AbstractRequestAuthenticationFilter (ASAP

java.lang.Object
- com.atlassian.asap.core.server.filter.AbstractRequestAuthenticationFilter

All Implemented Interfaces:

javax.servlet.Filter

Direct Known Subclasses:

RequestAuthenticationFilterBean
```
public abstract class AbstractRequestAuthenticationFilter
extends Object
implements javax.servlet.Filter
```
A servlet filter that accepts or rejects requests based on the authenticity and validity of the JWT access token. It only performs authentication, but it does not authorize the request.

Field Summary

Fields
Modifier and Type	Field and Description
`static String`	`AUTHENTIC_JWT_REQUEST_ATTRIBUTE` Upon successful authentication, the authentic `Jwt` token is saved in the session under this key, so other filters down the chain can access it, e.g., `AbstractRequestAuthorizationFilter`.

Constructor Summary

Constructors
Constructor and Description

AbstractRequestAuthenticationFilter()

Constructors
Constructor and Description
`AbstractRequestAuthenticationFilter()`

Method Summary

All Methods Instance Methods Abstract Methods Concrete Methods
Modifier and Type	Method and Description
`void`	`destroy()`
`void`	`doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain)`
`protected abstract RequestAuthenticator`	`getRequestAuthenticator(javax.servlet.FilterConfig filterConfig)` Override this to supply your RequestAuthenticator.
`void`	`init(javax.servlet.FilterConfig filterConfig)`
`protected void`	`onAuthenticationError(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, javax.servlet.FilterChain chain, TransientAuthenticationFailedException e)` Handles an unexpected error during request authentication (such as a failure when retrieving the required public key).
`protected void`	`onAuthenticationFailure(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, javax.servlet.FilterChain chain)` Handles the failure of request authentication (e.g., invalid token).
`protected void`	`onAuthenticationSuccess(Jwt authenticJwt, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, javax.servlet.FilterChain chain)` Handles the acceptance of an authentic request.
`protected void`	`saveToken(javax.servlet.ServletRequest request, Jwt authenticJwt)` Save the authentic token in the request to make it available for other filters down the chain.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail
- AUTHENTIC_JWT_REQUEST_ATTRIBUTE
```
public static final String AUTHENTIC_JWT_REQUEST_ATTRIBUTE
```
  Upon successful authentication, the authentic Jwt token is saved in the session under this key, so other filters down the chain can access it, e.g., AbstractRequestAuthorizationFilter.
  
  See Also:
  
  Constant Field Values

Constructor Detail
- AbstractRequestAuthenticationFilter
```
public AbstractRequestAuthenticationFilter()
```

Method Detail

init

public void init(javax.servlet.FilterConfig filterConfig)
          throws javax.servlet.ServletException

Specified by:: init in interface javax.servlet.Filter
Throws:: javax.servlet.ServletException

doFilter

public final void doFilter(javax.servlet.ServletRequest request,
                           javax.servlet.ServletResponse response,
                           javax.servlet.FilterChain chain)
                    throws IOException,
                           javax.servlet.ServletException

Specified by:: doFilter in interface javax.servlet.Filter
Throws:: IOException; javax.servlet.ServletException

saveToken
```
protected void saveToken(javax.servlet.ServletRequest request,
                         Jwt authenticJwt)
```
Save the authentic token in the request to make it available for other filters down the chain. Subclasses can override/decorate this method to save the token somewhere else.

onAuthenticationFailure

protected void onAuthenticationFailure(javax.servlet.http.HttpServletRequest request,
                                       javax.servlet.http.HttpServletResponse response,
                                       javax.servlet.FilterChain chain)
                                throws IOException,
                                       javax.servlet.ServletException

Handles the failure of request authentication (e.g., invalid token). The default implementation is to return a 401. Override and decorate as necessary.

Throws:: IOException; javax.servlet.ServletException

onAuthenticationError

protected void onAuthenticationError(javax.servlet.http.HttpServletRequest request,
                                     javax.servlet.http.HttpServletResponse response,
                                     javax.servlet.FilterChain chain,
                                     TransientAuthenticationFailedException e)
                              throws IOException,
                                     javax.servlet.ServletException

Handles an unexpected error during request authentication (such as a failure when retrieving the required public key). The default implementation is to return a 503. Override and decorate as necessary.

Throws:: IOException; javax.servlet.ServletException

onAuthenticationSuccess

protected void onAuthenticationSuccess(Jwt authenticJwt,
                                       javax.servlet.http.HttpServletRequest request,
                                       javax.servlet.http.HttpServletResponse response,
                                       javax.servlet.FilterChain chain)
                                throws IOException,
                                       javax.servlet.ServletException

Handles the acceptance of an authentic request. The default implementation is to pass the request down the filter chain. Override and decorate this as necessary. For instance, some applications may want to store the JWT token or parts of it. Another filter may implement authorization, see for example AbstractRequestAuthorizationFilter.

Throws:: IOException; javax.servlet.ServletException

destroy
```
public void destroy()
```
Specified by:

destroy in interface javax.servlet.Filter

getRequestAuthenticator

protected abstract RequestAuthenticator getRequestAuthenticator(javax.servlet.FilterConfig filterConfig)

Override this to supply your RequestAuthenticator.

Class AbstractRequestAuthenticationFilter

Field Summary

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Field Detail

AUTHENTIC_JWT_REQUEST_ATTRIBUTE

Constructor Detail

AbstractRequestAuthenticationFilter