthenticationFilter extends Object implements javax.servlet.Filter
Servlet filter to plug in authentication.
Valid init-params:
Parameter Required Expected value "authentication-provider" yes An implementation of AuthenticationProvider"rest-url-pattern-prefix" no The expected servlet path. Should only be set, if the underlying JAX-RS application is not deployed as a servlet (e.g. Resteasy allows deployments as a servlet filter). Value has to match what would be the HttpServletRequest.getServletPath()if it was deployed as a servlet.- Author:
- Thorben Lindhauer
-
-
Field Summary
Fields Modifier and Type Field Description static StringAUTHENTICATION_PROVIDER_PARAMprotected AuthenticationProviderauthenticationProviderprotected static StringDEFAULT_ENGINE_NAMEprotected static PatternENGINE_REQUEST_URL_PATTERNstatic StringSERVLET_PATH_PREFIXprotected StringservletPathPrefixprotected static Pattern[]WHITE_LISTED_URL_PATTERNS
-
Constructor Summary
Constructors Constructor Description ProcessEngineAuthenticationFilter()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected voidclearAuthentication(ProcessEngine engine)voiddestroy()voiddoFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain)protected StringextractEngineName(String requestUrl)May not return nullprotected ProcessEnginegetAddressedEngine(String engineName)protected List<String>getGroupsOfUser(ProcessEngine engine, String userId)protected List<String>getTenantsOfUser(ProcessEngine engine, String userId)voidinit(javax.servlet.FilterConfig filterConfig)protected booleanrequiresEngineAuthentication(String requestUrl)protected voidsetAuthenticatedUser(ProcessEngine engine, String userId, List<String> groupIds, List<String> tenantIds)
-
-
-
Field Detail
-
WHITE_LISTED_URL_PATTERNS
protected static final Pattern[] WHITE_LISTED_URL_PATTERNS
-
ENGINE_REQUEST_URL_PATTERN
protected static final Pattern ENGINE_REQUEST_URL_PATTERN
-
DEFAULT_ENGINE_NAME
protected static final String DEFAULT_ENGINE_NAME
- See Also:
- Constant Field Values
-
AUTHENTICATION_PROVIDER_PARAM
public static final String AUTHENTICATION_PROVIDER_PARAM
- See Also:
- Constant Field Values
-
SERVLET_PATH_PREFIX
public static final String SERVLET_PATH_PREFIX
- See Also:
- Constant Field Values
-
authenticationProvider
protected AuthenticationProvider authenticationProvider
-
servletPathPrefix
protected String servletPathPrefix
-
-
Method Detail
-
init
public void init(javax.servlet.FilterConfig filterConfig) throws javax.servlet.ServletException- Specified by:
initin interfacejavax.servlet.Filter- Throws:
javax.servlet.ServletException
-
doFilter
public void doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain) throws IOException, javax.servlet.ServletException- Specified by:
doFilterin interfacejavax.servlet.Filter- Throws:
IOExceptionjavax.servlet.ServletException
-
destroy
public void destroy()
- Specified by:
destroyin interfacejavax.servlet.Filter
-
setAuthenticatedUser
protected void setAuthenticatedUser(ProcessEngine engine, String userId, List<String> groupIds, List<String> tenantIds)
-
getGroupsOfUser
protected List<String> getGroupsOfUser(ProcessEngine engine, String userId)
-
getTenantsOfUser
protected List<String> getTenantsOfUser(ProcessEngine engine, String userId)
-
clearAuthentication
protected void clearAuthentication(ProcessEngine engine)
-
requiresEngineAuthentication
protected boolean requiresEngineAuthentication(String requestUrl)
-
getAddressedEngine
protected ProcessEngine getAddressedEngine(String engineName)
-
-