Class AbstractAuthorizationFilter
- All Implemented Interfaces:
Filter,FilterConfig,Serializable
- Direct Known Subclasses:
HasRoleFilter,IsAuthenticatedFilter
Requests that are authorized (and pass down the filter chain) are additionally marked with the
IS_PRIVATE_REQUEST_ATTRIBUTE_NAME attribute.
Subclasses should be installed after the UserFilter.
- See Also:
-
Field Summary
Fields -
Constructor Summary
ConstructorsModifierConstructorDescriptionprotectedprotectedAbstractAuthorizationFilter(AuthenticationRedirector authenticationRedirector) Constructs a filter with the given authentication redirector. -
Method Summary
Modifier and TypeMethodDescriptionprotected voidConfigures the authentication request when redirecting to the OpenID Provider.protected voiddoFilter(HttpServletRequest req, HttpServletResponse res, FilterChain chain) protected voidThis method is called whenever the user is not authorized and the request is a safe navigation request.protected voidThis method is called whenever the user is not authenticated and the request is not a safe navigation request.voidinit()protected abstract booleanReturns whether the user is authorized.protected booleanReturns whether the request targets a callback servlet, that should be exempted from authorization check.protected voidThis method is called whenever the user is not authorized and the request is a safe navigation request.protected voidThis method is called whenever the user is authenticated but not authorized.protected voidThis method is called whenever the user is not authorized and the request is not a safe navigation request.Methods inherited from class jakarta.servlet.http.HttpFilter
doFilterMethods inherited from class jakarta.servlet.GenericFilter
getFilterConfig, getFilterName, getInitParameter, getInitParameterNames, getServletContext, init
-
Field Details
-
IS_PRIVATE_REQUEST_ATTRIBUTE_NAME
-
-
Constructor Details
-
AbstractAuthorizationFilter
protected AbstractAuthorizationFilter() -
AbstractAuthorizationFilter
Constructs a filter with the given authentication redirector.When this constructor is used, the servlet context attribute won't be read.
-
-
Method Details
-
init
- Overrides:
initin classGenericFilter- Throws:
ServletException
-
doFilter
@ForOverride protected void doFilter(HttpServletRequest req, HttpServletResponse res, FilterChain chain) throws IOException, ServletException - Overrides:
doFilterin classHttpFilter- Throws:
IOExceptionServletException
-
isAuthorized
Returns whether the user is authorized.Implementations should only use the requests
getUserPrincipal()and/orisUserInRole(). -
isCallbackServlet
Returns whether the request targets a callback servlet, that should be exempted from authorization check. -
redirectToAuthenticationEndpoint
@ForOverride protected void redirectToAuthenticationEndpoint(HttpServletRequest req, HttpServletResponse res) throws IOException, ServletException This method is called whenever the user is not authorized and the request is a safe navigation request.This implementation calls
sendForbidden(jakarta.servlet.http.HttpServletRequest, jakarta.servlet.http.HttpServletResponse)whenever the user is authenticated, and defers todoRedirectToAuthenticationEndpoint(jakarta.servlet.http.HttpServletRequest, jakarta.servlet.http.HttpServletResponse)otherwise.- Throws:
IOExceptionServletException
-
doRedirectToAuthenticationEndpoint
@ForOverride protected void doRedirectToAuthenticationEndpoint(HttpServletRequest req, HttpServletResponse res) throws IOException, ServletException This method is called whenever the user is not authorized and the request is a safe navigation request.The default implementation simply calls the globally configured
AuthenticationRedirector, and allows configuring the authentication request.- Throws:
IOExceptionServletException- See Also:
-
configureAuthenticationRequest
@ForOverride protected void configureAuthenticationRequest(HttpServletRequest req, AuthenticationRequest.Builder builder) Configures the authentication request when redirecting to the OpenID Provider.This method is called by the
AuthenticationRedirectorcalled byredirectToAuthenticationEndpoint(jakarta.servlet.http.HttpServletRequest, jakarta.servlet.http.HttpServletResponse).- See Also:
-
sendUnauthorized
@ForOverride protected void sendUnauthorized(HttpServletRequest req, HttpServletResponse res) throws IOException, ServletException This method is called whenever the user is not authorized and the request is not a safe navigation request.This implementation calls
sendForbidden(jakarta.servlet.http.HttpServletRequest, jakarta.servlet.http.HttpServletResponse)whenever the user is authenticated, and defers todoSendUnauthorized(jakarta.servlet.http.HttpServletRequest, jakarta.servlet.http.HttpServletResponse)otherwise.- Throws:
IOExceptionServletException- See Also:
-
doSendUnauthorized
@ForOverride protected void doSendUnauthorized(HttpServletRequest req, HttpServletResponse res) throws IOException, ServletException This method is called whenever the user is not authenticated and the request is not a safe navigation request.The default implementation simply calls
res.sendError(SC_UNAUTHORIZED). This is not strictly HTTP-compliant as it's missing theWWW-Authenticateresponse header, but is a good way to signal the error to JavaScript clients making an AJAX request.- Throws:
IOExceptionServletException- See Also:
-
sendForbidden
@ForOverride protected void sendForbidden(HttpServletRequest req, HttpServletResponse res) throws IOException, ServletException This method is called whenever the user is authenticated but not authorized.The default implementation simply calls
res.sendError(SC_FORBIDDEN).- Throws:
IOExceptionServletException
-