Class PentahoBasicProcessingFilter
- java.lang.Object
-
- org.springframework.web.filter.GenericFilterBean
-
- org.springframework.web.filter.OncePerRequestFilter
-
- org.springframework.security.web.authentication.www.BasicAuthenticationFilter
-
- org.pentaho.platform.web.http.security.PentahoBasicProcessingFilter
-
- All Implemented Interfaces:
javax.servlet.Filter
,org.springframework.beans.factory.Aware
,org.springframework.beans.factory.BeanNameAware
,org.springframework.beans.factory.DisposableBean
,org.springframework.beans.factory.InitializingBean
,org.springframework.context.ApplicationEventPublisherAware
,org.springframework.context.EnvironmentAware
,org.springframework.core.env.EnvironmentCapable
,org.springframework.web.context.ServletContextAware
public class PentahoBasicProcessingFilter extends org.springframework.security.web.authentication.www.BasicAuthenticationFilter implements org.springframework.context.ApplicationEventPublisherAware
This class's sole purpose is to defeat the persistence of Basic-Auth credentials in the browser. The mechanism used to accomplish this is to detect an expired (invalid) HttpSession from the client. If the first request after a session becomes invalid is a Basic-Auth request, we automatically deny, forcing reauthentication. The second path is if the first request after session invalidation is not a basic-auth (user manually logged out and was presented with the login page), we drop a cookie in the response noting the event. The next request with Basic-Auth and a valid HttpSession checks for this cookie and if present, forces reauthentication. User: nbaker Date: 8/15/13
-
-
Constructor Summary
Constructors Constructor Description PentahoBasicProcessingFilter(org.springframework.security.authentication.AuthenticationManager authenticationManager, org.springframework.security.web.AuthenticationEntryPoint authenticationEntryPoint)
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description protected static void
configureSessionFlushedCookie(javax.servlet.http.Cookie cookie, javax.servlet.http.HttpServletRequest request, int maxAge)
protected javax.servlet.http.Cookie
createSessionFlushedCookie(javax.servlet.http.HttpServletRequest request)
void
doFilterInternal(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, javax.servlet.FilterChain chain)
protected boolean
isBasicAuthRequest(javax.servlet.http.HttpServletRequest request)
protected void
onSuccessfulAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, org.springframework.security.core.Authentication authResult)
void
setApplicationEventPublisher(org.springframework.context.ApplicationEventPublisher applicationEventPublisher)
-
Methods inherited from class org.springframework.security.web.authentication.www.BasicAuthenticationFilter
afterPropertiesSet, getAuthenticationEntryPoint, getAuthenticationManager, getCredentialsCharset, isIgnoreFailure, onUnsuccessfulAuthentication, setAuthenticationDetailsSource, setCredentialsCharset, setRememberMeServices, setSecurityContextHolderStrategy, setSecurityContextRepository
-
Methods inherited from class org.springframework.web.filter.OncePerRequestFilter
doFilter, doFilterNestedErrorDispatch, getAlreadyFilteredAttributeName, isAsyncDispatch, isAsyncStarted, shouldNotFilter, shouldNotFilterAsyncDispatch, shouldNotFilterErrorDispatch
-
-
-
-
Method Detail
-
setApplicationEventPublisher
public void setApplicationEventPublisher(org.springframework.context.ApplicationEventPublisher applicationEventPublisher)
- Specified by:
setApplicationEventPublisher
in interfaceorg.springframework.context.ApplicationEventPublisherAware
-
doFilterInternal
public void doFilterInternal(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, javax.servlet.FilterChain chain) throws IOException, javax.servlet.ServletException
- Overrides:
doFilterInternal
in classorg.springframework.security.web.authentication.www.BasicAuthenticationFilter
- Throws:
IOException
javax.servlet.ServletException
-
onSuccessfulAuthentication
protected void onSuccessfulAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, org.springframework.security.core.Authentication authResult) throws IOException
- Overrides:
onSuccessfulAuthentication
in classorg.springframework.security.web.authentication.www.BasicAuthenticationFilter
- Throws:
IOException
-
isBasicAuthRequest
protected boolean isBasicAuthRequest(@NonNull javax.servlet.http.HttpServletRequest request)
-
createSessionFlushedCookie
@NonNull protected javax.servlet.http.Cookie createSessionFlushedCookie(@NonNull javax.servlet.http.HttpServletRequest request)
-
configureSessionFlushedCookie
protected static void configureSessionFlushedCookie(@NonNull javax.servlet.http.Cookie cookie, @NonNull javax.servlet.http.HttpServletRequest request, int maxAge)
-
-