AbstractCrowdSSOAuthenticationProcessingFilter (Atlassian Crowd 4.3.0 API)

java.lang.Object
- org.springframework.web.filter.GenericFilterBean
- - org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
  - - org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
    - - com.atlassian.crowd.integration.springsecurity.AbstractCrowdSSOAuthenticationProcessingFilter

All Implemented Interfaces:

javax.servlet.Filter, org.springframework.beans.factory.Aware, org.springframework.beans.factory.BeanNameAware, org.springframework.beans.factory.DisposableBean, org.springframework.beans.factory.InitializingBean, org.springframework.context.ApplicationEventPublisherAware, org.springframework.context.EnvironmentAware, org.springframework.context.MessageSourceAware, org.springframework.core.env.EnvironmentCapable, org.springframework.web.context.ServletContextAware

Direct Known Subclasses:

AbstractLocalCrowdAuthenticationProcessingFilter, CrowdSSOAuthenticationProcessingFilter, CrowdSSOAuthenticationProcessingFilter
```
public abstract class AbstractCrowdSSOAuthenticationProcessingFilter
extends org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
```

Field Summary

Fields
Modifier and Type	Field and Description
`protected ClientProperties`	`clientProperties`
`protected static Consumer<org.springframework.security.core.AuthenticationException>`	`SILENT_AUTHENTICATION_EXCEPTION_SWALLOWER`
`protected CrowdHttpTokenHelper`	`tokenHelper`

Fields inherited from class org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
SPRING_SECURITY_FORM_PASSWORD_KEY, SPRING_SECURITY_FORM_USERNAME_KEY

Fields inherited from class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
authenticationDetailsSource, eventPublisher, messages

Constructor Summary

Constructors
Modifier	Constructor and Description
`protected`	`AbstractCrowdSSOAuthenticationProcessingFilter(ClientProperties clientProperties, CrowdHttpTokenHelper tokenHelper)`

Method Summary

All Methods Instance Methods Abstract Methods Concrete Methods
Modifier and Type	Method and Description
`protected void`	`appendSuppliers(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, com.google.common.collect.ImmutableList.Builder<org.apache.commons.lang3.tuple.Pair<Supplier<org.springframework.security.authentication.AbstractAuthenticationToken>,Consumer<org.springframework.security.core.AuthenticationException>>> builder)`
`protected boolean`	`canUseSavedRequestToAuthenticate(javax.servlet.http.HttpServletRequest request)` If the request has been redirected from a page it was not authorised to see, we want to authenticate the login page using the application of the source page.
`protected void`	`doSetDetails(javax.servlet.http.HttpServletRequest request, org.springframework.security.authentication.AbstractAuthenticationToken authRequest)`
`protected org.springframework.security.core.Authentication`	`getAuthenticatedToken(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)`
`protected CrowdSSOAuthenticationDetails`	`getAuthenticationDetails(javax.servlet.http.HttpServletRequest request)`
`protected abstract CookieConfiguration`	`getCookieConfiguration()`
`protected String`	`getSavedPath(javax.servlet.http.HttpServletRequest request)`
`protected abstract void`	`onUnsuccessfulAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)` Remove any SSO tokens associated with the request, effectively logging the user out of Crowd.
`protected boolean`	`requiresAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)` This filter will process all requests, however, if the filterProcessesUrl is part of the request URI, the filter will assume the request is a username/password authentication (login) request and will not check for Crowd SSO authentication.
`protected void`	`setDetails(javax.servlet.http.HttpServletRequest request, org.springframework.security.authentication.UsernamePasswordAuthenticationToken authRequest)` Provided so that subclasses may configure what is put into the authentication request's details property.
`void`	`setLoginUrlAuthenticationEntryPoint(org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint filterEntryPoint)` Optional dependency, only required if multiple Crowd applications are coexisting in the same web-application.
`void`	`setRequestToApplicationMapper(RequestToApplicationMapper requestToApplicationMapper)` Optional dependency.
`protected void`	`storeTokenIfCrowd(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, org.springframework.security.core.Authentication authResult)`
`protected void`	`successfulAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, javax.servlet.FilterChain filterChain, org.springframework.security.core.Authentication authResult)` Attempts to write out the successful SSO token to a cookie, if an SSO token was generated and stored via the AuthenticationProvider.
`protected void`	`unsuccessfulAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, org.springframework.security.core.AuthenticationException failed)`

