public class SecurityFilter extends Object implements javax.servlet.Filter
Simple filter implementation which delegates to a list of FilterRules
,
evaluating their SecurityFilterRule#setAuthorized(org.camunda.bpm.webapp.impl.security.filter.AppRequest)
condition
for the given request.
This filter must be configured using a init-param in the web.xml file. The parameter must be named "configFile" and point to the configuration file located in the servlet context.
Modifier and Type | Field and Description |
---|---|
List<SecurityFilterRule> |
filterRules |
Constructor and Description |
---|
SecurityFilter() |
Modifier and Type | Method and Description |
---|---|
static Authorization |
authorize(String requestMethod,
String requestUri,
List<SecurityFilterRule> filterRules)
Iterate over a number of filter rules and match them against
the specified request.
|
void |
destroy() |
void |
doFilter(javax.servlet.ServletRequest request,
javax.servlet.ServletResponse response,
javax.servlet.FilterChain chain) |
void |
doFilterSecure(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
javax.servlet.FilterChain chain) |
protected String |
getRequestUri(javax.servlet.http.HttpServletRequest request) |
void |
init(javax.servlet.FilterConfig filterConfig) |
protected boolean |
isAuthenticated(javax.servlet.http.HttpServletRequest request) |
protected void |
loadFilterRules(javax.servlet.FilterConfig filterConfig) |
protected void |
sendForbidden(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response) |
protected void |
sendForbiddenApplicationAccess(String application,
javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response) |
protected void |
sendUnauthorized(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response) |
public List<SecurityFilterRule> filterRules
public void doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain) throws IOException, javax.servlet.ServletException
doFilter
in interface javax.servlet.Filter
IOException
javax.servlet.ServletException
public void doFilterSecure(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, javax.servlet.FilterChain chain) throws IOException, javax.servlet.ServletException
IOException
javax.servlet.ServletException
public void init(javax.servlet.FilterConfig filterConfig) throws javax.servlet.ServletException
init
in interface javax.servlet.Filter
javax.servlet.ServletException
public void destroy()
destroy
in interface javax.servlet.Filter
public static Authorization authorize(String requestMethod, String requestUri, List<SecurityFilterRule> filterRules)
request
- filterRules
- AuthorizationStatus
for this request matched against all filter rulesprotected void loadFilterRules(javax.servlet.FilterConfig filterConfig) throws javax.servlet.ServletException
javax.servlet.ServletException
protected void sendForbidden(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws IOException
IOException
protected void sendUnauthorized(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws IOException
IOException
protected void sendForbiddenApplicationAccess(String application, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws IOException
IOException
protected boolean isAuthenticated(javax.servlet.http.HttpServletRequest request)
protected String getRequestUri(javax.servlet.http.HttpServletRequest request)
Copyright © 2017. All rights reserved.