public class RequestAttributeAuthenticationFilter extends AbstractPreAuthenticatedProcessingFilter
As with most pre-authenticated scenarios, it is essential that the external authentication system is set up correctly as this filter does no authentication whatsoever.
The property principalEnvironmentVariable is the name of the request attribute
that contains the username. It defaults to "REMOTE_USER" for compatibility with WebAuth
and Shibboleth.
If the environment variable is missing from the request,
getPreAuthenticatedPrincipal will throw an exception. You can override this
behaviour by setting the exceptionIfVariableMissing property.
logger| Constructor and Description |
|---|
RequestAttributeAuthenticationFilter() |
| Modifier and Type | Method and Description |
|---|---|
protected Object |
getPreAuthenticatedCredentials(javax.servlet.http.HttpServletRequest request)
Credentials aren't usually applicable, but if a
credentialsEnvironmentVariable is set, this will be read and used as the
credentials value. |
protected Object |
getPreAuthenticatedPrincipal(javax.servlet.http.HttpServletRequest request)
Read and returns the variable named by
principalEnvironmentVariable from
the request. |
void |
setCredentialsEnvironmentVariable(String credentialsEnvironmentVariable) |
void |
setExceptionIfVariableMissing(boolean exceptionIfVariableMissing)
Defines whether an exception should be raised if the principal variable is missing.
|
void |
setPrincipalEnvironmentVariable(String principalEnvironmentVariable) |
afterPropertiesSet, doFilter, getAuthenticationDetailsSource, principalChanged, setApplicationEventPublisher, setAuthenticationDetailsSource, setAuthenticationFailureHandler, setAuthenticationManager, setAuthenticationSuccessHandler, setCheckForPrincipalChanges, setContinueFilterChainOnUnsuccessfulAuthentication, setInvalidateSessionOnPrincipalChange, successfulAuthentication, unsuccessfulAuthenticationaddRequiredProperty, destroy, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContextpublic RequestAttributeAuthenticationFilter()
protected Object getPreAuthenticatedPrincipal(javax.servlet.http.HttpServletRequest request)
principalEnvironmentVariable from
the request.getPreAuthenticatedPrincipal in class AbstractPreAuthenticatedProcessingFilterPreAuthenticatedCredentialsNotFoundException - if the environment variable is
missing and exceptionIfVariableMissing is set to true.protected Object getPreAuthenticatedCredentials(javax.servlet.http.HttpServletRequest request)
credentialsEnvironmentVariable is set, this will be read and used as the
credentials value. Otherwise a dummy value will be used.getPreAuthenticatedCredentials in class AbstractPreAuthenticatedProcessingFilterpublic void setPrincipalEnvironmentVariable(String principalEnvironmentVariable)
public void setCredentialsEnvironmentVariable(String credentialsEnvironmentVariable)
public void setExceptionIfVariableMissing(boolean exceptionIfVariableMissing)
true.exceptionIfVariableMissing - set to false to override the default
behaviour and allow the request to proceed if no variable is found.