com.atlassian.jira.rest.auth
Class JiraRestSeraphAuthFilter

java.lang.Object
  extended by com.atlassian.jira.rest.auth.JiraRestSeraphAuthFilter
All Implemented Interfaces:
javax.servlet.Filter

public class JiraRestSeraphAuthFilter
extends Object
implements javax.servlet.Filter

JRA-25405: Users need to be able to hit '/rest/auth' even when their session has expired. The 'RestSeraphFilter' adds a magic seraph attribute to rest requests (i.e. /rest) that make seraph return a 401 when a request is made from a person whose session timed out. It does this under the assumption that the person did not mean to logout and will want to know that their session expired. Unfortunately, to log back in this user needs to hit a rest resource (i.e. /rest/auth). However, they will be unable to do so as they get a 401. To get around this we set this magic attribute to "none" for rest calls under '/rest/auth' under the assumption that these calls will handle their own authentication.

Since:
v4.4.5

Constructor Summary
JiraRestSeraphAuthFilter()
           
 
Method Summary
 void destroy()
           
 void doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain)
           
 void init(javax.servlet.FilterConfig filterConfig)
           
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

JiraRestSeraphAuthFilter

public JiraRestSeraphAuthFilter()
Method Detail

init

public void init(javax.servlet.FilterConfig filterConfig)
          throws javax.servlet.ServletException
Specified by:
init in interface javax.servlet.Filter
Throws:
javax.servlet.ServletException

doFilter

public void doFilter(javax.servlet.ServletRequest request,
                     javax.servlet.ServletResponse response,
                     javax.servlet.FilterChain chain)
              throws IOException,
                     javax.servlet.ServletException
Specified by:
doFilter in interface javax.servlet.Filter
Throws:
IOException
javax.servlet.ServletException

destroy

public void destroy()
Specified by:
destroy in interface javax.servlet.Filter


Copyright © 2002-2013 Atlassian. All Rights Reserved.