com.atlassian.seraph.filter
Class HttpAuthFilter

java.lang.Object
  extended by com.atlassian.seraph.filter.BaseLoginFilter
      extended by com.atlassian.seraph.filter.PasswordBasedLoginFilter
          extended by com.atlassian.seraph.filter.HttpAuthFilter
All Implemented Interfaces:
javax.servlet.Filter

public class HttpAuthFilter
extends PasswordBasedLoginFilter

This is a filter that logs the user in. It parses a standard HTTP based authentication requst and logs the user in. At the moment it supports only a BASIC authentication scheme. The simple way of using it manually is to request a URL in the following form: protocol://user:password@host[:port]/path e.g.: https://juancho:sillyPass@bamboo.developer.atlassian.com/

If authentication is successful, the user will be redirected by the filter to the URL given by the session attribute at SecurityFilter.ORIGINAL_URL_KEY.

If this URL doesn't exist, it will look for a parameter 'os_destination' to use as the redirected URL instead.

If neither is found, it is assumed that the page will check the authorisation status and handle redirection itself.

From the any other filter in the request, or the servlet/JSP/action which processes the request, you can look up the status of the authorisation attempt. The status is a String request attribute, with the key 'os_authstatus'.

The possible statuses are:


Nested Class Summary
 
Nested classes/interfaces inherited from class com.atlassian.seraph.filter.PasswordBasedLoginFilter
PasswordBasedLoginFilter.UserPasswordPair
 
Field Summary
 
Fields inherited from class com.atlassian.seraph.filter.BaseLoginFilter
ALREADY_FILTERED, AUTHENTICATION_ERROR_TYPE, LOGIN_ERROR, LOGIN_FAILED, LOGIN_NOATTEMPT, LOGIN_SUCCESS, OS_AUTHSTATUS_KEY
 
Constructor Summary
HttpAuthFilter()
           
 
Method Summary
protected  PasswordBasedLoginFilter.UserPasswordPair extractUserPasswordPair(javax.servlet.http.HttpServletRequest request)
          Returns a username password pair for this request.
 
Methods inherited from class com.atlassian.seraph.filter.PasswordBasedLoginFilter
login
 
Methods inherited from class com.atlassian.seraph.filter.BaseLoginFilter
destroy, doFilter, getAuthenticationContext, getAuthenticator, getElevatedSecurityGuard, getFilterConfig, getSecurityConfig, init, isAbsoluteUrl, redirectToOriginalDestination, setFilterConfig
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

HttpAuthFilter

public HttpAuthFilter()
Method Detail

extractUserPasswordPair

protected PasswordBasedLoginFilter.UserPasswordPair extractUserPasswordPair(javax.servlet.http.HttpServletRequest request)
Description copied from class: PasswordBasedLoginFilter
Returns a username password pair for this request. If this request does not contain user credentials - returns null;

Specified by:
extractUserPasswordPair in class PasswordBasedLoginFilter
Parameters:
request - the HTTP request in play
Returns:
user credentials or null


Copyright © 2013 Atlassian. All Rights Reserved.