com.atlassian.crowd.plugin.rest.filter

Class BasicApplicationAuthenticationFilter

java.lang.Object

com.atlassian.crowd.plugin.rest.filter.AbstractBasicAuthenticationFilter

com.atlassian.crowd.plugin.rest.filter.BasicApplicationAuthenticationFilter

All Implemented Interfaces:

javax.servlet.Filter

public class BasicApplicationAuthenticationFilter
extends AbstractBasicAuthenticationFilter

Implementation of HTTP Basic Authentication such that all invocations to the filter must be authenticated with a valid application name and corresponding password. As a performance enhancement the application name is saved in the session after a successful authentication. Password check is waived with consequent requests when the application name in the request matches the application name in the session. Clients wishing to take advantage of this feature must support cookies.

Nested Class Summary

Nested classes/interfaces inherited from class com.atlassian.crowd.plugin.rest.filter.AbstractBasicAuthenticationFilter

AbstractBasicAuthenticationFilter.Credentials

Constructor Summary

Constructors

Constructor and Description
BasicApplicationAuthenticationFilter(ApplicationManager applicationManager, ClientValidationManager clientValidationManager, TokenAuthenticationManager tokenAuthenticationManager)

Method Summary

Methods

Modifier and Type	Method and Description
void	doFilter(javax.servlet.ServletRequest servletRequest, javax.servlet.ServletResponse servletResponse, javax.servlet.FilterChain chain)
protected String	getAuthenticatedEntity(javax.servlet.http.HttpServletRequest request) Returns the authenticated entity from the request, or null if there is no authenticated entity.
protected String	getAuthenticationErrorMessage() Returns the authentication error message.
protected String	getBasicRealm() Returns the Basic Realm in the WWW-Authenticate header.
protected String	getEntityAttributeKey() Returns the HTTP request attribute key for the entity.
protected boolean	isAuthenticated(javax.servlet.http.HttpServletRequest request, AbstractBasicAuthenticationFilter.Credentials credentials) Decorates the parent behaviour to check also the validity of the token
protected void	setAuthenticatedEntity(javax.servlet.http.HttpServletRequest request, String name) Sets the authenticated entity.

Methods inherited from class com.atlassian.crowd.plugin.rest.filter.AbstractBasicAuthenticationFilter

destroy, ensureSeraphForwardsRequest, getBasicAuthCredentials, init, respondWithChallenge

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

BasicApplicationAuthenticationFilter

public BasicApplicationAuthenticationFilter(ApplicationManager applicationManager,
                                    ClientValidationManager clientValidationManager,
                                    TokenAuthenticationManager tokenAuthenticationManager)

Method Detail

doFilter

public void doFilter(javax.servlet.ServletRequest servletRequest,
            javax.servlet.ServletResponse servletResponse,
            javax.servlet.FilterChain chain)
              throws IOException,
                     javax.servlet.ServletException

Throws:

IOException

javax.servlet.ServletException

isAuthenticated

protected boolean isAuthenticated(javax.servlet.http.HttpServletRequest request,
                      AbstractBasicAuthenticationFilter.Credentials credentials)

Decorates the parent behaviour to check also the validity of the token

Overrides:

isAuthenticated in class AbstractBasicAuthenticationFilter

Parameters:

request - HTTP servlet request possibly containing a HttpSession

credentials - credentials sent with the request

Returns:

true is the application is authenticated

getAuthenticatedEntity

protected String getAuthenticatedEntity(javax.servlet.http.HttpServletRequest request)

Returns the authenticated entity from the request, or null if there is no authenticated entity.

Overrides:

getAuthenticatedEntity in class AbstractBasicAuthenticationFilter

Parameters:

request - Request

Returns:

authenticated entity from the request, or null if there is no authenticated entity.

setAuthenticatedEntity

protected void setAuthenticatedEntity(javax.servlet.http.HttpServletRequest request,
                          String name)

Sets the authenticated entity.

Overrides:

setAuthenticatedEntity in class AbstractBasicAuthenticationFilter

Parameters:

request - Request

name - the name of the authenticated entity

getEntityAttributeKey

protected String getEntityAttributeKey()

Description copied from class: AbstractBasicAuthenticationFilter

Returns the HTTP request attribute key for the entity.

Specified by:

getEntityAttributeKey in class AbstractBasicAuthenticationFilter

Returns:

attribute key for the entity

getAuthenticationErrorMessage

protected String getAuthenticationErrorMessage()

Description copied from class: AbstractBasicAuthenticationFilter

Returns the authentication error message.

Specified by:

getAuthenticationErrorMessage in class AbstractBasicAuthenticationFilter

Returns:

authentication error message

getBasicRealm

protected String getBasicRealm()

Description copied from class: AbstractBasicAuthenticationFilter

Returns the Basic Realm in the WWW-Authenticate header.

Specified by:

getBasicRealm in class AbstractBasicAuthenticationFilter

Returns:

Basic Realm