public class SiteminderAuthenticationProcessingFilter extends AuthenticationProcessingFilter
Also provides a backup form-based authentication and the ability set source key names.
Siteminder must present two headers to this filter, a username and password. You must set the header keys before this filter is used for authentication, otherwise Siteminder checks will be skipped. If the Siteminder check is unsuccessful (i.e. if the headers are not found), then the form parameters will be checked (see next paragraph). This allows applications to optionally function even when their Siteminder infrastructure is unavailable, as is often the case during development.
Login forms must present two parameters to this filter: a username and password. If not
specified, the parameter names to use are contained in the static fields AuthenticationProcessingFilter.ACEGI_SECURITY_FORM_USERNAME_KEY
and AuthenticationProcessingFilter.ACEGI_SECURITY_FORM_PASSWORD_KEY
.
Do not use this class directly. Instead, configure web.xml
to use the FilterToBeanProxy
.
ACEGI_SECURITY_FORM_PASSWORD_KEY, ACEGI_SECURITY_FORM_USERNAME_KEY, ACEGI_SECURITY_LAST_USERNAME_KEY
ACEGI_SAVED_REQUEST_KEY, ACEGI_SECURITY_LAST_EXCEPTION_KEY, authenticationDetailsSource, eventPublisher, messages
Constructor and Description |
---|
SiteminderAuthenticationProcessingFilter()
Basic constructor.
|
Modifier and Type | Method and Description |
---|---|
Authentication |
attemptAuthentication(javax.servlet.http.HttpServletRequest request)
Performs actual authentication.
|
String |
getFormPasswordParameterKey()
Returns the form password parameter key.
|
String |
getFormUsernameParameterKey()
Returns the form username parameter key.
|
String |
getSiteminderPasswordHeaderKey()
Returns the Siteminder password header key.
|
String |
getSiteminderUsernameHeaderKey()
Returns the Siteminder username header key.
|
protected String |
obtainPassword(javax.servlet.http.HttpServletRequest request)
Overridden method to obtain different value depending on whether Siteminder or form validation is being
performed.
|
protected boolean |
requiresAuthentication(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
Overridden to perform authentication not only on j_security_check, but also on requests for the default
target URL when the user isn't already authenticated.
|
void |
setFormPasswordParameterKey(String key)
Sets the form password parameter key.
|
void |
setFormUsernameParameterKey(String key)
Sets the form username parameter key.
|
void |
setSiteminderPasswordHeaderKey(String key)
Sets the Siteminder password header key.
|
void |
setSiteminderUsernameHeaderKey(String key)
Sets the Siteminder username header key.
|
getDefaultFilterProcessesUrl, init, obtainUsername, setDetails
afterPropertiesSet, destroy, determineFailureUrl, determineTargetUrl, doFilter, getAuthenticationDetailsSource, getAuthenticationFailureUrl, getAuthenticationManager, getDefaultTargetUrl, getExceptionMappings, getFilterProcessesUrl, getRememberMeServices, isAlwaysUseDefaultTargetUrl, isContinueChainBeforeSuccessfulAuthentication, obtainFullRequestUrl, onPreAuthentication, onSuccessfulAuthentication, onUnsuccessfulAuthentication, sendRedirect, setAlwaysUseDefaultTargetUrl, setApplicationEventPublisher, setAuthenticationDetailsSource, setAuthenticationFailureUrl, setAuthenticationManager, setBufferSize, setContinueChainBeforeSuccessfulAuthentication, setDefaultTargetUrl, setExceptionMappings, setFilterProcessesUrl, setMessageSource, setRememberMeServices, setUseRelativeContext, successfulAuthentication, unsuccessfulAuthentication
public SiteminderAuthenticationProcessingFilter()
public Authentication attemptAuthentication(javax.servlet.http.HttpServletRequest request) throws AuthenticationException
AbstractProcessingFilter
attemptAuthentication
in class AuthenticationProcessingFilter
request
- from which to extract parameters and perform the
authenticationAuthenticationException
- if authentication failsAbstractProcessingFilter.attemptAuthentication(javax.servlet.http.HttpServletRequest)
public String getFormPasswordParameterKey()
public String getFormUsernameParameterKey()
public String getSiteminderPasswordHeaderKey()
public String getSiteminderUsernameHeaderKey()
protected String obtainPassword(javax.servlet.http.HttpServletRequest request)
obtainPassword
in class AuthenticationProcessingFilter
request
- so that request attributes can be retrievedAuthentication
request token to the
AuthenticationManager
protected boolean requiresAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
Thank you Paul Garvey for providing a straightforward solution (and code) for this!
requiresAuthentication
in class AbstractProcessingFilter
request
- as received from the filter chainresponse
- as received from the filter chaintrue
if the filter should attempt authentication,
false
otherwiseAbstractProcessingFilter.requiresAuthentication(javax.servlet.http.HttpServletRequest,
javax.servlet.http.HttpServletResponse)
public void setFormPasswordParameterKey(String key)
key
- The form password parameter key.public void setFormUsernameParameterKey(String key)
key
- The form username parameter key.public void setSiteminderPasswordHeaderKey(String key)
key
- The Siteminder password header key.public void setSiteminderUsernameHeaderKey(String key)
key
- The Siteminder username header key.Copyright © 2004–2019 Interface21, Inc. All rights reserved.