Class SecurityFilter
java.lang.Object
org.camunda.bpm.webapp.impl.security.filter.SecurityFilter
- All Implemented Interfaces:
jakarta.servlet.Filter
- Direct Known Subclasses:
ResourceLoadingSecurityFilter
Simple filter implementation which delegates to a list of FilterRules
,
evaluating their SecurityFilterRule#setAuthorized(org.camunda.bpm.webapp.impl.security.filter.AppRequest)
condition
for the given request.
This filter must be configured using a init-param in the web.xml file. The parameter must be named "configFile" and point to the configuration file located in the servlet context.
- Author:
- Daniel Meyer, nico.rehwaldt
-
Field Summary
Fields -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionstatic Authorization
authorize
(String requestMethod, String requestUri, List<SecurityFilterRule> filterRules) Iterate over a number of filter rules and match them against the specified request.void
destroy()
void
doFilter
(jakarta.servlet.ServletRequest request, jakarta.servlet.ServletResponse response, jakarta.servlet.FilterChain chain) void
doFilterSecure
(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, jakarta.servlet.FilterChain chain) protected String
getRequestUri
(jakarta.servlet.http.HttpServletRequest request) void
init
(jakarta.servlet.FilterConfig filterConfig) protected boolean
isAuthenticated
(jakarta.servlet.http.HttpServletRequest request) protected void
loadFilterRules
(jakarta.servlet.FilterConfig filterConfig, String applicationPath) protected void
sendForbidden
(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) protected void
sendForbiddenApplicationAccess
(String application, jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) protected void
sendUnauthorized
(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response)
-
Field Details
-
filterRules
-
-
Constructor Details
-
SecurityFilter
public SecurityFilter()
-
-
Method Details
-
doFilter
public void doFilter(jakarta.servlet.ServletRequest request, jakarta.servlet.ServletResponse response, jakarta.servlet.FilterChain chain) throws IOException, jakarta.servlet.ServletException - Specified by:
doFilter
in interfacejakarta.servlet.Filter
- Throws:
IOException
jakarta.servlet.ServletException
-
doFilterSecure
public void doFilterSecure(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, jakarta.servlet.FilterChain chain) throws IOException, jakarta.servlet.ServletException - Throws:
IOException
jakarta.servlet.ServletException
-
init
public void init(jakarta.servlet.FilterConfig filterConfig) throws jakarta.servlet.ServletException - Specified by:
init
in interfacejakarta.servlet.Filter
- Throws:
jakarta.servlet.ServletException
-
destroy
public void destroy()- Specified by:
destroy
in interfacejakarta.servlet.Filter
-
authorize
public static Authorization authorize(String requestMethod, String requestUri, List<SecurityFilterRule> filterRules) Iterate over a number of filter rules and match them against the specified request.- Parameters:
request
-filterRules
-- Returns:
- the joined
AuthorizationStatus
for this request matched against all filter rules
-
loadFilterRules
protected void loadFilterRules(jakarta.servlet.FilterConfig filterConfig, String applicationPath) throws jakarta.servlet.ServletException - Throws:
jakarta.servlet.ServletException
-
sendForbidden
protected void sendForbidden(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) throws IOException - Throws:
IOException
-
sendUnauthorized
protected void sendUnauthorized(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) throws IOException - Throws:
IOException
-
sendForbiddenApplicationAccess
protected void sendForbiddenApplicationAccess(String application, jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) throws IOException - Throws:
IOException
-
isAuthenticated
protected boolean isAuthenticated(jakarta.servlet.http.HttpServletRequest request) -
getRequestUri
-