SecurityContextFilter (SCAM and Scam Portfolio API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

se.kmr.scam.client.http.filter
Class SecurityContextFilter

java.lang.Object
  se.kmr.scam.client.http.filter.SecurityContextFilter

All Implemented Interfaces:: Filter

public class SecurityContextFilter
extends Object
implements Filter

Filter that assures that servlets will execute in the security context of the user that sent the request. This is achieved by doing a (temporary) JAAS login and is based on the assumption that a proper JAAS login module is configured; i.e. one that initializes the implementation dependent security context. For JBoss, this is the ClientLoginModule.
The JAAS application name (i.e. name of JAAS configuration that must be used) can be set using the filter init parameter jaas-application. For JBoss, this is the name of the application-policy configured in the login-config.xml; it should be something like

   <application-policy name = "client-login">
      <authentication>
         <login-module code = "org.jboss.security.ClientLoginModule"
            flag = "required">
         </login-module>
      </authentication>
   </application-policy>

This implementation assumes that the user is stored in a UserBean.

Author:: jand

Nested Class Summary
`class`	`SecurityContextFilter.UsernamePasswordHandler` Simple JAAS callback handler that can handle NameCallback and PasswordCallback.

Field Summary
`protected SecurityContextFilter.UsernamePasswordHandler`	`callbackHandler` the jaas callbackhandler
`static String`	`JAAS_APPL_DEFAULT`
`static String`	`JAAS_APPL_PARAM_NAME`
`protected String`	`jaasApplicationName` The name of the JAAS application, the key for finding the JAAS module configuration (e.g. in an auth.conf file).
`protected LoginContext`	`loginCtx` the login context used for the login and logout operations

Constructor Summary
`SecurityContextFilter()`

Method Summary
`void`	`destroy()` Destroys the filter.
`void`	`doFilter(ServletRequest request, ServletResponse response, FilterChain chain)` Performs a temporary JAAS login for the duration of the request.
`void`	`init(FilterConfig config)` Initializes the filter.
`protected void`	`jaasLogin(String username, String password)` Performs a JAAS login based on the JAAS configuration set in the init method.
`protected void`	`jaasLogout()` Performs a JAAS logout.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

JAAS_APPL_DEFAULT

public static final String JAAS_APPL_DEFAULT

See Also:: Constant Field Values

JAAS_APPL_PARAM_NAME

public static final String JAAS_APPL_PARAM_NAME

See Also:: Constant Field Values

jaasApplicationName

protected String jaasApplicationName

The name of the JAAS application, the key for finding the JAAS module configuration (e.g. in an auth.conf file). In JBoss this matches the security domain name in the login-config.xml file.

loginCtx

protected LoginContext loginCtx

the login context used for the login and logout operations

callbackHandler

protected SecurityContextFilter.UsernamePasswordHandler callbackHandler

the jaas callbackhandler

Constructor Detail