Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

com.atlassian.crowd.integration.springsecurity
Class CrowdSSOAuthenticationProcessingFilter

java.lang.Object
  extended by org.springframework.security.ui.SpringSecurityFilter
      extended by org.springframework.security.ui.AbstractProcessingFilter
          extended by org.springframework.security.ui.webapp.AuthenticationProcessingFilter
              extended by com.atlassian.crowd.integration.springsecurity.CrowdSSOAuthenticationProcessingFilter
All Implemented Interfaces:
javax.servlet.Filter, org.springframework.beans.factory.InitializingBean, org.springframework.context.ApplicationEventPublisherAware, org.springframework.context.MessageSourceAware, org.springframework.core.Ordered
public class CrowdSSOAuthenticationProcessingFilter
extends org.springframework.security.ui.webapp.AuthenticationProcessingFilter

The CrowdSSOAuthenticationProcessingFilter is to be used in conjunction with the CrowdAuthenticationProvider to provide SSO authentication. If single sign-on is not required, centralised authentication can still be acheived by using the default AuthenticationProcessingFilter in conjunction with the CrowdAuthenticationProvider.

Author:
Shihab Hamid

Field Summary
 
Fields inherited from class org.springframework.security.ui.webapp.AuthenticationProcessingFilter
SPRING_SECURITY_FORM_PASSWORD_KEY, SPRING_SECURITY_FORM_USERNAME_KEY, SPRING_SECURITY_LAST_USERNAME_KEY
 
Fields inherited from class org.springframework.security.ui.AbstractProcessingFilter
authenticationDetailsSource, eventPublisher, messages, SPRING_SECURITY_LAST_EXCEPTION_KEY, SPRING_SECURITY_SAVED_REQUEST_KEY
 
Fields inherited from class org.springframework.security.ui.SpringSecurityFilter
logger
 
Fields inherited from interface org.springframework.core.Ordered
HIGHEST_PRECEDENCE, LOWEST_PRECEDENCE
 
Constructor Summary
CrowdSSOAuthenticationProcessingFilter()
           
 
Method Summary
protected  void doSetDetails(javax.servlet.http.HttpServletRequest request, org.springframework.security.providers.AbstractAuthenticationToken authRequest)
           
protected  void onSuccessfulAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, org.springframework.security.Authentication authResult)
          Attempts to write out the successful SSO token to a cookie, if an SSO token was generated and stored via the AuthenticationProvider.
protected  void onUnsuccessfulAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, org.springframework.security.AuthenticationException failed)
          Attempts to remove any SSO tokens associated with the request, effectively logging the user out of Crowd.
protected  boolean requiresAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
          This filter will process all requests, however, if the filterProcessesUrl is part of the request URI, the filter will assume the request is a username/password authentication (login) request and will not check for Crowd SSO authentication.
protected  void setDetails(javax.servlet.http.HttpServletRequest request, org.springframework.security.providers.UsernamePasswordAuthenticationToken authRequest)
          Provided so that subclasses may configure what is put into the authentication request's details property.
 void setHttpAuthenticator(HttpAuthenticator httpAuthenticator)
          Mandatory dependency.
 void setRequestToApplicationMapper(RequestToApplicationMapper requestToApplicationMapper)
          Optional dependency.
 
Methods inherited from class org.springframework.security.ui.webapp.AuthenticationProcessingFilter
attemptAuthentication, getDefaultFilterProcessesUrl, getOrder, obtainPassword, obtainUsername, setPasswordParameter, setUsernameParameter
 
Methods inherited from class org.springframework.security.ui.AbstractProcessingFilter
afterPropertiesSet, determineFailureUrl, determineTargetUrl, doFilterHttp, getAllowSessionCreation, getAuthenticationDetailsSource, getAuthenticationFailureUrl, getAuthenticationManager, getDefaultTargetUrl, getFilterProcessesUrl, getRememberMeServices, getTargetUrlResolver, obtainFullSavedRequestUrl, onPreAuthentication, sendRedirect, setAllowSessionCreation, setAlwaysUseDefaultTargetUrl, setApplicationEventPublisher, setAuthenticationDetailsSource, setAuthenticationFailureUrl, setAuthenticationManager, setContinueChainBeforeSuccessfulAuthentication, setDefaultTargetUrl, setExceptionMappings, setFilterProcessesUrl, setInvalidateSessionOnSuccessfulAuthentication, setMessageSource, setMigrateInvalidatedSessionAttributes, setRememberMeServices, setServerSideRedirect, setSessionRegistry, setTargetUrlResolver, setUseRelativeContext, successfulAuthentication, unsuccessfulAuthentication
 
