com.atlassian.crowd.integration.springsecurity
Class CrowdSSOAuthenticationProcessingFilter

java.lang.Object
  extended by org.springframework.web.filter.GenericFilterBean
      extended by org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
          extended by org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
              extended by com.atlassian.crowd.integration.springsecurity.CrowdSSOAuthenticationProcessingFilter
All Implemented Interfaces:
javax.servlet.Filter, org.springframework.beans.factory.Aware, org.springframework.beans.factory.BeanNameAware, org.springframework.beans.factory.DisposableBean, org.springframework.beans.factory.InitializingBean, org.springframework.context.ApplicationEventPublisherAware, org.springframework.context.EnvironmentAware, org.springframework.context.MessageSourceAware, org.springframework.web.context.ServletContextAware

public class CrowdSSOAuthenticationProcessingFilter
extends org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter

The CrowdSSOAuthenticationProcessingFilter is to be used in conjunction with the CrowdAuthenticationProvider to provide SSO authentication. If single sign-on is not required, centralised authentication can still be achieved by using the default AuthenticationProcessingFilter in conjunction with the CrowdAuthenticationProvider.

Author:
Shihab Hamid

Field Summary
 
Fields inherited from class org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
SPRING_SECURITY_FORM_PASSWORD_KEY, SPRING_SECURITY_FORM_USERNAME_KEY, SPRING_SECURITY_LAST_USERNAME_KEY
 
Fields inherited from class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
authenticationDetailsSource, eventPublisher, messages, SPRING_SECURITY_LAST_EXCEPTION_KEY
 
Fields inherited from class org.springframework.web.filter.GenericFilterBean
logger
 
Constructor Summary
CrowdSSOAuthenticationProcessingFilter()
           
 
Method Summary
protected  void doSetDetails(javax.servlet.http.HttpServletRequest request, org.springframework.security.authentication.AbstractAuthenticationToken authRequest)
           
protected  boolean requiresAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
          This filter will process all requests, however, if the filterProcessesUrl is part of the request URI, the filter will assume the request is a username/password authentication (login) request and will not check for Crowd SSO authentication.
protected  void setDetails(javax.servlet.http.HttpServletRequest request, org.springframework.security.authentication.UsernamePasswordAuthenticationToken authRequest)
          Provided so that subclasses may configure what is put into the authentication request's details property.
 void setHttpAuthenticator(HttpAuthenticator httpAuthenticator)
          Mandatory dependency.
 void setLoginUrlAuthenticationEntryPoint(org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint filterEntryPoint)
          Optional dependency, only required if multiple Crowd applications are coexisting in the same web-application.
 void setRequestToApplicationMapper(RequestToApplicationMapper requestToApplicationMapper)
          Optional dependency.
protected  void successfulAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, org.springframework.security.core.Authentication authResult)
          Attempts to write out the successful SSO token to a cookie, if an SSO token was generated and stored via the AuthenticationProvider.
protected  void unsuccessfulAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, org.springframework.security.core.AuthenticationException failed)
          Attempts to remove any SSO tokens associated with the request, effectively logging the user out of Crowd.
 
Methods inherited from class org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
attemptAuthentication, getPasswordParameter, getUsernameParameter, obtainPassword, obtainUsername, setPasswordParameter, setPostOnly, setUsernameParameter
 
Methods inherited from class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
afterPropertiesSet, doFilter, getAllowSessionCreation, getAuthenticationManager, getFailureHandler, getFilterProcessesUrl, getRememberMeServices, getSuccessHandler, setAllowSessionCreation, setApplicationEventPublisher, setAuthenticationDetailsSource, setAuthenticationFailureHandler, setAuthenticationManager, setAuthenticationSuccessHandler, setContinueChainBeforeSuccessfulAuthentication, setFilterProcessesUrl, setMessageSource, setRememberMeServices, setSessionAuthenticationStrategy, successfulAuthentication
 
Methods inherited from class org.springframework.web.filter.GenericFilterBean
addRequiredProperty, destroy, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

