public class JaasApiIntegrationFilter extends GenericFilterBean
A Filter which attempts to obtain a JAAS Subject and continue
the FilterChain running as that Subject.
By using this Filter in conjunction with Spring's
JaasAuthenticationProvider both Spring's SecurityContext and
a JAAS Subject can be populated simultaneously. This is useful when
integrating with code that requires a JAAS Subject to be populated.
doFilter(ServletRequest, ServletResponse, FilterChain),
obtainSubject(ServletRequest)logger| Constructor and Description |
|---|
JaasApiIntegrationFilter() |
| Modifier and Type | Method and Description |
|---|---|
void |
doFilter(javax.servlet.ServletRequest request,
javax.servlet.ServletResponse response,
javax.servlet.FilterChain chain)
Attempts to obtain and run as a JAAS
Subject using
obtainSubject(ServletRequest). |
protected Subject |
obtainSubject(javax.servlet.ServletRequest request)
Obtains the
Subject to run as or null if no
Subject is available. |
void |
setCreateEmptySubject(boolean createEmptySubject)
Sets
createEmptySubject. |
addRequiredProperty, afterPropertiesSet, destroy, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContextpublic final void doFilter(javax.servlet.ServletRequest request,
javax.servlet.ServletResponse response,
javax.servlet.FilterChain chain)
throws javax.servlet.ServletException,
IOException
Attempts to obtain and run as a JAAS Subject using
obtainSubject(ServletRequest).
If the Subject is null and createEmptySubject is
true, an empty, writeable Subject is used. This allows
for the Subject to be populated at the time of login. If the
Subject is null, the FilterChain continues
with no additional processing. If the Subject is not null
, the FilterChain is ran with
Subject.doAs(Subject, PrivilegedExceptionAction) in conjunction with the
Subject obtained.
javax.servlet.ServletExceptionIOExceptionprotected Subject obtainSubject(javax.servlet.ServletRequest request)
Obtains the Subject to run as or null if no
Subject is available.
The default implementation attempts to obtain the Subject from the
SecurityContext's Authentication. If it is of type
JaasAuthenticationToken and is authenticated, the Subject
is returned from it. Otherwise, null is returned.
request - the current ServletRequestnull if no Subject is
available.public final void setCreateEmptySubject(boolean createEmptySubject)
createEmptySubject. If the value is true, and
obtainSubject(ServletRequest) returns null, an empty,
writeable Subject is created instead. Otherwise no
Subject is used. The default is false.createEmptySubject - the new value