|
spring-security-web | ||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | ||||||||
java.lang.Objectorg.springframework.web.filter.GenericFilterBean
org.springframework.security.web.jaasapi.JaasApiIntegrationFilter
public class JaasApiIntegrationFilter
A Filter which attempts to obtain a JAAS Subject
and continue the FilterChain running as that
Subject.
By using this Filter in conjunction with Spring's
JaasAuthenticationProvider both Spring's
SecurityContext and a JAAS Subject can be populated
simultaneously. This is useful when integrating with code that requires a
JAAS Subject to be populated.
doFilter(ServletRequest, ServletResponse, FilterChain),
obtainSubject(ServletRequest)| Field Summary |
|---|
| Fields inherited from class org.springframework.web.filter.GenericFilterBean |
|---|
logger |
| Constructor Summary | |
|---|---|
JaasApiIntegrationFilter()
|
|
| Method Summary | |
|---|---|
void |
doFilter(javax.servlet.ServletRequest request,
javax.servlet.ServletResponse response,
javax.servlet.FilterChain chain)
Attempts to obtain and run as a JAAS Subject using
obtainSubject(ServletRequest). |
protected Subject |
obtainSubject(javax.servlet.ServletRequest request)
Obtains the Subject to run as or null if no
Subject is available. |
void |
setCreateEmptySubject(boolean createEmptySubject)
Sets createEmptySubject. |
| Methods inherited from class org.springframework.web.filter.GenericFilterBean |
|---|
addRequiredProperty, afterPropertiesSet, destroy, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setServletContext |
| Methods inherited from class java.lang.Object |
|---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
| Constructor Detail |
|---|
public JaasApiIntegrationFilter()
| Method Detail |
|---|
public final void doFilter(javax.servlet.ServletRequest request,
javax.servlet.ServletResponse response,
javax.servlet.FilterChain chain)
throws javax.servlet.ServletException,
IOException
Attempts to obtain and run as a JAAS Subject using
obtainSubject(ServletRequest).
If the Subject is null and
createEmptySubject is true, an empty, writeable
Subject is used. This allows for the Subject to
be populated at the time of login. If the Subject is
null, the FilterChain continues with no
additional processing. If the Subject is not
null, the FilterChain is ran with
Subject.doAs(Subject, PrivilegedExceptionAction) in conjunction
with the Subject obtained.
javax.servlet.ServletException
IOExceptionprotected Subject obtainSubject(javax.servlet.ServletRequest request)
Obtains the Subject to run as or null if no
Subject is available.
The default implementation attempts to obtain the Subject
from the SecurityContext's Authentication. If
it is of type JaasAuthenticationToken and is authenticated,
the Subject is returned from it. Otherwise,
null is returned.
request - the current ServletRequest
null if no
Subject is available.public final void setCreateEmptySubject(boolean createEmptySubject)
createEmptySubject. If the value is true,
and obtainSubject(ServletRequest) returns null, an
empty, writeable Subject is created instead. Otherwise no
Subject is used. The default is false.
createEmptySubject - the new value
|
spring-security-web | ||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | ||||||||