public class BasicHeaderProcessor extends Object implements javax.servlet.Filter
Implementations of BasicHeaderAuthenticator includes one that accepts the real password,
then one that checks the user's API token. We call them all from a single Filter like this,
as opposed to using a list of Filters, so that multiple filters don't end up trying
to authenticate the same header differently and fail.
ZD-19640| Constructor and Description |
|---|
BasicHeaderProcessor() |
| Modifier and Type | Method and Description |
|---|---|
protected List<? extends BasicHeaderAuthenticator> |
all() |
protected boolean |
authenticationIsRequired(String username)
If the request is already authenticated to the same user that the Authorization header claims,
for example through the HTTP session, then there's no need to re-authenticate the Authorization header,
so we skip that.
|
void |
destroy() |
void |
doFilter(javax.servlet.ServletRequest request,
javax.servlet.ServletResponse response,
javax.servlet.FilterChain chain) |
protected void |
fail(javax.servlet.http.HttpServletRequest req,
javax.servlet.http.HttpServletResponse rsp,
org.acegisecurity.BadCredentialsException failure) |
void |
init(javax.servlet.FilterConfig filterConfig) |
void |
setAuthenticationEntryPoint(org.acegisecurity.ui.AuthenticationEntryPoint authenticationEntryPoint) |
void |
setRememberMeServices(org.acegisecurity.ui.rememberme.RememberMeServices rememberMeServices) |
protected void |
success(javax.servlet.http.HttpServletRequest req,
javax.servlet.http.HttpServletResponse rsp,
javax.servlet.FilterChain chain,
org.acegisecurity.Authentication auth) |
public void init(javax.servlet.FilterConfig filterConfig)
throws javax.servlet.ServletException
init in interface javax.servlet.Filterjavax.servlet.ServletExceptionpublic void setAuthenticationEntryPoint(org.acegisecurity.ui.AuthenticationEntryPoint authenticationEntryPoint)
public void setRememberMeServices(org.acegisecurity.ui.rememberme.RememberMeServices rememberMeServices)
public void doFilter(javax.servlet.ServletRequest request,
javax.servlet.ServletResponse response,
javax.servlet.FilterChain chain)
throws IOException,
javax.servlet.ServletException
doFilter in interface javax.servlet.FilterIOExceptionjavax.servlet.ServletExceptionprotected boolean authenticationIsRequired(String username)
SecurityRealm.
This method returns false if we can take this short-cut.protected void success(javax.servlet.http.HttpServletRequest req,
javax.servlet.http.HttpServletResponse rsp,
javax.servlet.FilterChain chain,
org.acegisecurity.Authentication auth)
throws IOException,
javax.servlet.ServletException
IOExceptionjavax.servlet.ServletExceptionprotected void fail(javax.servlet.http.HttpServletRequest req,
javax.servlet.http.HttpServletResponse rsp,
org.acegisecurity.BadCredentialsException failure)
throws IOException,
javax.servlet.ServletException
IOExceptionjavax.servlet.ServletExceptionprotected List<? extends BasicHeaderAuthenticator> all()
public void destroy()
destroy in interface javax.servlet.FilterCopyright © 2019. All rights reserved.