Class AbstractCrowdSSOAuthenticationProcessingFilter
- All Implemented Interfaces:
javax.servlet.Filter
,org.springframework.beans.factory.Aware
,org.springframework.beans.factory.BeanNameAware
,org.springframework.beans.factory.DisposableBean
,org.springframework.beans.factory.InitializingBean
,org.springframework.context.ApplicationEventPublisherAware
,org.springframework.context.EnvironmentAware
,org.springframework.context.MessageSourceAware
,org.springframework.core.env.EnvironmentCapable
,org.springframework.web.context.ServletContextAware
- Direct Known Subclasses:
AbstractLocalCrowdAuthenticationProcessingFilter
,CrowdSSOAuthenticationProcessingFilter
-
Field Summary
Modifier and TypeFieldDescriptionprotected final ClientProperties
protected static final Consumer<org.springframework.security.core.AuthenticationException>
protected final CrowdHttpTokenHelper
Fields inherited from class org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
SPRING_SECURITY_FORM_PASSWORD_KEY, SPRING_SECURITY_FORM_USERNAME_KEY
Fields inherited from class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
authenticationDetailsSource, eventPublisher, messages
-
Constructor Summary
ModifierConstructorDescriptionprotected
AbstractCrowdSSOAuthenticationProcessingFilter
(ClientProperties clientProperties, CrowdHttpTokenHelper tokenHelper) -
Method Summary
Modifier and TypeMethodDescriptionprotected void
appendSuppliers
(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, com.google.common.collect.ImmutableList.Builder<org.apache.commons.lang3.tuple.Pair<Supplier<org.springframework.security.authentication.AbstractAuthenticationToken>, Consumer<org.springframework.security.core.AuthenticationException>>> builder) protected boolean
canUseSavedRequestToAuthenticate
(javax.servlet.http.HttpServletRequest request) If the request has been redirected from a page it was not authorised to see, we want to authenticate the login page using the application of the source page.protected void
doSetDetails
(javax.servlet.http.HttpServletRequest request, org.springframework.security.authentication.AbstractAuthenticationToken authRequest) protected org.springframework.security.core.Authentication
getAuthenticatedToken
(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) protected CrowdSSOAuthenticationDetails
getAuthenticationDetails
(javax.servlet.http.HttpServletRequest request) protected abstract CookieConfiguration
protected String
getSavedPath
(javax.servlet.http.HttpServletRequest request) protected abstract void
onUnsuccessfulAuthentication
(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) Remove any SSO tokens associated with the request, effectively logging the user out of Crowd.protected boolean
requiresAuthentication
(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) This filter will process all requests, however, if the filterProcessesUrl is part of the request URI, the filter will assume the request is a username/password authentication (login) request and will not check for Crowd SSO authentication.protected void
setDetails
(javax.servlet.http.HttpServletRequest request, org.springframework.security.authentication.UsernamePasswordAuthenticationToken authRequest) Provided so that subclasses may configure what is put into the authentication request's details property.void
setLoginUrlAuthenticationEntryPoint
(org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint filterEntryPoint) Optional dependency, only required if multiple Crowd applications are coexisting in the same web-application.void
setRequestToApplicationMapper
(RequestToApplicationMapper requestToApplicationMapper) Optional dependency.protected void
storeTokenIfCrowd
(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, org.springframework.security.core.Authentication authResult) protected void
successfulAuthentication
(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, javax.servlet.FilterChain filterChain, org.springframework.security.core.Authentication authResult) Attempts to write out the successful SSO token to a cookie, if an SSO token was generated and stored via the AuthenticationProvider.protected void
unsuccessfulAuthentication
(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, org.springframework.security.core.AuthenticationException failed) Methods inherited from class org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
attemptAuthentication, getPasswordParameter, getUsernameParameter, obtainPassword, obtainUsername, setPasswordParameter, setPostOnly, setUsernameParameter
Methods inherited from class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
afterPropertiesSet, doFilter, getAllowSessionCreation, getAuthenticationManager, getFailureHandler, getRememberMeServices, getSuccessHandler, setAllowSessionCreation, setApplicationEventPublisher, setAuthenticationDetailsSource, setAuthenticationFailureHandler, setAuthenticationManager, setAuthenticationSuccessHandler, setContinueChainBeforeSuccessfulAuthentication, setFilterProcessesUrl, setMessageSource, setRememberMeServices, setRequiresAuthenticationRequestMatcher, setSecurityContextHolderStrategy, setSecurityContextRepository, setSessionAuthenticationStrategy
Methods inherited from class org.springframework.web.filter.GenericFilterBean
addRequiredProperty, createEnvironment, destroy, getEnvironment, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext
-
Field Details
-
SILENT_AUTHENTICATION_EXCEPTION_SWALLOWER
protected static final Consumer<org.springframework.security.core.AuthenticationException> SILENT_AUTHENTICATION_EXCEPTION_SWALLOWER -
clientProperties
-
tokenHelper
-
-
Constructor Details
-
AbstractCrowdSSOAuthenticationProcessingFilter
protected AbstractCrowdSSOAuthenticationProcessingFilter(ClientProperties clientProperties, CrowdHttpTokenHelper tokenHelper)
-
-
Method Details
-
requiresAuthentication
protected boolean requiresAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) This filter will process all requests, however, if the filterProcessesUrl is part of the request URI, the filter will assume the request is a username/password authentication (login) request and will not check for Crowd SSO authentication. Authentication will proceed as defined in the AuthenticationProcessingFilter.Otherwise, an authentication request to Crowd will be made to verify any existing Crowd SSO token (via the ProviderManager).