Methods inherited from class org.springframework.security.ui.SpringSecurityFilter
destroy, doFilter, init, toString
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
 

Constructor Detail

CrowdSSOAuthenticationProcessingFilter

public CrowdSSOAuthenticationProcessingFilter()
Method Detail

requiresAuthentication

protected boolean requiresAuthentication(javax.servlet.http.HttpServletRequest request,
                                         javax.servlet.http.HttpServletResponse response)
This filter will process all requests, however, if the filterProcessesUrl is part of the request URI, the filter will assume the request is a username/password authentication (login) request and will not check for Crowd SSO authentication. Authentication will proceed as defined in the AuthenticationProcessingFilter. Otherwise, an authentication request to Crowd will be made to verify any existing Crowd SSO token (via the ProviderManager).

Overrides:
requiresAuthentication in class org.springframework.security.ui.AbstractProcessingFilter
Parameters:
request - servlet request containing either username/password paramaters or the Crowd token as a cookie.
response - servlet response to write out cookie.
Returns:
true only if the filterProcessesUrl is in the request URI.

setDetails

protected void setDetails(javax.servlet.http.HttpServletRequest request,
                          org.springframework.security.providers.UsernamePasswordAuthenticationToken authRequest)
Provided so that subclasses may configure what is put into the authentication request's details property. Sets the validation factors from the HttpServletRequest on the authentication request. Also sets the application name to the name of application responsible for authorising a particular request. For single-crowd-application-per-spring-security-context web apps, this will just return the application name specified in the ClientProperties. For multi-crowd-applications-per-spring-security-context web apps, the requestToApplicationMapper will be used to determine the application name.

Overrides:
setDetails in class org.springframework.security.ui.webapp.AuthenticationProcessingFilter
Parameters:
request - that an authentication request is being created for
authRequest - the authentication request object that should have its details set

doSetDetails

protected void doSetDetails(javax.servlet.http.HttpServletRequest request,
                            org.springframework.security.providers.AbstractAuthenticationToken authRequest)

onSuccessfulAuthentication

protected void onSuccessfulAuthentication(javax.servlet.http.HttpServletRequest request,
                                          javax.servlet.http.HttpServletResponse response,
                                          org.springframework.security.Authentication authResult)
                                   throws java.io.IOException
Attempts to write out the successful SSO token to a cookie, if an SSO token was generated and stored via the AuthenticationProvider. This effectively establishes SSO when using the CrowdAuthenticationProvider in conjunction with this filter.

Overrides:
onSuccessfulAuthentication in class org.springframework.security.ui.AbstractProcessingFilter
Parameters:
request - servlet request.
response - servlet response.
authResult - result of a successful authentication. If it is a CrowdSSOAuthenticationToken then the SSO token will be set to the "credentials" property.
Throws:
java.io.IOException - not thrown.

onUnsuccessfulAuthentication

protected void onUnsuccessfulAuthentication(javax.servlet.http.HttpServletRequest request,
                                            javax.servlet.http.HttpServletResponse response,
                                            org.springframework.security.AuthenticationException failed)
                                     throws java.io.IOException
Attempts to remove any SSO tokens associated with the request, effectively logging the user out of Crowd.

Overrides:
onUnsuccessfulAuthentication in class org.springframework.security.ui.AbstractProcessingFilter
Parameters:
request - servlet request.
response - servlet response.
failed - not required.
Throws:
java.io.IOException - not thrown.

setHttpAuthenticator

public void setHttpAuthenticator(HttpAuthenticator httpAuthenticator)
Mandatory dependency.

Parameters:
httpAuthenticator - used to extract validation factors, set cookies and perform logouts.

setRequestToApplicationMapper

public void setRequestToApplicationMapper(RequestToApplicationMapper requestToApplicationMapper)
Optional dependency.

Parameters:
requestToApplicationMapper - only required if multiple Crowd "applications" need to be accessed via the same Spring Security context, eg. when one web-application corresponds to multiple Crowd "applications".
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2010 Atlassian. All Rights Reserved.