Methods inherited from class org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
attemptAuthentication, getPasswordParameter, getUsernameParameter, obtainPassword, obtainUsername, setPasswordParameter, setPostOnly, setUsernameParameter

Methods inherited from class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
afterPropertiesSet, doFilter, getAllowSessionCreation, getAuthenticationManager, getFailureHandler, getRememberMeServices, getSuccessHandler, setAllowSessionCreation, setApplicationEventPublisher, setAuthenticationDetailsSource, setAuthenticationFailureHandler, setAuthenticationManager, setAuthenticationSuccessHandler, setContinueChainBeforeSuccessfulAuthentication, setFilterProcessesUrl, setMessageSource, setRememberMeServices, setRequiresAuthenticationRequestMatcher, setSessionAuthenticationStrategy

Methods inherited from class org.springframework.web.filter.GenericFilterBean
addRequiredProperty, createEnvironment, destroy, getEnvironment, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Field Detail
  - SILENT_AUTHENTICATION_EXCEPTION_SWALLOWER
```
protected static final Consumer<org.springframework.security.core.AuthenticationException> SILENT_AUTHENTICATION_EXCEPTION_SWALLOWER
```
  - clientProperties
```
protected final ClientProperties clientProperties
```
  - tokenHelper
```
protected final CrowdHttpTokenHelper tokenHelper
```
- Constructor Detail
  - AbstractCrowdSSOAuthenticationProcessingFilter
```
protected AbstractCrowdSSOAuthenticationProcessingFilter(ClientProperties clientProperties,
                                                         CrowdHttpTokenHelper tokenHelper)
```
- Method Detail
  - requiresAuthentication
```
protected boolean requiresAuthentication(javax.servlet.http.HttpServletRequest request,
                                         javax.servlet.http.HttpServletResponse response)
```
    This filter will process all requests, however, if the filterProcessesUrl is part of the request URI, the filter will assume the request is a username/password authentication (login) request and will not check for Crowd SSO authentication. Authentication will proceed as defined in the AuthenticationProcessingFilter.
    Otherwise, an authentication request to Crowd will be made to verify any existing Crowd SSO token (via the ProviderManager).
    
    Overrides:
    
    requiresAuthentication in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
    
    Parameters:
    
    request - servlet request containing either username/password paramaters or the Crowd token as a cookie.
    
    response - servlet response to write out cookie.
    
    Returns:
    
    true only if the filterProcessesUrl is in the request URI.
  - getAuthenticatedToken
```
protected org.springframework.security.core.Authentication getAuthenticatedToken(javax.servlet.http.HttpServletRequest request,
                                                                                 javax.servlet.http.HttpServletResponse response)
```
  - appendSuppliers
```
protected void appendSuppliers(javax.servlet.http.HttpServletRequest request,
                               javax.servlet.http.HttpServletResponse response,
                               com.google.common.collect.ImmutableList.Builder<org.apache.commons.lang3.tuple.Pair<Supplier<org.springframework.security.authentication.AbstractAuthenticationToken>,Consumer<org.springframework.security.core.AuthenticationException>>> builder)
```
  - setDetails
```
protected void setDetails(javax.servlet.http.HttpServletRequest request,
                          org.springframework.security.authentication.UsernamePasswordAuthenticationToken authRequest)
```
    Provided so that subclasses may configure what is put into the authentication request's details property.
    Sets the validation factors from the HttpServletRequest on the authentication request. Also sets the application name to the name of application responsible for authorising a particular request. For single-crowd-application-per-spring-security-context web apps, this will just return the application name specified in the ClientProperties. For multi-crowd-applications-per-spring-security-context web apps, the requestToApplicationMapper will be used to determine the application name.
    
    Overrides:
    
    setDetails in class org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
    
    Parameters:
    
    request - that an authentication request is being created for
    
    authRequest - the authentication request object that should have its details set
  - canUseSavedRequestToAuthenticate
```
protected boolean canUseSavedRequestToAuthenticate(javax.servlet.http.HttpServletRequest request)
```
    If the request has been redirected from a page it was not authorised to see, we want to authenticate the login page using the application of the source page. The only pages that should receive that special treatment are the login page itself and 'j_spring_security_check', the submission target of the login page.
    
    This method contains that definition, and will only return true for those pages.
    
