View Javadoc

1   package com.atlassian.plugins.rest.module.servlet;
2   
3   import java.io.IOException;
4   import javax.servlet.Filter;
5   import javax.servlet.FilterChain;
6   import javax.servlet.FilterConfig;
7   import javax.servlet.ServletException;
8   import javax.servlet.ServletRequest;
9   import javax.servlet.ServletResponse;
10  import javax.servlet.http.HttpServletRequest;
11  import javax.servlet.http.HttpServletResponse;
12  
13  /**
14   * This filter needs to run before Seraph's SecurityFilter. It will set a request attribute that tells Seraph
15   * "this request is on REST so use a default os_authType of 'any'". For more details look at the
16   * https://extranet.atlassian.com/display/DEV/Rest+Authentication+Specification+Proposal
17   *
18   * @since v2.1
19   */
20  public class RestSeraphFilter implements Filter {
21      // This *must* be the same thing as in com.atlassian.seraph.auth.AuthType
22      public static final String DEFAULT_ATTRIBUTE = "os_authTypeDefault";
23  
24      public void init(final FilterConfig filterConfig) throws ServletException {
25      }
26  
27      public void doFilter(final ServletRequest request, final ServletResponse response, final FilterChain chain)
28              throws IOException, ServletException {
29          final HttpServletRequest httpRequest = (HttpServletRequest) request;
30          final HttpServletResponse httpResponse = (HttpServletResponse) response;
31  
32          if (httpRequest.getServletPath().startsWith("/rest/")) {
33              // Only set it if someone before us hasn't already done so.
34              if (httpRequest.getAttribute(DEFAULT_ATTRIBUTE) == null) {
35                  httpRequest.setAttribute(DEFAULT_ATTRIBUTE, "any");
36              }
37              chain.doFilter(request, httpResponse);
38          } else {
39              chain.doFilter(request, response);
40          }
41      }
42  
43      public void destroy() {
44      }
45  }