Class BaseAuthenticationFilter

java.lang.Object
org.alfresco.repo.webdav.auth.BaseAuthenticationFilter
Direct Known Subclasses:
AuthenticationFilter, BaseSSOAuthenticationFilter, HTTPRequestAuthenticationFilter, WebscriptCookieAuthenticationFilter, WebScriptSSOAuthenticationFilter

public abstract class BaseAuthenticationFilter extends Object
A base class for authentication filters. Handles management of the session user.
Author:
dward
  • Field Details

    • NO_AUTH_REQUIRED

      protected static final String NO_AUTH_REQUIRED
      Indication by an up-stream filter that no authentication checks are required.
      See Also:
    • AUTHENTICATION_USER

      public static final String AUTHENTICATION_USER
      The default session attribute used to cache the user. Subclasses may override this with setUserAttributeName(String).
      See Also:
    • ARG_TICKET

      protected static final String ARG_TICKET
      The name of the ticket argument.
      See Also:
    • authenticationService

      protected AuthenticationService authenticationService
      The authentication service.
    • personService

      protected PersonService personService
      The person service.
    • nodeService

      protected NodeService nodeService
      The node service.
    • transactionService

      protected TransactionService transactionService
      The transaction service.
    • authenticationComponent

      protected AuthenticationComponent authenticationComponent
      The authentication component.
    • remoteUserMapper

      protected RemoteUserMapper remoteUserMapper
      The remote user mapper.
    • authenticationListener

      protected AuthenticationListener authenticationListener
      The authentication listener.
  • Constructor Details

    • BaseAuthenticationFilter

      public BaseAuthenticationFilter()
  • Method Details

    • setAuthenticationService

      public void setAuthenticationService(AuthenticationService authenticationService)
      Sets the authentication service.
      Parameters:
      authenticationService - the authService to set
    • setPersonService

      public void setPersonService(PersonService personService)
      Sets the person service.
      Parameters:
      personService - the personService to set
    • setNodeService

      public void setNodeService(NodeService nodeService)
      Sets the node service.
      Parameters:
      nodeService - the nodeService to set
    • setTransactionService

      public void setTransactionService(TransactionService transactionService)
      Sets the transaction service.
      Parameters:
      transactionService - the transactionService to set
    • setAuthenticationComponent

      public void setAuthenticationComponent(AuthenticationComponent authenticationComponent)
      Sets the authentication component.
      Parameters:
      authenticationComponent - the authentication component
    • setAuthenticationListener

      public void setAuthenticationListener(AuthenticationListener authenticationListener)
      Sets the authentication listener.
      Parameters:
      authenticationListener - AuthenticationListener
    • setRemoteUserMapper

      public void setRemoteUserMapper(RemoteUserMapper remoteUserMapper)
      Sets the remote user mapper.
      Parameters:
      remoteUserMapper - the remote user mapper
    • createUserObject

      protected SessionUser createUserObject(String userName, String ticket, NodeRef personNode, NodeRef homeSpaceRef)
      Create the user object that will be stored in the session.
      Parameters:
      userName - String
      ticket - String
      personNode - NodeRef
      homeSpaceRef - NodeRef
      Returns:
      SessionUser
    • getSessionUser

      protected SessionUser getSessionUser(javax.servlet.ServletContext servletContext, javax.servlet.http.HttpServletRequest httpServletRequest, javax.servlet.http.HttpServletResponse httpServletResponse, boolean externalAuth)
      Callback to get the specific impl of the Session User for a filter.
      Parameters:
      servletContext - the servlet context
      httpServletRequest - the http servlet request
      httpServletResponse - the http servlet response
      externalAuth - has the user been authenticated by SSO?
      Returns:
      User from the session
    • invalidateSession

      protected void invalidateSession(javax.servlet.http.HttpServletRequest req)
      Remove the user from the session and expire the session - after failed ticket auth.
      Parameters:
      req - HttpServletRequest
    • doInSystemTransaction

      protected <T> T doInSystemTransaction(RetryingTransactionHelper.RetryingTransactionCallback<T> callback)
      Executes a callback in a transaction as the system user
      Parameters:
      callback - the callback
      Returns:
      the return value from the callback
    • getUserAttributeName

      protected final String getUserAttributeName()
      Return the user object session attribute name.
      Returns:
      the user object session attribute name
    • setUserAttributeName

      protected final void setUserAttributeName(String userAttr)
      Set the user object attribute name.
      Parameters:
      userAttr - the user object session attribute name
    • createUserEnvironment

      protected SessionUser createUserEnvironment(javax.servlet.http.HttpSession session, String userName, String ticket, boolean externalAuth) throws IOException, javax.servlet.ServletException
      Callback to create the User environment as appropriate for a filter impl.
      Parameters:
      session - HttpSession
      userName - String
      ticket - the ticket
      externalAuth - has the user been authenticated by SSO?
      Returns:
      SessionUser
      Throws:
      IOException - Signals that an I/O exception has occurred.
      javax.servlet.ServletException - the servlet exception
    • createUserEnvironment

      protected SessionUser createUserEnvironment(javax.servlet.http.HttpSession session, String userName) throws IOException, javax.servlet.ServletException
      Callback to create the User environment as appropriate for a filter impl
      Parameters:
      session - HttpSession
      userName - String
      Returns:
      SessionUser
      Throws:
      IOException
      javax.servlet.ServletException
    • getLogger

      protected abstract org.apache.commons.logging.Log getLogger()
      Return the logger.
      Returns:
      Log
    • handleLoginForm

      protected boolean handleLoginForm(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse res) throws IOException, javax.servlet.ServletException
      Handles the login form directly, allowing management of the session user.
      Parameters:
      req - the request
      res - the response
      Throws:
      IOException - Signals that an I/O exception has occurred.
      javax.servlet.ServletException - on error