    Returns:
    
    is it safe to authenticate this resource as if it were the resource saved in the session?
  - doSetDetails
```
protected void doSetDetails(javax.servlet.http.HttpServletRequest request,
                            org.springframework.security.authentication.AbstractAuthenticationToken authRequest)
```
  - getAuthenticationDetails
```
protected CrowdSSOAuthenticationDetails getAuthenticationDetails(javax.servlet.http.HttpServletRequest request)
```
  - getSavedPath
```
protected String getSavedPath(javax.servlet.http.HttpServletRequest request)
```
  - successfulAuthentication
```
protected void successfulAuthentication(javax.servlet.http.HttpServletRequest request,
                                        javax.servlet.http.HttpServletResponse response,
                                        javax.servlet.FilterChain filterChain,
                                        org.springframework.security.core.Authentication authResult)
                                 throws IOException,
                                        javax.servlet.ServletException
```
    Attempts to write out the successful SSO token to a cookie, if an SSO token was generated and stored via the AuthenticationProvider.
    This effectively establishes SSO when using the CrowdAuthenticationProvider in conjunction with this filter.
    
    Overrides:
    
    successfulAuthentication in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
    
    Parameters:
    
    request - servlet request.
    
    response - servlet response.
    
    authResult - result of a successful authentication. If it is a CrowdSSOAuthenticationToken then the SSO token will be set to the "credentials" property.
    
    Throws:
    
    IOException - not thrown.
    
    javax.servlet.ServletException
  - storeTokenIfCrowd
```
protected void storeTokenIfCrowd(javax.servlet.http.HttpServletRequest request,
                                 javax.servlet.http.HttpServletResponse response,
                                 org.springframework.security.core.Authentication authResult)
```
  - unsuccessfulAuthentication
```
protected void unsuccessfulAuthentication(javax.servlet.http.HttpServletRequest request,
                                          javax.servlet.http.HttpServletResponse response,
                                          org.springframework.security.core.AuthenticationException failed)
                                   throws IOException,
                                          javax.servlet.ServletException
```
    Overrides:
    
    unsuccessfulAuthentication in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
    
    Throws:
    
    IOException
    
    javax.servlet.ServletException
  - onUnsuccessfulAuthentication
```
protected abstract void onUnsuccessfulAuthentication(javax.servlet.http.HttpServletRequest request,
                                                     javax.servlet.http.HttpServletResponse response)
```
    Remove any SSO tokens associated with the request, effectively logging the user out of Crowd.
    
    Parameters:
    
    request - servlet request.
    
    response - servlet response.
  - getCookieConfiguration
```
protected abstract CookieConfiguration getCookieConfiguration()
                                                       throws Exception
```
    Throws:
    
    Exception
  - setRequestToApplicationMapper
```
public void setRequestToApplicationMapper(RequestToApplicationMapper requestToApplicationMapper)
```
    Optional dependency.
    
    Parameters:
    
    requestToApplicationMapper - only required if multiple Crowd "applications" need to be accessed via the same Spring Security context, eg. when one web-application corresponds to multiple Crowd "applications".
  - setLoginUrlAuthenticationEntryPoint
```
public void setLoginUrlAuthenticationEntryPoint(org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint filterEntryPoint)
```
    Optional dependency, only required if multiple Crowd applications are coexisting in the same web-application. Used to discover the login page, through and treat it specially.

Class AbstractCrowdSSOAuthenticationProcessingFilter

Field Summary

Fields inherited from class org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter

Fields inherited from class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

Constructor Summary

Method Summary

Methods inherited from class org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter

Methods inherited from class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

Methods inherited from class org.springframework.web.filter.GenericFilterBean

Methods inherited from class java.lang.Object

Field Detail

SILENT_AUTHENTICATION_EXCEPTION_SWALLOWER

clientProperties

tokenHelper

Constructor Detail

AbstractCrowdSSOAuthenticationProcessingFilter

Method Detail

requiresAuthentication

getAuthenticatedToken

appendSuppliers

setDetails

canUseSavedRequestToAuthenticate

doSetDetails

getAuthenticationDetails

getSavedPath

successfulAuthentication

storeTokenIfCrowd

unsuccessfulAuthentication

onUnsuccessfulAuthentication

getCookieConfiguration

setRequestToApplicationMapper

setLoginUrlAuthenticationEntryPoint