Class NuxeoAuthenticationFilter
- java.lang.Object
-
- org.nuxeo.ecm.platform.ui.web.auth.NuxeoAuthenticationFilter
-
- All Implemented Interfaces:
javax.servlet.Filter
public class NuxeoAuthenticationFilter extends Object implements javax.servlet.Filter
Servlet filter handling Nuxeo authentication (JAAS + EJB).Also handles logout and identity switch.
- Author:
- Thierry Delprat, Bogdan Stefanescu, Anahide Tchertchian, Florent Guillaume
-
-
Field Summary
Fields Modifier and Type Field Description protected io.dropwizard.metrics5.Counter
concurrentCount
protected io.dropwizard.metrics5.Counter
concurrentMaxCount
protected static String
CONVERSATION_ID
The Seam conversation id query parameter.static String
DEFAULT_START_PAGE
Deprecated.Since 8.4.protected static Principal
DIRECTORY_ERROR_PRINCIPAL
Used internally as a marker.protected static String
INDEX_JSP
protected static String
LOGIN_CATEGORY
static String
LOGIN_DOMAIN
LoginContext domain name in use by default in Nuxeo.protected io.dropwizard.metrics5.Counter
loginCount
protected io.dropwizard.metrics5.MetricRegistry
registry
protected io.dropwizard.metrics5.Timer
requestTimer
protected PluggableAuthenticationService
service
protected static String
SLASH_INDEX_JSP
protected List<String>
unAuthenticatedURLPrefix
protected ReentrantReadWriteLock
unAuthenticatedURLPrefixLock
protected static String
XMLHTTP_REQUEST_TYPE
-
Constructor Summary
Constructors Constructor Description NuxeoAuthenticationFilter()
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description protected void
buildUnauthorizedResponse(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse resp)
protected boolean
bypassAuth(javax.servlet.http.HttpServletRequest httpRequest)
protected static NuxeoPrincipal
createPrincipal(String username)
Creates a principal without checking authentication.void
destroy()
protected Principal
doAuthenticate(CachableUserIdentificationInfo cachableUserIdent, javax.servlet.http.HttpServletRequest httpRequest)
void
doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain)
void
doFilterInternal(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain)
protected void
doInitIfNeeded()
protected String
getAnonymousId()
NuxeoAuthenticationPlugin
getAuthenticator(CachableUserIdentificationInfo ci)
protected String
getLogoutRedirectURL(String callbackURL, String baseURL, Map<String,String> parameters)
protected Principal
getPrincipalCheckingAuth(UserIdentificationInfo userIdent, javax.servlet.http.HttpServletRequest request)
Creates a principal, checking authentication from the UserIdentificationInfo credentials.protected static String
getRequestedPage(javax.servlet.http.HttpServletRequest httpRequest)
static String
getRequestedPage(javax.servlet.ServletRequest request)
static String
getRequestedUrl(javax.servlet.http.HttpServletRequest request)
The requested URL is like the requested page BUT is not decoded AND also includes the query string (except without conversation id).protected static String
getSavedRequestedURL(javax.servlet.http.HttpServletRequest httpRequest, javax.servlet.http.HttpServletResponse httpResponse)
protected boolean
handleLogin(javax.servlet.http.HttpServletRequest httpRequest, javax.servlet.http.HttpServletResponse httpResponse)
protected boolean
handleLoginPrompt(javax.servlet.http.HttpServletRequest httpRequest, javax.servlet.http.HttpServletResponse httpResponse)
protected boolean
handleLogout(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, CachableUserIdentificationInfo cachedUserInfo)
protected UserIdentificationInfo
handleRetrieveIdentity(javax.servlet.http.HttpServletRequest httpRequest, javax.servlet.http.HttpServletResponse httpResponse)
void
init(javax.servlet.FilterConfig config)
protected void
initUnAuthenticatedURLPrefix()
protected boolean
isCallbackURLValid(String callbackURL, String baseURL)
protected boolean
isStartPageValid(String startPage)
protected boolean
logAuthenticationAttempt(UserIdentificationInfo userInfo, boolean success)
static NuxeoLoginContext
loginAs(String username)
Does a forced login as the given user.protected boolean
logLogout(UserIdentificationInfo userInfo)
protected boolean
needSessionSaving(UserIdentificationInfo userInfo)
protected static CachableUserIdentificationInfo
