com.atlassian.crowd.integration.springsecurity
Class CrowdSSOAuthenticationProcessingFilter
java.lang.Object
org.springframework.security.ui.SpringSecurityFilter
org.springframework.security.ui.AbstractProcessingFilter
org.springframework.security.ui.webapp.AuthenticationProcessingFilter
com.atlassian.crowd.integration.springsecurity.CrowdSSOAuthenticationProcessingFilter
- All Implemented Interfaces:
- javax.servlet.Filter, org.springframework.beans.factory.InitializingBean, org.springframework.context.ApplicationEventPublisherAware, org.springframework.context.MessageSourceAware, org.springframework.core.Ordered
public class CrowdSSOAuthenticationProcessingFilter
- extends org.springframework.security.ui.webapp.AuthenticationProcessingFilter
The CrowdSSOAuthenticationProcessingFilter is to be used in
conjunction with the CrowdAuthenticationProvider to provide SSO
authentication.
If single sign-on is not required, centralised authentication can
still be acheived by using the default AuthenticationProcessingFilter
in conjunction with the CrowdAuthenticationProvider.
- Author:
- Shihab Hamid
Fields inherited from class org.springframework.security.ui.webapp.AuthenticationProcessingFilter |
SPRING_SECURITY_FORM_PASSWORD_KEY, SPRING_SECURITY_FORM_USERNAME_KEY, SPRING_SECURITY_LAST_USERNAME_KEY |
Fields inherited from class org.springframework.security.ui.AbstractProcessingFilter |
authenticationDetailsSource, eventPublisher, messages, SPRING_SECURITY_LAST_EXCEPTION_KEY, SPRING_SECURITY_SAVED_REQUEST_KEY |
Fields inherited from class org.springframework.security.ui.SpringSecurityFilter |
logger |
Fields inherited from interface org.springframework.core.Ordered |
HIGHEST_PRECEDENCE, LOWEST_PRECEDENCE |
Method Summary |
protected void |
doSetDetails(javax.servlet.http.HttpServletRequest request,
org.springframework.security.providers.AbstractAuthenticationToken authRequest)
|
protected void |
onSuccessfulAuthentication(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
org.springframework.security.Authentication authResult)
Attempts to write out the successful SSO token to a cookie,
if an SSO token was generated and stored via the AuthenticationProvider. |
protected void |
onUnsuccessfulAuthentication(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
org.springframework.security.AuthenticationException failed)
Attempts to remove any SSO tokens associated
with the request, effectively logging the user
out of Crowd. |
protected boolean |
requiresAuthentication(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
This filter will process all requests, however, if the filterProcessesUrl
is part of the request URI, the filter will assume the request is a
username/password authentication (login) request and will not check
for Crowd SSO authentication. |
protected void |
setDetails(javax.servlet.http.HttpServletRequest request,
org.springframework.security.providers.UsernamePasswordAuthenticationToken authRequest)
Provided so that subclasses may configure what is put into the authentication request's details
property. |
void |
setHttpAuthenticator(HttpAuthenticator httpAuthenticator)
Mandatory dependency. |
void |
setRequestToApplicationMapper(RequestToApplicationMapper requestToApplicationMapper)
Optional dependency. |
Methods inherited from class org.springframework.security.ui.webapp.AuthenticationProcessingFilter |
attemptAuthentication, getDefaultFilterProcessesUrl, getOrder, obtainPassword, obtainUsername, setPasswordParameter, setUsernameParameter |
Methods inherited from class org.springframework.security.ui.AbstractProcessingFilter |
afterPropertiesSet, determineFailureUrl, determineTargetUrl, doFilterHttp, getAllowSessionCreation, getAuthenticationDetailsSource, getAuthenticationFailureUrl, getAuthenticationManager, getDefaultTargetUrl, getFilterProcessesUrl, getRememberMeServices, getTargetUrlResolver, obtainFullSavedRequestUrl, onPreAuthentication, sendRedirect, setAllowSessionCreation, setAlwaysUseDefaultTargetUrl, setApplicationEventPublisher, setAuthenticationDetailsSource, setAuthenticationFailureUrl, setAuthenticationManager, setContinueChainBeforeSuccessfulAuthentication, setDefaultTargetUrl, setExceptionMappings, setFilterProcessesUrl, setInvalidateSessionOnSuccessfulAuthentication, setMessageSource, setMigrateInvalidatedSessionAttributes, setRememberMeServices, setServerSideRedirect, setSessionRegistry, setTargetUrlResolver, setUseRelativeContext, successfulAuthentication, unsuccessfulAuthentication |
Methods inherited from class org.springframework.security.ui.SpringSecurityFilter |
destroy, doFilter, init, toString |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait |
CrowdSSOAuthenticationProcessingFilter
public CrowdSSOAuthenticationProcessingFilter()
requiresAuthentication
protected boolean requiresAuthentication(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
- This filter will process all requests, however, if the filterProcessesUrl
is part of the request URI, the filter will assume the request is a
username/password authentication (login) request and will not check
for Crowd SSO authentication. Authentication will proceed as defined in
the AuthenticationProcessingFilter.
