Package org.camunda.bpm.webapp.impl.security.filter

Class SecurityFilter

java.lang.Object
org.camunda.bpm.webapp.impl.security.filter.SecurityFilter
All Implemented Interfaces:
jakarta.servlet.Filter
Direct Known Subclasses:
ResourceLoadingSecurityFilter
public class SecurityFilter extends Object implements jakarta.servlet.Filter

Simple filter implementation which delegates to a list of FilterRules, evaluating their SecurityFilterRule#setAuthorized(org.camunda.bpm.webapp.impl.security.filter.AppRequest) condition for the given request.

This filter must be configured using a init-param in the web.xml file. The parameter must be named "configFile" and point to the configuration file located in the servlet context.

Author:
Daniel Meyer, nico.rehwaldt

  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    List<SecurityFilterRule>
    filterRules
     

  • Constructor Summary

    Constructors
    Constructor
    Description
    SecurityFilter()
     

  • Method Summary

    Modifier and Type
    Method
    Description
    static Authorization
    authorize(String requestMethod, String requestUri, List<SecurityFilterRule> filterRules)
    Iterate over a number of filter rules and match them against the specified request.
    void
    destroy()
     
    void
    doFilter(jakarta.servlet.ServletRequest request, jakarta.servlet.ServletResponse response, jakarta.servlet.FilterChain chain)
     
    void
    doFilterSecure(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, jakarta.servlet.FilterChain chain)
     
    protected String
    getRequestUri(jakarta.servlet.http.HttpServletRequest request)
     
    void
    init(jakarta.servlet.FilterConfig filterConfig)
     
    protected boolean
    isAuthenticated(jakarta.servlet.http.HttpServletRequest request)
     
    protected void
    loadFilterRules(jakarta.servlet.FilterConfig filterConfig, String applicationPath)
     
    protected void
    sendForbidden(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response)
     
    protected void
    sendForbiddenApplicationAccess(String application, jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response)
     
    protected void
    sendUnauthorized(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response)
     

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Field Details

  • Constructor Details

    • SecurityFilter

      public SecurityFilter()

  • Method Details

    • doFilter

      public void doFilter(jakarta.servlet.ServletRequest request, jakarta.servlet.ServletResponse response, jakarta.servlet.FilterChain chain) throws IOException, jakarta.servlet.ServletException
      Specified by:
      doFilter in interface jakarta.servlet.Filter
      Throws:
      IOException
      jakarta.servlet.ServletException

    • doFilterSecure

      public void doFilterSecure(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, jakarta.servlet.FilterChain chain) throws IOException, jakarta.servlet.ServletException
      Throws:
      IOException
      jakarta.servlet.ServletException

    • init

      public void init(jakarta.servlet.FilterConfig filterConfig) throws jakarta.servlet.ServletException
      Specified by:
      init in interface jakarta.servlet.Filter
      Throws:
      jakarta.servlet.ServletException

    • destroy

      public void destroy()
      Specified by:
      destroy in interface jakarta.servlet.Filter

    • authorize

      public static Authorization authorize(String requestMethod, String requestUri, List<SecurityFilterRule> filterRules)
      Iterate over a number of filter rules and match them against the specified request.
      Parameters:
      request -
      filterRules -
      Returns:
      the joined AuthorizationStatus for this request matched against all filter rules

    • loadFilterRules

      protected void loadFilterRules(jakarta.servlet.FilterConfig filterConfig, String applicationPath) throws jakarta.servlet.ServletException
      Throws:
      jakarta.servlet.ServletException

    • sendForbidden

      protected void sendForbidden(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) throws IOException
      Throws:
      IOException

    • sendUnauthorized

      protected void sendUnauthorized(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) throws IOException
      Throws:
      IOException

    • sendForbiddenApplicationAccess

      protected void sendForbiddenApplicationAccess(String application, jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) throws IOException
      Throws:
      IOException

    • isAuthenticated

      protected boolean isAuthenticated(jakarta.servlet.http.HttpServletRequest request)

    • getRequestUri

      protected String getRequestUri(jakarta.servlet.http.HttpServletRequest request)