Class AbstractAuthorizationFilter
- All Implemented Interfaces:
Filter,FilterConfig,Serializable
- Direct Known Subclasses:
HasRoleFilter,IsAuthenticatedFilter
Requests that are authorized (and pass down the filter chain) are additionally marked with the
IS_PRIVATE_REQUEST_ATTRIBUTE_NAME attribute.
Subclasses should be installed after the UserFilter.
- See Also:
-
Field Summary
Fields -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionprotected voidConfigures the authentication request when redirecting to the OpenID Provider.protected voiddoFilter(HttpServletRequest req, HttpServletResponse res, FilterChain chain) voidinit()protected abstract booleanReturns whether the user is authorized.protected booleanReturns whether the request targets a callback servlet, that should be exempted from authorization check.protected voidThis method is called whenever the user is not authorized and the request is a safe navigation request.protected voidThis method is called whenever is not authorized and the request is not a safe navigation request.Methods inherited from class jakarta.servlet.http.HttpFilter
doFilterMethods inherited from class jakarta.servlet.GenericFilter
getFilterConfig, getFilterName, getInitParameter, getInitParameterNames, getServletContext, init
-
Field Details
-
IS_PRIVATE_REQUEST_ATTRIBUTE_NAME
-
-
Constructor Details
-
AbstractAuthorizationFilter
public AbstractAuthorizationFilter()
-
-
Method Details
-
init
- Overrides:
initin classGenericFilter- Throws:
ServletException
-
doFilter
@ForOverride protected void doFilter(HttpServletRequest req, HttpServletResponse res, FilterChain chain) throws IOException, ServletException - Overrides:
doFilterin classHttpFilter- Throws:
IOExceptionServletException
-
isAuthorized
Returns whether the user is authorized.Implementations should only use the requests
getUserPrincipal()and/orisUserInRole(). -
isCallbackServlet
Returns whether the request targets a callback servlet, that should be exempted from authorization check. -
redirectToAuthenticationEndpoint
@ForOverride protected void redirectToAuthenticationEndpoint(HttpServletRequest req, HttpServletResponse res) throws IOException, ServletException This method is called whenever the user is not authorized and the request is a safe navigation request.The default implementation simply calls the globally configured
AuthenticationRedirector, and allows configuring the authentication request.Subclasses can override this method to conditionally generate different responses.
- Throws:
IOExceptionServletException- See Also:
-
configureAuthenticationRequest
@ForOverride protected void configureAuthenticationRequest(HttpServletRequest req, AuthenticationRequest.Builder builder) Configures the authentication request when redirecting to the OpenID Provider.This method is called by the
AuthenticationRedirectorcalled byredirectToAuthenticationEndpoint(jakarta.servlet.http.HttpServletRequest, jakarta.servlet.http.HttpServletResponse).- See Also:
-
sendUnauthorized
@ForOverride protected void sendUnauthorized(HttpServletRequest req, HttpServletResponse res) throws IOException, ServletException This method is called whenever is not authorized and the request is not a safe navigation request.The default implementation simply calls
res.sendError(SC_UNAUTHORIZED). This is not strictly HTTP-compliant as it's missing theWWW-Authenticateresponse header, but is a good way to signal the error to JavaScript clients making an AJAX request.- Throws:
IOExceptionServletException- See Also:
-