public class JaasApiIntegrationFilter extends GenericFilterBean
A Filter which attempts to obtain a JAAS Subject
and continue the FilterChain running as that
Subject.
By using this Filter in conjunction with Spring's
JaasAuthenticationProvider both Spring's
SecurityContext and a JAAS Subject can be populated
simultaneously. This is useful when integrating with code that requires a
JAAS Subject to be populated.
logger| Constructor and Description |
|---|
JaasApiIntegrationFilter() |
| Modifier and Type | Method and Description |
|---|---|
void |
doFilter(javax.servlet.ServletRequest request,
javax.servlet.ServletResponse response,
javax.servlet.FilterChain chain)
Attempts to obtain and run as a JAAS
Subject using
obtainSubject(ServletRequest). |
protected Subject |
obtainSubject(javax.servlet.ServletRequest request)
Obtains the
Subject to run as or null if no
Subject is available. |
void |
setCreateEmptySubject(boolean createEmptySubject)
Sets
createEmptySubject. |
addRequiredProperty, afterPropertiesSet, destroy, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContextpublic final void doFilter(javax.servlet.ServletRequest request,
javax.servlet.ServletResponse response,
javax.servlet.FilterChain chain)
throws javax.servlet.ServletException,
IOException
Attempts to obtain and run as a JAAS Subject using
obtainSubject(ServletRequest).
If the Subject is null and
createEmptySubject is true, an empty, writeable
Subject is used. This allows for the Subject to
be populated at the time of login. If the Subject is
null, the FilterChain continues with no
additional processing. If the Subject is not
null, the FilterChain is ran with
Subject.doAs(Subject, PrivilegedExceptionAction) in conjunction
with the Subject obtained.
javax.servlet.ServletExceptionIOExceptionprotected Subject obtainSubject(javax.servlet.ServletRequest request)
Obtains the Subject to run as or null if no
Subject is available.
The default implementation attempts to obtain the Subject
from the SecurityContext's Authentication. If
it is of type JaasAuthenticationToken and is authenticated,
the Subject is returned from it. Otherwise,
null is returned.
request - the current ServletRequestnull if no
Subject is available.public final void setCreateEmptySubject(boolean createEmptySubject)
createEmptySubject. If the value is true,
and obtainSubject(ServletRequest) returns null, an
empty, writeable Subject is created instead. Otherwise no
Subject is used. The default is false.createEmptySubject - the new value