- All Implemented Interfaces:
- javax.servlet.Filter
public class JiraRestSeraphAuthFilter
extends Object
implements javax.servlet.Filter
JRA-25405: Users need to be able to hit '/rest/auth' even when their session has expired.
The 'RestSeraphFilter' adds a magic seraph attribute to rest requests (i.e. /rest) that make seraph return a 401
when a request is made from a person whose session timed out. It does this under the assumption
that the person did not mean to logout and will want to know that their session expired.
Unfortunately, to log back in this user needs to hit a rest resource (i.e. /rest/auth). However, they
will be unable to do so as they get a 401. To get around this we set this magic attribute to "none" for
rest calls under '/rest/auth' under the assumption that these calls will handle their own authentication.
- Since:
- v4.4.5