- Overrides:
requiresAuthentication
in classorg.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
- Parameters:
request
- servlet request containing either username/password paramaters or the Crowd token as a cookie.response
- servlet response to write out cookie.- Returns:
true
only if the filterProcessesUrl is in the request URI.
-
getAuthenticatedToken
protected org.springframework.security.core.Authentication getAuthenticatedToken(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) -
appendSuppliers
protected void appendSuppliers(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, com.google.common.collect.ImmutableList.Builder<org.apache.commons.lang3.tuple.Pair<Supplier<org.springframework.security.authentication.AbstractAuthenticationToken>, Consumer<org.springframework.security.core.AuthenticationException>>> builder) -
setDetails
protected void setDetails(javax.servlet.http.HttpServletRequest request, org.springframework.security.authentication.UsernamePasswordAuthenticationToken authRequest) Provided so that subclasses may configure what is put into the authentication request's details property.Sets the validation factors from the HttpServletRequest on the authentication request. Also sets the application name to the name of application responsible for authorising a particular request. For single-crowd-application-per-spring-security-context web apps, this will just return the application name specified in the ClientProperties. For multi-crowd-applications-per-spring-security-context web apps, the requestToApplicationMapper will be used to determine the application name.
- Overrides:
setDetails
in classorg.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
- Parameters:
request
- that an authentication request is being created forauthRequest
- the authentication request object that should have its details set
-
canUseSavedRequestToAuthenticate
protected boolean canUseSavedRequestToAuthenticate(javax.servlet.http.HttpServletRequest request) If the request has been redirected from a page it was not authorised to see, we want to authenticate the login page using the application of the source page. The only pages that should receive that special treatment are the login page itself and 'j_spring_security_check', the submission target of the login page.
This method contains that definition, and will only return
true
for those pages.- Returns:
- is it safe to authenticate this resource as if it were the resource saved in the session?
-
doSetDetails
protected void doSetDetails(javax.servlet.http.HttpServletRequest request, org.springframework.security.authentication.AbstractAuthenticationToken authRequest) -
getAuthenticationDetails
protected CrowdSSOAuthenticationDetails getAuthenticationDetails(javax.servlet.http.HttpServletRequest request) -
getSavedPath
-
successfulAuthentication
protected void successfulAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, javax.servlet.FilterChain filterChain, org.springframework.security.core.Authentication authResult) throws IOException, javax.servlet.ServletException Attempts to write out the successful SSO token to a cookie, if an SSO token was generated and stored via the AuthenticationProvider.This effectively establishes SSO when using the CrowdAuthenticationProvider in conjunction with this filter.
- Overrides:
successfulAuthentication
in classorg.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
- Parameters:
request
- servlet request.response
- servlet response.authResult
- result of a successful authentication. If it is a CrowdSSOAuthenticationToken then the SSO token will be set to the "credentials" property.- Throws:
IOException
- not thrown.javax.servlet.ServletException
-
storeTokenIfCrowd
protected void storeTokenIfCrowd(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, org.springframework.security.core.Authentication authResult) -
unsuccessfulAuthentication
protected void unsuccessfulAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, org.springframework.security.core.AuthenticationException failed) throws IOException, javax.servlet.ServletException - Overrides:
unsuccessfulAuthentication
in classorg.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
- Throws:
IOException
javax.servlet.ServletException
-
onUnsuccessfulAuthentication
protected abstract void onUnsuccessfulAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) Remove any SSO tokens associated with the request, effectively logging the user out of Crowd.- Parameters:
request
- servlet request.response
- servlet response.
-
getCookieConfiguration
- Throws:
Exception
-
setRequestToApplicationMapper
Optional dependency.- Parameters:
requestToApplicationMapper
- only required if multiple Crowd "applications" need to be accessed via the same Spring Security context, eg. when one web-application corresponds to multiple Crowd "applications".
-
setLoginUrlAuthenticationEntryPoint
public void setLoginUrlAuthenticationEntryPoint(org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint filterEntryPoint) Optional dependency, only required if multiple Crowd applications are coexisting in the same web-application. Used to discover the login page, through and treat it specially.
-