waffle.shiro.dynamic

Class DynamicAuthenticationFilter

java.lang.Object

org.apache.shiro.web.servlet.ServletContextSupport

org.apache.shiro.web.servlet.AbstractFilter

org.apache.shiro.web.servlet.NameableFilter

org.apache.shiro.web.servlet.OncePerRequestFilter

org.apache.shiro.web.servlet.AdviceFilter

org.apache.shiro.web.filter.PathMatchingFilter

org.apache.shiro.web.filter.AccessControlFilter

org.apache.shiro.web.filter.authc.AuthenticationFilter

org.apache.shiro.web.filter.authc.AuthenticatingFilter

org.apache.shiro.web.filter.authc.FormAuthenticationFilter

waffle.shiro.dynamic.DynamicAuthenticationFilter

All Implemented Interfaces:

javax.servlet.Filter, org.apache.shiro.util.Nameable, org.apache.shiro.web.filter.PathConfigProcessor

public class DynamicAuthenticationFilter
extends org.apache.shiro.web.filter.authc.FormAuthenticationFilter

When combined with the NegotiateAuthenticationStrategy, this filter can be used to allow a client to choose which authentication filter is used at runtime. This filter assumes the shiro.ini is configured with both the NegotiateAuthenticationRealm and some User/Password Realm like: GroupMappingWaffleRealm. Requires use of NegotiateAuthenticationStrategy when more than one realm is configured in shiro.ini (which should be the case for multiple authentication type options). To use NegotiateAuthenticationRealm, the client must pass the parameter PARAM_NAME_AUTHTYPE with a value of PARAM_VAL_AUTHTYPE_NEGOTIATE. Example shiro.ini snippet below:

  # =======================
  # Shiro INI configuration
  # =======================
 
  [main]
 
  # Setup custom AuthenticationRealm
  waffleRealmSSO = waffle.shiro.negotiate.NegotiateAuthenticationRealm
  waffleUserPass = waffle.shiro.GroupMappingWaffleRealm
  securityManager.realms = $waffleRealmSSO, $waffleUserPass
 
 
  # Use the configured native session manager:
  sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
  securityManager.sessionManager = $sessionManager
 
  # the following call is only necessary in a web-configured ShiroFilter (otherwise
  # a native session manager is already enabled):
  securityManager.sessionMode = native
 
 
  # cookie for single sign on
  cookie = org.apache.shiro.web.servlet.SimpleCookie
  cookie.name = SSOcookie
  cookie.path = /
  securityManager.sessionManager.sessionIdCookie = $cookie
 
 
  authcStrategy = waffle.shiro.negotiate.NegotiateAuthenticationStrategy
  securityManager.authenticator.authenticationStrategy = $authcStrategy
 
  # Waffle filter
  waffleFilter = waffle.shiro.dynamic.DynamicAuthenticationFilter
 
  #Configure filter chains and filter parameters
  authc.loginUrl = /login.jsp
  waffleFilter.loginUrl = /login.jsp
  logout.redirectUrl = login.jsp
 
  ...
 
  [urls]
  # The 'urls' section is used for url-based security
  /logout = logout
  /* = waffleFilter
 
 

Author:

Dan Rollo Date: 2/21/13 Time: 9:08 PM

Field Summary

Fields

Modifier and Type	Field and Description
static String	PARAM_NAME_AUTHTYPE The Constant PARAM_NAME_AUTHTYPE.
static String	PARAM_VAL_AUTHTYPE_NEGOTIATE The Constant PARAM_VAL_AUTHTYPE_NEGOTIATE.

