com.atlassian.crowd.integration.http
Class VerifyTokenFilter

java.lang.Object
  com.atlassian.crowd.integration.http.VerifyTokenFilter

All Implemented Interfaces:

javax.servlet.Filter

public class VerifyTokenFilter
extends java.lang.Object
implements javax.servlet.Filter

This filter manages protecting a web.xml url-pattern. If the requesting principal does not have a valid token, they will be redirected to the authentication path specified in the crowd.properties configuration file. Additional values are stored to the principal's session such as their originally requested URL should their authentication be found invalid.

Field Summary

static java.lang.String	LAST_VALIDATED The session key stored as a Date, is the last time the principal had a successful token validation.
static java.lang.String	ORIGINAL_URL The session key stored as a String, is the requested secure url before redirect to the authentication page.

Constructor Summary

VerifyTokenFilter()
Use this default constructor if you are not using an IoC managed HttpAuthenticator/SecurityServerClient.

VerifyTokenFilter(HttpAuthenticator httpAuthenticator)
Use this constructor to provide an externally managed singleton instance of the HttpAuthenticator.

Method Summary

void	destroy() Shuts down the filter.
void	doFilter(javax.servlet.ServletRequest servletRequest, javax.servlet.ServletResponse servletResponse, javax.servlet.FilterChain filterChain) Executes the filter.
void	init(javax.servlet.FilterConfig filterConfig) Configures the filter.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

ORIGINAL_URL

public static final java.lang.String ORIGINAL_URL

The session key stored as a String, is the requested secure url before redirect to the authentication page.

LAST_VALIDATED

public static final java.lang.String LAST_VALIDATED

The session key stored as a Date, is the last time the principal had a successful token validation.

Constructor Detail

VerifyTokenFilter

public VerifyTokenFilter()

Use this default constructor if you are not using an IoC managed HttpAuthenticator/SecurityServerClient. This will delegate calls to HttpAuthenticatorFactory when an instance of the HttpAuthenticator is required.

VerifyTokenFilter

public VerifyTokenFilter(HttpAuthenticator httpAuthenticator)

Use this constructor to provide an externally managed singleton instance of the HttpAuthenticator. This should be used if you are using an IoC container to manage the HttpAuthenticator/SecurityServerClient instances. This should NOT be used if you are using the HttpAuthenticatorFactory or SecurityServerClientFactory anywhere in your application.

Parameters:

httpAuthenticator - externally managed singleton.

Method Detail

init

public void init(javax.servlet.FilterConfig filterConfig)
          throws javax.servlet.ServletException

Configures the filter.

Specified by:

init in interface javax.servlet.Filter

Parameters:

filterConfig - the FilterConfig to use.

Throws:

javax.servlet.ServletException - Filter related problems.

destroy

public void destroy()

Shuts down the filter.

Specified by:

destroy in interface javax.servlet.Filter

doFilter

public void doFilter(javax.servlet.ServletRequest servletRequest,
                     javax.servlet.ServletResponse servletResponse,
                     javax.servlet.FilterChain filterChain)
              throws java.io.IOException,
                     javax.servlet.ServletException

Executes the filter.

Specified by:

doFilter in interface javax.servlet.Filter

Parameters:

servletRequest - the ServletRequest to use.

servletResponse - the ServletResponse to use.

filterChain - the FilterChain to use.

Throws:

java.io.IOException - I/O related problems.

javax.servlet.ServletException - Servlet related problems.