org.acegisecurity.ui.webapp
Class SiteminderAuthenticationProcessingFilter

java.lang.Object
  extended by org.acegisecurity.ui.AbstractProcessingFilter
      extended by org.acegisecurity.ui.webapp.AuthenticationProcessingFilter
          extended by org.acegisecurity.ui.webapp.SiteminderAuthenticationProcessingFilter
All Implemented Interfaces:
javax.servlet.Filter, org.springframework.beans.factory.InitializingBean, org.springframework.context.ApplicationEventPublisherAware, org.springframework.context.MessageSourceAware

public class SiteminderAuthenticationProcessingFilter
extends AuthenticationProcessingFilter

Extends Acegi's AuthenticationProcessingFilter to pick up CA/Netegrity Siteminder headers.

Also provides a backup form-based authentication and the ability set source key names.

Siteminder must present two headers to this filter, a username and password. You must set the header keys before this filter is used for authentication, otherwise Siteminder checks will be skipped. If the Siteminder check is unsuccessful (i.e. if the headers are not found), then the form parameters will be checked (see next paragraph). This allows applications to optionally function even when their Siteminder infrastructure is unavailable, as is often the case during development.

Login forms must present two parameters to this filter: a username and password. If not specified, the parameter names to use are contained in the static fields AuthenticationProcessingFilter.ACEGI_SECURITY_FORM_USERNAME_KEY and AuthenticationProcessingFilter.ACEGI_SECURITY_FORM_PASSWORD_KEY.

Do not use this class directly. Instead, configure web.xml to use the FilterToBeanProxy.


Field Summary
 
Fields inherited from class org.acegisecurity.ui.webapp.AuthenticationProcessingFilter
ACEGI_SECURITY_FORM_PASSWORD_KEY, ACEGI_SECURITY_FORM_USERNAME_KEY, ACEGI_SECURITY_LAST_USERNAME_KEY
 
Fields inherited from class org.acegisecurity.ui.AbstractProcessingFilter
ACEGI_SAVED_REQUEST_KEY, ACEGI_SECURITY_LAST_EXCEPTION_KEY, authenticationDetailsSource, eventPublisher, messages
 
Constructor Summary
SiteminderAuthenticationProcessingFilter()
          Basic constructor.
 
Method Summary
 Authentication attemptAuthentication(javax.servlet.http.HttpServletRequest request)
          Performs actual authentication.
 java.lang.String getFormPasswordParameterKey()
          Returns the form password parameter key.
 java.lang.String getFormUsernameParameterKey()
          Returns the form username parameter key.
 java.lang.String getSiteminderPasswordHeaderKey()
          Returns the Siteminder password header key.
 java.lang.String getSiteminderUsernameHeaderKey()
          Returns the Siteminder username header key.
protected  java.lang.String obtainPassword(javax.servlet.http.HttpServletRequest request)
          Overridden method to obtain different value depending on whether Siteminder or form validation is being performed.
protected  boolean requiresAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
          Overridden to perform authentication not only on j_security_check, but also on requests for the default target URL when the user isn't already authenticated.
 void setFormPasswordParameterKey(java.lang.String key)
          Sets the form password parameter key.
 void setFormUsernameParameterKey(java.lang.String key)
          Sets the form username parameter key.
 void setSiteminderPasswordHeaderKey(java.lang.String key)
          Sets the Siteminder password header key.
 void setSiteminderUsernameHeaderKey(java.lang.String key)
          Sets the Siteminder username header key.
 
