CrowdSSOAuthenticationProcessingFilter (Atlassian Crowd Spring Security Integration 2.5.0-stash1 API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

com.atlassian.crowd.integration.springsecurity
Class CrowdSSOAuthenticationProcessingFilter

java.lang.Object
  org.springframework.web.filter.GenericFilterBean
      org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
          org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
              com.atlassian.crowd.integration.springsecurity.CrowdSSOAuthenticationProcessingFilter

All Implemented Interfaces:: javax.servlet.Filter, org.springframework.beans.factory.Aware, org.springframework.beans.factory.BeanNameAware, org.springframework.beans.factory.DisposableBean, org.springframework.beans.factory.InitializingBean, org.springframework.context.ApplicationEventPublisherAware, org.springframework.context.EnvironmentAware, org.springframework.context.MessageSourceAware, org.springframework.web.context.ServletContextAware

public class CrowdSSOAuthenticationProcessingFilter
extends org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
extends org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter

The CrowdSSOAuthenticationProcessingFilter is to be used in conjunction with the CrowdAuthenticationProvider to provide SSO authentication. If single sign-on is not required, centralised authentication can still be achieved by using the default AuthenticationProcessingFilter in conjunction with the CrowdAuthenticationProvider.

Author:: Shihab Hamid

Field Summary

Fields inherited from class org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
`SPRING_SECURITY_FORM_PASSWORD_KEY, SPRING_SECURITY_FORM_USERNAME_KEY, SPRING_SECURITY_LAST_USERNAME_KEY`

Fields inherited from class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
`authenticationDetailsSource, eventPublisher, messages, SPRING_SECURITY_LAST_EXCEPTION_KEY`

Fields inherited from class org.springframework.web.filter.GenericFilterBean
`logger`

Constructor Summary
`CrowdSSOAuthenticationProcessingFilter()`

Method Summary
`protected void`	`doSetDetails(javax.servlet.http.HttpServletRequest request, org.springframework.security.authentication.AbstractAuthenticationToken authRequest)`
`protected boolean`	`requiresAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)` This filter will process all requests, however, if the filterProcessesUrl is part of the request URI, the filter will assume the request is a username/password authentication (login) request and will not check for Crowd SSO authentication.
`protected void`	`setDetails(javax.servlet.http.HttpServletRequest request, org.springframework.security.authentication.UsernamePasswordAuthenticationToken authRequest)` Provided so that subclasses may configure what is put into the authentication request's details property.
`void`	`setHttpAuthenticator(HttpAuthenticator httpAuthenticator)` Mandatory dependency.
`void`	`setLoginUrlAuthenticationEntryPoint(org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint filterEntryPoint)` Optional dependency, only required if multiple Crowd applications are coexisting in the same web-application.
`void`	`setRequestToApplicationMapper(RequestToApplicationMapper requestToApplicationMapper)` Optional dependency.
`protected void`	`successfulAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, org.springframework.security.core.Authentication authResult)` Attempts to write out the successful SSO token to a cookie, if an SSO token was generated and stored via the AuthenticationProvider.
`protected void`	`unsuccessfulAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, org.springframework.security.core.AuthenticationException failed)` Attempts to remove any SSO tokens associated with the request, effectively logging the user out of Crowd.

Methods inherited from class org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
`attemptAuthentication, getPasswordParameter, getUsernameParameter, obtainPassword, obtainUsername, setPasswordParameter, setPostOnly, setUsernameParameter`

Methods inherited from class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
afterPropertiesSet, doFilter, getAllowSessionCreation, getAuthenticationManager, getFailureHandler, getFilterProcessesUrl, getRememberMeServices, getSuccessHandler, setAllowSessionCreation, setApplicationEventPublisher, setAuthenticationDetailsSource, setAuthenticationFailureHandler, setAuthenticationManager, setAuthenticationSuccessHandler, setContinueChainBeforeSuccessfulAuthentication, setFilterProcessesUrl, setMessageSource, setRememberMeServices, setSessionAuthenticationStrategy, successfulAuthentication

Methods inherited from class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

afterPropertiesSet, doFilter, getAllowSessionCreation, getAuthenticationManager, getFailureHandler, getFilterProcessesUrl, getRememberMeServices, getSuccessHandler, setAllowSessionCreation, setApplicationEventPublisher, setAuthenticationDetailsSource, setAuthenticationFailureHandler, setAuthenticationManager, setAuthenticationSuccessHandler, setContinueChainBeforeSuccessfulAuthentication, setFilterProcessesUrl, setMessageSource, setRememberMeServices, setSessionAuthenticationStrategy, successfulAuthentication