CrowdSSOAuthenticationProcessingFilter

public CrowdSSOAuthenticationProcessingFilter()
Method Detail

requiresAuthentication

protected boolean requiresAuthentication(javax.servlet.http.HttpServletRequest request,
                                         javax.servlet.http.HttpServletResponse response)
This filter will process all requests, however, if the filterProcessesUrl is part of the request URI, the filter will assume the request is a username/password authentication (login) request and will not check for Crowd SSO authentication. Authentication will proceed as defined in the AuthenticationProcessingFilter. Otherwise, an authentication request to Crowd will be made to verify any existing Crowd SSO token (via the ProviderManager).

Overrides:
requiresAuthentication in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
Parameters:
request - servlet request containing either username/password paramaters or the Crowd token as a cookie.
response - servlet response to write out cookie.
Returns:
true only if the filterProcessesUrl is in the request URI.

setDetails

protected void setDetails(javax.servlet.http.HttpServletRequest request,
                          org.springframework.security.authentication.UsernamePasswordAuthenticationToken authRequest)
Provided so that subclasses may configure what is put into the authentication request's details property. Sets the validation factors from the HttpServletRequest on the authentication request. Also sets the application name to the name of application responsible for authorising a particular request. For single-crowd-application-per-spring-security-context web apps, this will just return the application name specified in the ClientProperties. For multi-crowd-applications-per-spring-security-context web apps, the requestToApplicationMapper will be used to determine the application name.

Overrides:
setDetails in class org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
Parameters:
request - that an authentication request is being created for
authRequest - the authentication request object that should have its details set

doSetDetails

protected void doSetDetails(javax.servlet.http.HttpServletRequest request,
                            org.springframework.security.authentication.AbstractAuthenticationToken authRequest)

successfulAuthentication

protected void successfulAuthentication(javax.servlet.http.HttpServletRequest request,
                                        javax.servlet.http.HttpServletResponse response,
                                        org.springframework.security.core.Authentication authResult)
                                 throws IOException,
                                        javax.servlet.ServletException
Attempts to write out the successful SSO token to a cookie, if an SSO token was generated and stored via the AuthenticationProvider. This effectively establishes SSO when using the CrowdAuthenticationProvider in conjunction with this filter.

Overrides:
successfulAuthentication in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
Parameters:
request - servlet request.
response - servlet response.
authResult - result of a successful authentication. If it is a CrowdSSOAuthenticationToken then the SSO token will be set to the "credentials" property.
Throws:
IOException - not thrown.
javax.servlet.ServletException

unsuccessfulAuthentication

protected void unsuccessfulAuthentication(javax.servlet.http.HttpServletRequest request,
                                          javax.servlet.http.HttpServletResponse response,
                                          org.springframework.security.core.AuthenticationException failed)
                                   throws IOException,
                                          javax.servlet.ServletException
Attempts to remove any SSO tokens associated with the request, effectively logging the user out of Crowd.

Overrides:
unsuccessfulAuthentication in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
Parameters:
request - servlet request.
response - servlet response.
failed - not required.
Throws:
IOException - not thrown.
javax.servlet.ServletException

setHttpAuthenticator

public void setHttpAuthenticator(HttpAuthenticator httpAuthenticator)
Mandatory dependency.

Parameters:
httpAuthenticator - used to extract validation factors, set cookies and perform logouts.

setRequestToApplicationMapper

public void setRequestToApplicationMapper(RequestToApplicationMapper requestToApplicationMapper)
Optional dependency.

Parameters:
requestToApplicationMapper - only required if multiple Crowd "applications" need to be accessed via the same Spring Security context, eg. when one web-application corresponds to multiple Crowd "applications".

setLoginUrlAuthenticationEntryPoint

public void setLoginUrlAuthenticationEntryPoint(org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint filterEntryPoint)
Optional dependency, only required if multiple Crowd applications are coexisting in the same web-application. Used to discover the login page, through and treat it specially.



Copyright © 2013 Atlassian. All Rights Reserved.