Otherwise, an authentication request to Crowd will be made to verify
any existing Crowd SSO token (via the ProviderManager).
- Overrides:
requiresAuthentication
in class org.springframework.security.ui.AbstractProcessingFilter
- Parameters:
request
- servlet request containing either username/password paramaters
or the Crowd token as a cookie.response
- servlet response to write out cookie.
- Returns:
true
only if the filterProcessesUrl is in the request URI.
setDetails
protected void setDetails(javax.servlet.http.HttpServletRequest request,
org.springframework.security.providers.UsernamePasswordAuthenticationToken authRequest)
- Provided so that subclasses may configure what is put into the authentication request's details
property.
Sets the validation factors from the HttpServletRequest on the authentication request. Also sets
the application name to the name of application responsible for authorising a particular request.
For single-crowd-application-per-spring-security-context web apps, this will just return the application
name specified in the ClientProperties. For multi-crowd-applications-per-spring-security-context web apps,
the requestToApplicationMapper will be used to determine the application name.
- Overrides:
setDetails
in class org.springframework.security.ui.webapp.AuthenticationProcessingFilter
- Parameters:
request
- that an authentication request is being created forauthRequest
- the authentication request object that should have its details set
doSetDetails
protected void doSetDetails(javax.servlet.http.HttpServletRequest request,
org.springframework.security.providers.AbstractAuthenticationToken authRequest)
onSuccessfulAuthentication
protected void onSuccessfulAuthentication(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
org.springframework.security.Authentication authResult)
throws java.io.IOException
- Attempts to write out the successful SSO token to a cookie,
if an SSO token was generated and stored via the AuthenticationProvider.
This effectively establishes SSO when using the CrowdAuthenticationProvider
in conjunction with this filter.
- Overrides:
onSuccessfulAuthentication
in class org.springframework.security.ui.AbstractProcessingFilter
- Parameters:
request
- servlet request.response
- servlet response.authResult
- result of a successful authentication. If it is a CrowdSSOAuthenticationToken
then the SSO token will be set to the "credentials" property.
- Throws:
java.io.IOException
- not thrown.
onUnsuccessfulAuthentication
protected void onUnsuccessfulAuthentication(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
org.springframework.security.AuthenticationException failed)
throws java.io.IOException
- Attempts to remove any SSO tokens associated
with the request, effectively logging the user
out of Crowd.
- Overrides:
onUnsuccessfulAuthentication
in class org.springframework.security.ui.AbstractProcessingFilter
- Parameters:
request
- servlet request.response
- servlet response.failed
- not required.
- Throws:
java.io.IOException
- not thrown.
setHttpAuthenticator
public void setHttpAuthenticator(HttpAuthenticator httpAuthenticator)
- Mandatory dependency.
- Parameters:
httpAuthenticator
- used to extract validation factors, set cookies and perform logouts.
setRequestToApplicationMapper
public void setRequestToApplicationMapper(RequestToApplicationMapper requestToApplicationMapper)
- Optional dependency.
- Parameters:
requestToApplicationMapper
- only required if multiple Crowd "applications" need to
be accessed via the same Spring Security context, eg. when one web-application corresponds to
multiple Crowd "applications".
Copyright © 2010 Atlassian. All Rights Reserved.