public class SecurityFilter extends Object implements javax.servlet.Filter
Simple filter implementation which delegates to a list of FilterRules,
evaluating their SecurityFilterRule#setAuthorized(org.camunda.bpm.webapp.impl.security.filter.AppRequest) condition
for the given request.
This filter must be configured using a init-param in the web.xml file. The parameter must be named "configFile" and point to the configuration file located in the servlet context.
| Modifier and Type | Field and Description |
|---|---|
List<SecurityFilterRule> |
filterRules |
| Constructor and Description |
|---|
SecurityFilter() |
| Modifier and Type | Method and Description |
|---|---|
static Authorization |
authorize(String requestMethod,
String requestUri,
List<SecurityFilterRule> filterRules)
Iterate over a number of filter rules and match them against
the specified request.
|
void |
destroy() |
void |
doFilter(javax.servlet.ServletRequest request,
javax.servlet.ServletResponse response,
javax.servlet.FilterChain chain) |
void |
doFilterSecure(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
javax.servlet.FilterChain chain) |
protected String |
getRequestUri(javax.servlet.http.HttpServletRequest request) |
void |
init(javax.servlet.FilterConfig filterConfig) |
protected boolean |
isAuthenticated(javax.servlet.http.HttpServletRequest request) |
protected void |
loadFilterRules(javax.servlet.FilterConfig filterConfig) |
protected void |
sendForbidden(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response) |
protected void |
sendForbiddenApplicationAccess(String application,
javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response) |
protected void |
sendUnauthorized(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response) |
public List<SecurityFilterRule> filterRules
public void doFilter(javax.servlet.ServletRequest request,
javax.servlet.ServletResponse response,
javax.servlet.FilterChain chain)
throws IOException,
javax.servlet.ServletException
doFilter in interface javax.servlet.FilterIOExceptionjavax.servlet.ServletExceptionpublic void doFilterSecure(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
javax.servlet.FilterChain chain)
throws IOException,
javax.servlet.ServletException
IOExceptionjavax.servlet.ServletExceptionpublic void init(javax.servlet.FilterConfig filterConfig)
throws javax.servlet.ServletException
init in interface javax.servlet.Filterjavax.servlet.ServletExceptionpublic void destroy()
destroy in interface javax.servlet.Filterpublic static Authorization authorize(String requestMethod, String requestUri, List<SecurityFilterRule> filterRules)
request - filterRules - AuthorizationStatus for this request matched against all filter rulesprotected void loadFilterRules(javax.servlet.FilterConfig filterConfig)
throws javax.servlet.ServletException
javax.servlet.ServletExceptionprotected void sendForbidden(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
throws IOException
IOExceptionprotected void sendUnauthorized(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
throws IOException
IOExceptionprotected void sendForbiddenApplicationAccess(String application, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws IOException
IOExceptionprotected boolean isAuthenticated(javax.servlet.http.HttpServletRequest request)
protected String getRequestUri(javax.servlet.http.HttpServletRequest request)
Copyright © 2014–2019 camunda services GmbH. All rights reserved.