CrowdSSOAuthenticationProcessingFilter (Atlassian Crowd 2.4.2 API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

com.atlassian.crowd.integration.springsecurity
Class CrowdSSOAuthenticationProcessingFilter

java.lang.Object
  org.springframework.security.ui.SpringSecurityFilter
      org.springframework.security.ui.AbstractProcessingFilter
          org.springframework.security.ui.webapp.AuthenticationProcessingFilter
              com.atlassian.crowd.integration.springsecurity.CrowdSSOAuthenticationProcessingFilter

All Implemented Interfaces:: javax.servlet.Filter, org.springframework.beans.factory.InitializingBean, org.springframework.context.ApplicationEventPublisherAware, org.springframework.context.MessageSourceAware, org.springframework.core.Ordered

public class CrowdSSOAuthenticationProcessingFilter
extends org.springframework.security.ui.webapp.AuthenticationProcessingFilter
extends org.springframework.security.ui.webapp.AuthenticationProcessingFilter

The CrowdSSOAuthenticationProcessingFilter is to be used in conjunction with the CrowdAuthenticationProvider to provide SSO authentication. If single sign-on is not required, centralised authentication can still be acheived by using the default AuthenticationProcessingFilter in conjunction with the CrowdAuthenticationProvider.

Author:: Shihab Hamid

Field Summary

Fields inherited from class org.springframework.security.ui.webapp.AuthenticationProcessingFilter
`SPRING_SECURITY_FORM_PASSWORD_KEY, SPRING_SECURITY_FORM_USERNAME_KEY, SPRING_SECURITY_LAST_USERNAME_KEY`

Fields inherited from class org.springframework.security.ui.AbstractProcessingFilter
`authenticationDetailsSource, eventPublisher, messages, SPRING_SECURITY_LAST_EXCEPTION_KEY, SPRING_SECURITY_SAVED_REQUEST_KEY`

Fields inherited from class org.springframework.security.ui.SpringSecurityFilter
`logger`

Fields inherited from interface org.springframework.core.Ordered
`HIGHEST_PRECEDENCE, LOWEST_PRECEDENCE`

Constructor Summary
`CrowdSSOAuthenticationProcessingFilter()`

Method Summary
`protected void`	`doSetDetails(javax.servlet.http.HttpServletRequest request, org.springframework.security.providers.AbstractAuthenticationToken authRequest)`
`protected void`	`onSuccessfulAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, org.springframework.security.Authentication authResult)` Attempts to write out the successful SSO token to a cookie, if an SSO token was generated and stored via the AuthenticationProvider.
`protected void`	`onUnsuccessfulAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, org.springframework.security.AuthenticationException failed)` Attempts to remove any SSO tokens associated with the request, effectively logging the user out of Crowd.
`protected boolean`	`requiresAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)` This filter will process all requests, however, if the filterProcessesUrl is part of the request URI, the filter will assume the request is a username/password authentication (login) request and will not check for Crowd SSO authentication.
`void`	`setAuthenticationProcessingFilterEntryPoint(org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint filterEntryPoint)` Optional dependency, only required if multiple Crowd applications are coexisting in the same web-application.
`protected void`	`setDetails(javax.servlet.http.HttpServletRequest request, org.springframework.security.providers.UsernamePasswordAuthenticationToken authRequest)` Provided so that subclasses may configure what is put into the authentication request's details property.
`void`	`setHttpAuthenticator(HttpAuthenticator httpAuthenticator)` Mandatory dependency.
`void`	`setRequestToApplicationMapper(RequestToApplicationMapper requestToApplicationMapper)` Optional dependency.

Methods inherited from class org.springframework.security.ui.webapp.AuthenticationProcessingFilter
`attemptAuthentication, getDefaultFilterProcessesUrl, getOrder, obtainPassword, obtainUsername, setPasswordParameter, setUsernameParameter`

Methods inherited from class org.springframework.security.ui.AbstractProcessingFilter
afterPropertiesSet, determineFailureUrl, determineTargetUrl, doFilterHttp, getAllowSessionCreation, getAuthenticationDetailsSource, getAuthenticationFailureUrl, getAuthenticationManager, getDefaultTargetUrl, getFilterProcessesUrl, getRememberMeServices, getTargetUrlResolver, obtainFullSavedRequestUrl, onPreAuthentication, sendRedirect, setAllowSessionCreation, setAlwaysUseDefaultTargetUrl, setApplicationEventPublisher, setAuthenticationDetailsSource, setAuthenticationFailureUrl, setAuthenticationManager, setContinueChainBeforeSuccessfulAuthentication, setDefaultTargetUrl, setExceptionMappings, setFilterProcessesUrl, setInvalidateSessionOnSuccessfulAuthentication, setMessageSource, setMigrateInvalidatedSessionAttributes, setRememberMeServices, setServerSideRedirect, setSessionRegistry, setTargetUrlResolver, setUseRelativeContext, successfulAuthentication, unsuccessfulAuthentication