Methods inherited from class org.acegisecurity.ui.webapp.AuthenticationProcessingFilter
getDefaultFilterProcessesUrl, init, obtainUsername, setDetails
 
Methods inherited from class org.acegisecurity.ui.AbstractProcessingFilter
afterPropertiesSet, destroy, determineFailureUrl, determineTargetUrl, doFilter, getAuthenticationDetailsSource, getAuthenticationFailureUrl, getAuthenticationManager, getDefaultTargetUrl, getExceptionMappings, getFilterProcessesUrl, getRememberMeServices, isAlwaysUseDefaultTargetUrl, isContinueChainBeforeSuccessfulAuthentication, obtainFullRequestUrl, onPreAuthentication, onSuccessfulAuthentication, onUnsuccessfulAuthentication, sendRedirect, setAlwaysUseDefaultTargetUrl, setApplicationEventPublisher, setAuthenticationDetailsSource, setAuthenticationFailureUrl, setAuthenticationManager, setBufferSize, setContinueChainBeforeSuccessfulAuthentication, setDefaultTargetUrl, setExceptionMappings, setFilterProcessesUrl, setMessageSource, setRememberMeServices, setUseRelativeContext, successfulAuthentication, unsuccessfulAuthentication
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

SiteminderAuthenticationProcessingFilter

public SiteminderAuthenticationProcessingFilter()
Basic constructor.

Method Detail

attemptAuthentication

public Authentication attemptAuthentication(javax.servlet.http.HttpServletRequest request)
                                     throws AuthenticationException
Description copied from class: AbstractProcessingFilter
Performs actual authentication.

Overrides:
attemptAuthentication in class AuthenticationProcessingFilter
Parameters:
request - from which to extract parameters and perform the authentication
Returns:
the authenticated user
Throws:
AuthenticationException - if authentication fails
See Also:
AbstractProcessingFilter.attemptAuthentication(javax.servlet.http.HttpServletRequest)

getFormPasswordParameterKey

public java.lang.String getFormPasswordParameterKey()
Returns the form password parameter key.

Returns:
The form password parameter key.

getFormUsernameParameterKey

public java.lang.String getFormUsernameParameterKey()
Returns the form username parameter key.

Returns:
The form username parameter key.

getSiteminderPasswordHeaderKey

public java.lang.String getSiteminderPasswordHeaderKey()
Returns the Siteminder password header key.

Returns:
The Siteminder password header key.

getSiteminderUsernameHeaderKey

public java.lang.String getSiteminderUsernameHeaderKey()
Returns the Siteminder username header key.

Returns:
The Siteminder username header key.

obtainPassword

protected java.lang.String obtainPassword(javax.servlet.http.HttpServletRequest request)
Overridden method to obtain different value depending on whether Siteminder or form validation is being performed.

Overrides:
obtainPassword in class AuthenticationProcessingFilter
Parameters:
request - so that request attributes can be retrieved
Returns:
the password that will be presented in the Authentication request token to the AuthenticationManager

requiresAuthentication

protected boolean requiresAuthentication(javax.servlet.http.HttpServletRequest request,
                                         javax.servlet.http.HttpServletResponse response)
Overridden to perform authentication not only on j_security_check, but also on requests for the default target URL when the user isn't already authenticated.

Thank you Paul Garvey for providing a straightforward solution (and code) for this!

Overrides:
requiresAuthentication in class AbstractProcessingFilter
Parameters:
request - as received from the filter chain
response - as received from the filter chain
Returns:
true if the filter should attempt authentication, false otherwise
See Also:
AbstractProcessingFilter.requiresAuthentication(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)

setFormPasswordParameterKey

public void setFormPasswordParameterKey(java.lang.String key)
Sets the form password parameter key.

Parameters:
key - The form password parameter key.

setFormUsernameParameterKey

public void setFormUsernameParameterKey(java.lang.String key)
Sets the form username parameter key.

Parameters:
key - The form username parameter key.

setSiteminderPasswordHeaderKey

public void setSiteminderPasswordHeaderKey(java.lang.String key)
Sets the Siteminder password header key.

Parameters:
key - The Siteminder password header key.

setSiteminderUsernameHeaderKey

public void setSiteminderUsernameHeaderKey(java.lang.String key)
Sets the Siteminder username header key.

Parameters:
key - The Siteminder username header key.


Copyright © 2004-2011 Interface21, Inc. All Rights Reserved.