waffle.spring

Class DelegatingNegotiateSecurityFilter

java.lang.Object

org.springframework.web.filter.GenericFilterBean

waffle.spring.NegotiateSecurityFilter

waffle.spring.DelegatingNegotiateSecurityFilter

All Implemented Interfaces:

javax.servlet.Filter, org.springframework.beans.factory.Aware, org.springframework.beans.factory.BeanNameAware, org.springframework.beans.factory.DisposableBean, org.springframework.beans.factory.InitializingBean, org.springframework.context.EnvironmentAware, org.springframework.core.env.EnvironmentCapable, org.springframework.web.context.ServletContextAware

public class DelegatingNegotiateSecurityFilter
extends NegotiateSecurityFilter

Supports optional injection of spring security entities, allowing Waffle to act as an interface towards an identity provider(the AD).

Below mentioned entities are verified to be set before invoked, inherited entities are not.

• The AuthenticationManager allows for the service provider to authorize the principal.
• The authenticationSuccessHandler allows for the service provider to further populate the Authentication object.
• The AuthenticationFailureHandler is called if the AuthenticationManager throws an AuthenticationException.
• The AccessDeniedHandler is called if the AuthenticationManager throws an AccessDeniedException.

Example configuration:

 
 <bean id="waffleNegotiateSecurityFilter"
      class="waffle.spring.DelegatingNegotiateSecurityFilter"
      scope="tenant">
      <property name="allowGuestLogin" value="false" />
      <property name="Provider" ref="waffleSecurityFilterProviderCollection" />
      <property name="authenticationManager" ref="authenticationManager" />
      <property name="authenticationSuccessHandler" ref="authenticationSuccessHandler" />
      <property name="authenticationFailureHandler" ref="authenticationFailureHandler" />
      <property name="accessDeniedHandler" ref="accessDeniedHandler" />
      <property name="defaultGrantedAuthority">
          <null />
      </property>
 </bean>
 
 

Field Summary

Fields inherited from class org.springframework.web.filter.GenericFilterBean

logger

Constructor Summary

Constructors

Constructor and Description
DelegatingNegotiateSecurityFilter() Instantiates a new delegating negotiate security filter.

Method Summary

Modifier and Type	Method and Description
void	afterPropertiesSet()
org.springframework.security.web.access.AccessDeniedHandler	getAccessDeniedHandler() Gets the access denied handler.
org.springframework.security.web.authentication.AuthenticationFailureHandler	getAuthenticationFailureHandler() Gets the authentication failure handler.
org.springframework.security.authentication.AuthenticationManager	getAuthenticationManager() Gets the authentication manager.
org.springframework.security.web.authentication.AuthenticationSuccessHandler	getAuthenticationSuccessHandler() Gets the authentication success handler.
void	setAccessDeniedHandler(org.springframework.security.web.access.AccessDeniedHandler value) Sets the access denied handler.
protected boolean	setAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, org.springframework.security.core.Authentication authentication) Invoked when authentication towards ad was succesful to populate securitycontext Override to add service provider authorization checks.
void	setAuthenticationFailureHandler(org.springframework.security.web.authentication.AuthenticationFailureHandler value) Sets the authentication failure handler.
void	setAuthenticationManager(org.springframework.security.authentication.AuthenticationManager value) Sets the authentication manager.
void	setAuthenticationSuccessHandler(org.springframework.security.web.authentication.AuthenticationSuccessHandler value) Sets the authentication success handler.

Methods inherited from class waffle.spring.NegotiateSecurityFilter

doFilter, getDefaultGrantedAuthority, getGrantedAuthorityFactory, getPrincipalFormat, getProvider, getRoleFormat, isAllowGuestLogin, isImpersonate, sendUnauthorized, setAllowGuestLogin, setDefaultGrantedAuthority, setGrantedAuthorityFactory, setImpersonate, setPrincipalFormat, setPrincipalFormatEnum, setProvider, setRoleFormat, setRoleFormatEnum

Methods inherited from class org.springframework.web.filter.GenericFilterBean

addRequiredProperty, createEnvironment, destroy, getEnvironment, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

DelegatingNegotiateSecurityFilter

public DelegatingNegotiateSecurityFilter()

Instantiates a new delegating negotiate security filter.

Method Detail

getAccessDeniedHandler

public org.springframework.security.web.access.AccessDeniedHandler getAccessDeniedHandler()

Gets the access denied handler.

Returns:

the accessDeniedHandler

setAccessDeniedHandler

public void setAccessDeniedHandler(org.springframework.security.web.access.AccessDeniedHandler value)

Sets the access denied handler.

Parameters:

value - the accessDeniedHandler to set

getAuthenticationFailureHandler

public org.springframework.security.web.authentication.AuthenticationFailureHandler getAuthenticationFailureHandler()

Gets the authentication failure handler.

Returns:

the authenticationFailureHandler

setAuthenticationFailureHandler

public void setAuthenticationFailureHandler(org.springframework.security.web.authentication.AuthenticationFailureHandler value)

Sets the authentication failure handler.

Parameters:

value - the authenticationFailureHandler to set

setAuthentication

protected boolean setAuthentication(javax.servlet.http.HttpServletRequest request,
                                    javax.servlet.http.HttpServletResponse response,
                                    org.springframework.security.core.Authentication authentication)

Description copied from class: NegotiateSecurityFilter

Invoked when authentication towards ad was succesful to populate securitycontext Override to add service provider authorization checks.

Overrides:

setAuthentication in class NegotiateSecurityFilter

Parameters:

request - the request

response - the response

authentication - the authentication

Returns:

true, if successful

afterPropertiesSet

public void afterPropertiesSet()
                        throws javax.servlet.ServletException

Specified by:

afterPropertiesSet in interface org.springframework.beans.factory.InitializingBean

Overrides:

afterPropertiesSet in class NegotiateSecurityFilter

Throws:

javax.servlet.ServletException

getAuthenticationSuccessHandler

public org.springframework.security.web.authentication.AuthenticationSuccessHandler getAuthenticationSuccessHandler()

Gets the authentication success handler.

Returns:

the authenticationSuccessHandler

setAuthenticationSuccessHandler

public void setAuthenticationSuccessHandler(org.springframework.security.web.authentication.AuthenticationSuccessHandler value)

Sets the authentication success handler.

Parameters:

value - the authenticationSuccessHandler to set

getAuthenticationManager

public org.springframework.security.authentication.AuthenticationManager getAuthenticationManager()

Gets the authentication manager.

Returns:

the authenticationManager

setAuthenticationManager

public void setAuthenticationManager(org.springframework.security.authentication.AuthenticationManager value)

Sets the authentication manager.

Parameters:

value - the authenticationManager to set