Methods inherited from class org.springframework.security.ui.AbstractProcessingFilter

afterPropertiesSet, determineFailureUrl, determineTargetUrl, doFilterHttp, getAllowSessionCreation, getAuthenticationDetailsSource, getAuthenticationFailureUrl, getAuthenticationManager, getDefaultTargetUrl, getFilterProcessesUrl, getRememberMeServices, getTargetUrlResolver, obtainFullSavedRequestUrl, onPreAuthentication, sendRedirect, setAllowSessionCreation, setAlwaysUseDefaultTargetUrl, setApplicationEventPublisher, setAuthenticationDetailsSource, setAuthenticationFailureUrl, setAuthenticationManager, setContinueChainBeforeSuccessfulAuthentication, setDefaultTargetUrl, setExceptionMappings, setFilterProcessesUrl, setInvalidateSessionOnSuccessfulAuthentication, setMessageSource, setMigrateInvalidatedSessionAttributes, setRememberMeServices, setServerSideRedirect, setSessionRegistry, setTargetUrlResolver, setUseRelativeContext, successfulAuthentication, unsuccessfulAuthentication

Methods inherited from class org.springframework.security.ui.SpringSecurityFilter
`destroy, doFilter, init, toString`

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait`

Constructor Detail

CrowdSSOAuthenticationProcessingFilter

public CrowdSSOAuthenticationProcessingFilter()

Method Detail

requiresAuthentication

protected boolean requiresAuthentication(javax.servlet.http.HttpServletRequest request,
                                         javax.servlet.http.HttpServletResponse response)

This filter will process all requests, however, if the filterProcessesUrl is part of the request URI, the filter will assume the request is a username/password authentication (login) request and will not check for Crowd SSO authentication. Authentication will proceed as defined in the AuthenticationProcessingFilter. Otherwise, an authentication request to Crowd will be made to verify any existing Crowd SSO token (via the ProviderManager).

Overrides:: requiresAuthentication in class org.springframework.security.ui.AbstractProcessingFilter

Parameters:: request - servlet request containing either username/password paramaters or the Crowd token as a cookie.; response - servlet response to write out cookie.
Returns:: true only if the filterProcessesUrl is in the request URI.

setDetails

protected void setDetails(javax.servlet.http.HttpServletRequest request,
                          org.springframework.security.providers.UsernamePasswordAuthenticationToken authRequest)

Provided so that subclasses may configure what is put into the authentication request's details property. Sets the validation factors from the HttpServletRequest on the authentication request. Also sets the application name to the name of application responsible for authorising a particular request. For single-crowd-application-per-spring-security-context web apps, this will just return the application name specified in the ClientProperties. For multi-crowd-applications-per-spring-security-context web apps, the requestToApplicationMapper will be used to determine the application name.

Overrides:: setDetails in class org.springframework.security.ui.webapp.AuthenticationProcessingFilter

Parameters:: request - that an authentication request is being created for; authRequest - the authentication request object that should have its details set

doSetDetails

protected void doSetDetails(javax.servlet.http.HttpServletRequest request,
                            org.springframework.security.providers.AbstractAuthenticationToken authRequest)

onSuccessfulAuthentication

protected void onSuccessfulAuthentication(javax.servlet.http.HttpServletRequest request,
                                          javax.servlet.http.HttpServletResponse response,
                                          org.springframework.security.Authentication authResult)
                                   throws java.io.IOException

Attempts to write out the successful SSO token to a cookie, if an SSO token was generated and stored via the AuthenticationProvider. This effectively establishes SSO when using the CrowdAuthenticationProvider in conjunction with this filter.

Overrides:: onSuccessfulAuthentication in class org.springframework.security.ui.AbstractProcessingFilter

Parameters:: request - servlet request.; response - servlet response.; authResult - result of a successful authentication. If it is a CrowdSSOAuthenticationToken then the SSO token will be set to the "credentials" property.
Throws:: java.io.IOException - not thrown.

onUnsuccessfulAuthentication

protected void onUnsuccessfulAuthentication(javax.servlet.http.HttpServletRequest request,
                                            javax.servlet.http.HttpServletResponse response,
                                            org.springframework.security.AuthenticationException failed)
                                     throws java.io.IOException

Attempts to remove any SSO tokens associated with the request, effectively logging the user out of Crowd.

Overrides:: onUnsuccessfulAuthentication in class org.springframework.security.ui.AbstractProcessingFilter

Parameters:: request - servlet request.; response - servlet response.; failed - not required.
Throws:: java.io.IOException - not thrown.

setHttpAuthenticator

public void setHttpAuthenticator(HttpAuthenticator httpAuthenticator)

Mandatory dependency.

Parameters:: httpAuthenticator - used to extract validation factors, set cookies and perform logouts.

setRequestToApplicationMapper

public void setRequestToApplicationMapper(RequestToApplicationMapper requestToApplicationMapper)

Optional dependency.

Parameters:: requestToApplicationMapper - only required if multiple Crowd "applications" need to be accessed via the same Spring Security context, eg. when one web-application corresponds to multiple Crowd "applications".

setAuthenticationProcessingFilterEntryPoint

public void setAuthenticationProcessingFilterEntryPoint(org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint filterEntryPoint)

Optional dependency, only required if multiple Crowd applications are coexisting in the same web-application. Used to discover the login page, through and treat it specially.