retrieveIdentityFromCache(javax.servlet.http.HttpServletRequest httpRequest)
boolean
saveRequestedURLBeforeRedirect(javax.servlet.http.HttpServletRequest httpRequest, javax.servlet.http.HttpServletResponse httpResponse)
Save requested URL before redirecting to login form.protected static boolean
sendAuthenticationEvent(UserIdentificationInfo userInfo, String eventId, String comment)
protected boolean
switchUser(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain)
-
-
-
Field Detail
-
DEFAULT_START_PAGE
@Deprecated public static final String DEFAULT_START_PAGE
Deprecated.Since 8.4. UseLoginScreenHelper.getStartupPagePath()
instead.- See Also:
LoginScreenHelper
, Constant Field Values
-
LOGIN_DOMAIN
public static final String LOGIN_DOMAIN
LoginContext domain name in use by default in Nuxeo.- See Also:
- Constant Field Values
-
XMLHTTP_REQUEST_TYPE
protected static final String XMLHTTP_REQUEST_TYPE
- See Also:
- Constant Field Values
-
LOGIN_CATEGORY
protected static final String LOGIN_CATEGORY
- See Also:
- Constant Field Values
-
DIRECTORY_ERROR_PRINCIPAL
protected static final Principal DIRECTORY_ERROR_PRINCIPAL
Used internally as a marker.
-
INDEX_JSP
protected static final String INDEX_JSP
- See Also:
- Constant Field Values
-
SLASH_INDEX_JSP
protected static final String SLASH_INDEX_JSP
- See Also:
- Constant Field Values
-
CONVERSATION_ID
protected static final String CONVERSATION_ID
The Seam conversation id query parameter.- See Also:
- Constant Field Values
-
service
protected volatile PluggableAuthenticationService service
-
unAuthenticatedURLPrefixLock
protected ReentrantReadWriteLock unAuthenticatedURLPrefixLock
-
unAuthenticatedURLPrefix
protected List<String> unAuthenticatedURLPrefix
-
registry
protected final io.dropwizard.metrics5.MetricRegistry registry
-
requestTimer
protected final io.dropwizard.metrics5.Timer requestTimer
-
concurrentCount
protected final io.dropwizard.metrics5.Counter concurrentCount
-
concurrentMaxCount
protected final io.dropwizard.metrics5.Counter concurrentMaxCount
-
loginCount
protected final io.dropwizard.metrics5.Counter loginCount
-
-
Constructor Detail
-
NuxeoAuthenticationFilter
public NuxeoAuthenticationFilter()
-
-
Method Detail
-
destroy
public void destroy()
- Specified by:
destroy
in interfacejavax.servlet.Filter
-
sendAuthenticationEvent
protected static boolean sendAuthenticationEvent(UserIdentificationInfo userInfo, String eventId, String comment)
-
logAuthenticationAttempt
protected boolean logAuthenticationAttempt(UserIdentificationInfo userInfo, boolean success)
-
logLogout
protected boolean logLogout(UserIdentificationInfo userInfo)
-
doAuthenticate
protected Principal doAuthenticate(CachableUserIdentificationInfo cachableUserIdent, javax.servlet.http.HttpServletRequest httpRequest)
-
switchUser
protected boolean switchUser(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain) throws IOException
- Throws:
IOException
-
doFilter
public void doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain) throws IOException, javax.servlet.ServletException
- Specified by:
doFilter
in interfacejavax.servlet.Filter
- Throws:
IOException
javax.servlet.ServletException
-
doFilterInternal
public void doFilterInternal(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain) throws IOException, javax.servlet.ServletException
- Throws:
IOException
javax.servlet.ServletException
-
getAuthenticator
public NuxeoAuthenticationPlugin getAuthenticator(CachableUserIdentificationInfo ci)
-
retrieveIdentityFromCache
protected static CachableUserIdentificationInfo retrieveIdentityFromCache(javax.servlet.http.HttpServletRequest httpRequest)
-
getAnonymousId
protected String getAnonymousId()
-
doInitIfNeeded
protected void doInitIfNeeded() throws javax.servlet.ServletException
- Throws:
javax.servlet.ServletException
-
init
public void init(javax.servlet.FilterConfig config) throws javax.servlet.ServletException
- Specified by:
init
in interfacejavax.servlet.Filter
- Throws:
javax.servlet.ServletException
-
saveRequestedURLBeforeRedirect
public boolean saveRequestedURLBeforeRedirect(javax.servlet.http.HttpServletRequest httpRequest, javax.servlet.http.HttpServletResponse httpResponse)
Save requested URL before redirecting to login form.Returns true if target url is a valid startup page.