Methods inherited from class org.springframework.web.filter.GenericFilterBean
`addRequiredProperty, destroy, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext`

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Constructor Detail

CrowdSSOAuthenticationProcessingFilter

public CrowdSSOAuthenticationProcessingFilter()

Method Detail

requiresAuthentication

protected boolean requiresAuthentication(javax.servlet.http.HttpServletRequest request,
                                         javax.servlet.http.HttpServletResponse response)

This filter will process all requests, however, if the filterProcessesUrl is part of the request URI, the filter will assume the request is a username/password authentication (login) request and will not check for Crowd SSO authentication. Authentication will proceed as defined in the AuthenticationProcessingFilter. Otherwise, an authentication request to Crowd will be made to verify any existing Crowd SSO token (via the ProviderManager).

Overrides:: requiresAuthentication in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

Parameters:: request - servlet request containing either username/password paramaters or the Crowd token as a cookie.; response - servlet response to write out cookie.
Returns:: true only if the filterProcessesUrl is in the request URI.

setDetails

protected void setDetails(javax.servlet.http.HttpServletRequest request,
                          org.springframework.security.authentication.UsernamePasswordAuthenticationToken authRequest)

Provided so that subclasses may configure what is put into the authentication request's details property. Sets the validation factors from the HttpServletRequest on the authentication request. Also sets the application name to the name of application responsible for authorising a particular request. For single-crowd-application-per-spring-security-context web apps, this will just return the application name specified in the ClientProperties. For multi-crowd-applications-per-spring-security-context web apps, the requestToApplicationMapper will be used to determine the application name.

Overrides:: setDetails in class org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter

Parameters:: request - that an authentication request is being created for; authRequest - the authentication request object that should have its details set

doSetDetails

protected void doSetDetails(javax.servlet.http.HttpServletRequest request,
                            org.springframework.security.authentication.AbstractAuthenticationToken authRequest)

successfulAuthentication

protected void successfulAuthentication(javax.servlet.http.HttpServletRequest request,
                                        javax.servlet.http.HttpServletResponse response,
                                        org.springframework.security.core.Authentication authResult)
                                 throws IOException,
                                        javax.servlet.ServletException

Attempts to write out the successful SSO token to a cookie, if an SSO token was generated and stored via the AuthenticationProvider. This effectively establishes SSO when using the CrowdAuthenticationProvider in conjunction with this filter.

Overrides:: successfulAuthentication in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

Parameters:: request - servlet request.; response - servlet response.; authResult - result of a successful authentication. If it is a CrowdSSOAuthenticationToken then the SSO token will be set to the "credentials" property.
Throws:: IOException - not thrown.; javax.servlet.ServletException

unsuccessfulAuthentication

protected void unsuccessfulAuthentication(javax.servlet.http.HttpServletRequest request,
                                          javax.servlet.http.HttpServletResponse response,
                                          org.springframework.security.core.AuthenticationException failed)
                                   throws IOException,
                                          javax.servlet.ServletException

Attempts to remove any SSO tokens associated with the request, effectively logging the user out of Crowd.

Overrides:: unsuccessfulAuthentication in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

Parameters:: request - servlet request.; response - servlet response.; failed - not required.
Throws:: IOException - not thrown.; javax.servlet.ServletException

setHttpAuthenticator

public void setHttpAuthenticator(HttpAuthenticator httpAuthenticator)

Mandatory dependency.

Parameters:: httpAuthenticator - used to extract validation factors, set cookies and perform logouts.

setRequestToApplicationMapper

public void setRequestToApplicationMapper(RequestToApplicationMapper requestToApplicationMapper)

Optional dependency.

Parameters:: requestToApplicationMapper - only required if multiple Crowd "applications" need to be accessed via the same Spring Security context, eg. when one web-application corresponds to multiple Crowd "applications".

setLoginUrlAuthenticationEntryPoint

public void setLoginUrlAuthenticationEntryPoint(org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint filterEntryPoint)

Optional dependency, only required if multiple Crowd applications are coexisting in the same web-application. Used to discover the login page, through and treat it specially.