Package org.camunda.bpm.engine.rest.security.auth

Class ProcessEngineAuthenticationFilter

java.lang.Object
org.camunda.bpm.engine.rest.security.auth.ProcessEngineAuthenticationFilter
All Implemented Interfaces:
jakarta.servlet.Filter
public class ProcessEngineAuthenticationFilter extends Object implements jakarta.servlet.Filter

Servlet filter to plug in authentication.

Valid init-params:

ParameterRequiredExpected value
"authentication-provider"yesAn implementation of AuthenticationProvider
"rest-url-pattern-prefix" no The expected servlet path. Should only be set, if the underlying JAX-RS application is not deployed as a servlet (e.g. Resteasy allows deployments as a servlet filter). Value has to match what would be the HttpServletRequest.getServletPath() if it was deployed as a servlet.
Author:
Thorben Lindhauer

  • Field Details

    • WHITE_LISTED_URL_PATTERNS

      protected static final Pattern[] WHITE_LISTED_URL_PATTERNS

    • ENGINE_REQUEST_URL_PATTERN

      protected static final Pattern ENGINE_REQUEST_URL_PATTERN

    • DEFAULT_ENGINE_NAME

      protected static final String DEFAULT_ENGINE_NAME
      See Also:

    • AUTHENTICATION_PROVIDER_PARAM

      public static final String AUTHENTICATION_PROVIDER_PARAM
      See Also:

    • SERVLET_PATH_PREFIX

      public static final String SERVLET_PATH_PREFIX
      See Also:

    • authenticationProvider

      protected AuthenticationProvider authenticationProvider

    • servletPathPrefix

      protected String servletPathPrefix

  • Constructor Details

    • ProcessEngineAuthenticationFilter

      public ProcessEngineAuthenticationFilter()

  • Method Details

    • init

      public void init(jakarta.servlet.FilterConfig filterConfig) throws jakarta.servlet.ServletException
      Specified by:
      init in interface jakarta.servlet.Filter
      Throws:
      jakarta.servlet.ServletException

    • doFilter

      public void doFilter(jakarta.servlet.ServletRequest request, jakarta.servlet.ServletResponse response, jakarta.servlet.FilterChain chain) throws IOException, jakarta.servlet.ServletException
      Specified by:
      doFilter in interface jakarta.servlet.Filter
      Throws:
      IOException
      jakarta.servlet.ServletException

    • destroy

      public void destroy()
      Specified by:
      destroy in interface jakarta.servlet.Filter

    • setAuthenticatedUser

      protected void setAuthenticatedUser(ProcessEngine engine, String userId, List<String> groupIds, List<String> tenantIds)

    • getGroupsOfUser

      protected List<String> getGroupsOfUser(ProcessEngine engine, String userId)

    • getTenantsOfUser

      protected List<String> getTenantsOfUser(ProcessEngine engine, String userId)

    • clearAuthentication

      protected void clearAuthentication(ProcessEngine engine)

    • requiresEngineAuthentication

      protected boolean requiresEngineAuthentication(String requestUrl)

    • extractEngineName

      protected String extractEngineName(String requestUrl)
      May not return null

    • getAddressedEngine

      protected ProcessEngine getAddressedEngine(String engineName)