-
getRequestedUrl
public static String getRequestedUrl(javax.servlet.http.HttpServletRequest request)
The requested URL is like the requested page BUT is not decoded AND also includes the query string (except without conversation id).
-
getSavedRequestedURL
protected static String getSavedRequestedURL(javax.servlet.http.HttpServletRequest httpRequest, javax.servlet.http.HttpServletResponse httpResponse)
-
isStartPageValid
protected boolean isStartPageValid(String startPage)
-
handleLogout
protected boolean handleLogout(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, CachableUserIdentificationInfo cachedUserInfo) throws javax.servlet.ServletException
- Throws:
javax.servlet.ServletException
-
getLogoutRedirectURL
protected String getLogoutRedirectURL(String callbackURL, String baseURL, Map<String,String> parameters)
- Since:
- 10.3
-
isCallbackURLValid
protected boolean isCallbackURLValid(String callbackURL, String baseURL)
- Since:
- 10.3
-
initUnAuthenticatedURLPrefix
protected void initUnAuthenticatedURLPrefix()
-
bypassAuth
protected boolean bypassAuth(javax.servlet.http.HttpServletRequest httpRequest)
-
getRequestedPage
public static String getRequestedPage(javax.servlet.ServletRequest request)
-
getRequestedPage
protected static String getRequestedPage(javax.servlet.http.HttpServletRequest httpRequest)
-
handleLoginPrompt
protected boolean handleLoginPrompt(javax.servlet.http.HttpServletRequest httpRequest, javax.servlet.http.HttpServletResponse httpResponse)
-
handleLogin
protected boolean handleLogin(javax.servlet.http.HttpServletRequest httpRequest, javax.servlet.http.HttpServletResponse httpResponse)
-
buildUnauthorizedResponse
protected void buildUnauthorizedResponse(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse resp)
-
handleRetrieveIdentity
protected UserIdentificationInfo handleRetrieveIdentity(javax.servlet.http.HttpServletRequest httpRequest, javax.servlet.http.HttpServletResponse httpResponse)
-
needSessionSaving
protected boolean needSessionSaving(UserIdentificationInfo userInfo)
-
loginAs
public static NuxeoLoginContext loginAs(String username) throws LoginException
Does a forced login as the given user. Bypasses all authentication checks.- Parameters:
username
- the user name- Returns:
- the login context, which MUST be used for logout in a
finally
block - Throws:
LoginException
-
createPrincipal
protected static NuxeoPrincipal createPrincipal(String username) throws LoginException
Creates a principal without checking authentication.- Throws:
LoginException
- Since:
- 11.1
-
getPrincipalCheckingAuth
protected Principal getPrincipalCheckingAuth(UserIdentificationInfo userIdent, javax.servlet.http.HttpServletRequest request)
Creates a principal, checking authentication from the UserIdentificationInfo credentials.- Since:
- 11.1
-
-