Fields inherited from class org.apache.shiro.web.filter.authc.FormAuthenticationFilter

DEFAULT_ERROR_KEY_ATTRIBUTE_NAME, DEFAULT_PASSWORD_PARAM, DEFAULT_REMEMBER_ME_PARAM, DEFAULT_USERNAME_PARAM

Fields inherited from class org.apache.shiro.web.filter.authc.AuthenticatingFilter

PERMISSIVE

Fields inherited from class org.apache.shiro.web.filter.authc.AuthenticationFilter

DEFAULT_SUCCESS_URL

Fields inherited from class org.apache.shiro.web.filter.AccessControlFilter

DEFAULT_LOGIN_URL, GET_METHOD, POST_METHOD

Fields inherited from class org.apache.shiro.web.filter.PathMatchingFilter

appliedPaths, pathMatcher

Fields inherited from class org.apache.shiro.web.servlet.OncePerRequestFilter

ALREADY_FILTERED_SUFFIX

Fields inherited from class org.apache.shiro.web.servlet.AbstractFilter

filterConfig

Constructor Summary

Constructors

Constructor and Description
DynamicAuthenticationFilter()

Method Summary

Modifier and Type	Method and Description
protected boolean	executeLogin(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response) Call AccessControlFilter.onAccessDenied(javax.servlet.ServletRequest, javax.servlet.ServletResponse) for the user selected authentication type, which performs login logic.

Methods inherited from class org.apache.shiro.web.filter.authc.FormAuthenticationFilter

createToken, getFailureKeyAttribute, getPassword, getPasswordParam, getRememberMeParam, getUsername, getUsernameParam, isLoginSubmission, isRememberMe, onAccessDenied, onLoginFailure, onLoginSuccess, setFailureAttribute, setFailureKeyAttribute, setLoginUrl, setPasswordParam, setRememberMeParam, setUsernameParam

Methods inherited from class org.apache.shiro.web.filter.authc.AuthenticatingFilter

cleanup, createToken, createToken, getHost, isAccessAllowed, isPermissive

Methods inherited from class org.apache.shiro.web.filter.authc.AuthenticationFilter

getSuccessUrl, issueSuccessRedirect, setSuccessUrl

Methods inherited from class org.apache.shiro.web.filter.AccessControlFilter

getLoginUrl, getSubject, isLoginRequest, onAccessDenied, onPreHandle, redirectToLogin, saveRequest, saveRequestAndRedirectToLogin

Methods inherited from class org.apache.shiro.web.filter.PathMatchingFilter

getPathWithinApplication, isEnabled, pathsMatch, pathsMatch, preHandle, processPathConfig

Methods inherited from class org.apache.shiro.web.servlet.AdviceFilter

afterCompletion, doFilterInternal, executeChain, postHandle

Methods inherited from class org.apache.shiro.web.servlet.OncePerRequestFilter

doFilter, getAlreadyFilteredAttributeName, isEnabled, isEnabled, setEnabled, shouldNotFilter

Methods inherited from class org.apache.shiro.web.servlet.NameableFilter

getName, setName, toStringBuilder

Methods inherited from class org.apache.shiro.web.servlet.AbstractFilter

destroy, getFilterConfig, getInitParam, init, onFilterConfigSet, setFilterConfig

Methods inherited from class org.apache.shiro.web.servlet.ServletContextSupport

getContextAttribute, getContextInitParam, getServletContext, removeContextAttribute, setContextAttribute, setServletContext, toString

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

PARAM_NAME_AUTHTYPE

public static final String PARAM_NAME_AUTHTYPE

The Constant PARAM_NAME_AUTHTYPE.

See Also:

Constant Field Values

PARAM_VAL_AUTHTYPE_NEGOTIATE

public static final String PARAM_VAL_AUTHTYPE_NEGOTIATE

The Constant PARAM_VAL_AUTHTYPE_NEGOTIATE.

See Also:

Constant Field Values

Constructor Detail

DynamicAuthenticationFilter

public DynamicAuthenticationFilter()

Method Detail

executeLogin

protected boolean executeLogin(javax.servlet.ServletRequest request,
                               javax.servlet.ServletResponse response)
                        throws Exception

Call AccessControlFilter.onAccessDenied(javax.servlet.ServletRequest, javax.servlet.ServletResponse) for the user selected authentication type, which performs login logic.

Overrides:

executeLogin in class org.apache.shiro.web.filter.authc.AuthenticatingFilter

Throws:

Exception