com.atlassian.asap.core.server.filter

Class AbstractRequestAuthorizationFilter

java.lang.Object

com.atlassian.asap.core.server.filter.AbstractRequestAuthorizationFilter

All Implemented Interfaces:

javax.servlet.Filter

Direct Known Subclasses:

RulesAwareRequestAuthorizationFilter, WhitelistRequestAuthorizationFilter

public abstract class AbstractRequestAuthorizationFilter
extends Object
implements javax.servlet.Filter

Filters requests that contain authentic JWT tokens based on an authorization policy.

Constructor Summary

Constructors

Constructor and Description
AbstractRequestAuthorizationFilter()

Method Summary

Modifier and Type	Method and Description
void	destroy()
void	doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain filterChain)
void	init(javax.servlet.FilterConfig filterConfig)
protected abstract boolean	isAuthorized(javax.servlet.http.HttpServletRequest request, Jwt jwt) Decides if the token is authorized for the request.
protected void	onAuthorizationFailure(Jwt jwt, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, javax.servlet.FilterChain filterChain) Override this method to define the behaviour of the filter when a valid token is found, but the request is not authorized.
protected void	onAuthorizationSuccess(Jwt jwt, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, javax.servlet.FilterChain filterChain) Override this method to define the behaviour of the filter when a valid token is found and the request is authorized.
protected void	onTokenNotFound(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, javax.servlet.FilterChain filterChain) Override this method to define the behaviour of the filter when a token is not found in the request.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

AbstractRequestAuthorizationFilter

public AbstractRequestAuthorizationFilter()

Method Detail

init

public void init(javax.servlet.FilterConfig filterConfig)
          throws javax.servlet.ServletException

Specified by:

init in interface javax.servlet.Filter

Throws:

javax.servlet.ServletException

doFilter

public final void doFilter(javax.servlet.ServletRequest request,
                           javax.servlet.ServletResponse response,
                           javax.servlet.FilterChain filterChain)
                    throws IOException,
                           javax.servlet.ServletException

Specified by:

doFilter in interface javax.servlet.Filter

Throws:

IOException

javax.servlet.ServletException

onTokenNotFound

protected void onTokenNotFound(javax.servlet.http.HttpServletRequest request,
                               javax.servlet.http.HttpServletResponse response,
                               javax.servlet.FilterChain filterChain)
                        throws IOException,
                               javax.servlet.ServletException

Override this method to define the behaviour of the filter when a token is not found in the request. The default behaviour is to throw IllegalStateException since it is assumed that this filter is behind the AbstractRequestAuthenticationFilter.

Parameters:

request - HTTP request

response - HTTP response

filterChain - Web filter chain

Throws:

IOException - see exception definition

javax.servlet.ServletException - see exception definition

onAuthorizationFailure

protected void onAuthorizationFailure(Jwt jwt,
                                      javax.servlet.http.HttpServletRequest request,
                                      javax.servlet.http.HttpServletResponse response,
                                      javax.servlet.FilterChain filterChain)
                               throws IOException,
                                      javax.servlet.ServletException

Override this method to define the behaviour of the filter when a valid token is found, but the request is not authorized. The default behaviour is to return a 403 FORBIDDEN error.

Parameters:

jwt - Authentic and valid JWT token extracted from the request

request - HTTP request

response - HTTP response

filterChain - Web filter chain

Throws:

IOException - see exception definition

javax.servlet.ServletException - see exception definition

onAuthorizationSuccess

protected void onAuthorizationSuccess(Jwt jwt,
                                      javax.servlet.http.HttpServletRequest request,
                                      javax.servlet.http.HttpServletResponse response,
                                      javax.servlet.FilterChain filterChain)
                               throws IOException,
                                      javax.servlet.ServletException

Override this method to define the behaviour of the filter when a valid token is found and the request is authorized. The default behaviour is to let the request continue down the filter chain.

Parameters:

request - HTTP request

response - HTTP response

filterChain - Web filter chain

Throws:

IOException - see exception definition

javax.servlet.ServletException - see exception definition

isAuthorized

protected abstract boolean isAuthorized(javax.servlet.http.HttpServletRequest request,
                                        Jwt jwt)

Decides if the token is authorized for the request.

Parameters:

request - HTTP request received

jwt - Authentic and valid JWT token extracted from the request

Returns:

true if the token is authorized for the request

destroy

public void destroy()

Specified by:

destroy in interface javax.servlet.Filter