Class ProxyTrustingFilter
- java.lang.Object
-
- org.pentaho.platform.web.http.filters.ProxyTrustingFilter
-
- All Implemented Interfaces:
javax.servlet.Filter
public class ProxyTrustingFilter extends Object implements javax.servlet.Filter
This servlet is used to filter Servlet requests coming from another server for processing and sets authentication for the user passed in by the parameter _TRUST_USER_. It will conditionally look for the parameter in the HTTP Header too. It then passes the request down the servlet chain to be serviced. Only requests coming from a trusted host will be authenticated. Implement the filter and setup the trusted hosts by editing the web.xml file as follows.<filter> <filter-name>ProxyTrustingFilter</filter-name> <filter-class>org.pentaho.platform.web.http.filters.ProxyTrustingFilter</filter-class> <init-param> <param-name>TrustedIpAddrs</param-name> <param-value>192.168.10.60,192.168.10.61</param-value> </init-param> </filter>
In the above example, when a request coming from IP addresses 192.168.10.60 and 192.168.10.61 has the parameter _TRUST_USER_=name set, that user name will be authenticated.
An additional parameter, _TRUST_LOCALE_OVERRIDE_, and, optionally, header, can be specified containing a locale override that the user session should use.
NOTES:
It is easy to spoof the URL or IP address so this technique should only be used if the server running the filter is not accessible to users. For example if the BI Platform is hosted in a DMZ.
For this class to be useful, both Pentaho servers should be using the same database repository.
The sending server should be using the ProxyServlet enabled to generate the requests.
The user and locale parameters that this filter looks for can be configured in the init parameters, as well as whether to check the request headers.
The following shows the defaults used if these settings aren't provided.
<init-param> <param-name>CheckHeader</param-name> <param-value>true</param-value> </init-param> <init-param> <param-name>RequestParameterName</param-name> <param-value>_TRUST_USER_</param-value> </init-param> <init-param> <param-name>HeaderName</param-name> <param-value>_TRUST_USER_</param-value> </init-param> <init-param> <init-param> <param-name>LocaleOverrideParameterName</param-name> <param-value>_TRUST_LOCALE_OVERRIDE_</param-value> </init-param> <init-param> <param-name>LocaleOverrideHeaderName</param-name> <param-value>_TRUST_LOCALE_OVERRIDE_</param-value> </init-param>
- Author:
- Doug Moran
- See Also:
ProxyServlet
-
-
Constructor Summary
Constructors Constructor Description ProxyTrustingFilter()
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description protected void
becomeUser(String principalName)
protected boolean
checkHeader()
void
destroy()
void
doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain)
protected void
doFilterCore(javax.servlet.http.HttpServletRequest request, String name)
protected String
getHeaderName()
protected String
getLocaleOverrideHeaderName()
Gets the name of the request header that will contain the trusted locale overrideprotected String
getLocaleOverrideParameterName()
Gets the name of the request parameter that will contain the trusted locale override.org.apache.commons.logging.Log
getLogger()
protected String
getParameterName()
protected String
getTrustLocaleOverrideCode(javax.servlet.http.HttpServletRequest request)
Gets the trusted locale code override from the request, and optionally from the HTTP header.protected String
getTrustUser(javax.servlet.http.HttpServletRequest request)
Gets the trusted user from the request, and optionally from the HTTP Headervoid
init(javax.servlet.FilterConfig filterConfiguration)
protected void
initParameterCheckHeader()
protected void
initParameterLocaleOverride()
protected void
initParameterTrustedIpAddresses()
protected void
initParameterUser()
boolean
isEmpty(String str)
static void
main(String[] args)
protected String
normalizeHeaderName(String in)
protected void
setSystemLocaleOverrideCode(String localeOverrideCode)
Sets the system's locale override.
-
-
-
Method Detail
-
getLogger
public org.apache.commons.logging.Log getLogger()
-
init
public void init(javax.servlet.FilterConfig filterConfiguration) throws javax.servlet.ServletException
- Specified by:
init
in interfacejavax.servlet.Filter
- Throws:
javax.servlet.ServletException
-
initParameterTrustedIpAddresses
protected void initParameterTrustedIpAddresses()
-
initParameterCheckHeader
protected void initParameterCheckHeader()
-
initParameterUser
protected void initParameterUser()
-
initParameterLocaleOverride
protected void initParameterLocaleOverride()
-
doFilter
public void doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain) throws IOException, javax.servlet.ServletException
- Specified by:
doFilter
in interfacejavax.servlet.Filter
- Throws:
IOException
javax.servlet.ServletException
-
doFilterCore
protected void doFilterCore(javax.servlet.http.HttpServletRequest request, String name) throws javax.servlet.ServletException
- Throws:
javax.servlet.ServletException
-
destroy
public void destroy()
- Specified by:
destroy
in interfacejavax.servlet.Filter
-
main
public static void main(String[] args)
- Parameters:
args
-
-
getHeaderName
protected String getHeaderName()
- Returns:
- the name of the request header that will contain the trusted user name
-
getParameterName
protected String getParameterName()
- Returns:
- the name of the request parameter that will contain the trusted user name
-
getLocaleOverrideHeaderName
protected String getLocaleOverrideHeaderName()
Gets the name of the request header that will contain the trusted locale override
-
getLocaleOverrideParameterName
protected String getLocaleOverrideParameterName()
Gets the name of the request parameter that will contain the trusted locale override.
-
checkHeader
protected boolean checkHeader()
- Returns:
- true if the filter should consult the http header for the trusted user and trusted locale override
-
getTrustUser
protected String getTrustUser(javax.servlet.http.HttpServletRequest request)
Gets the trusted user from the request, and optionally from the HTTP Header- Parameters:
request
- The HttpServletRequest to examine for the trusted information- Returns:
- The name of the trusted user
-
getTrustLocaleOverrideCode
protected String getTrustLocaleOverrideCode(javax.servlet.http.HttpServletRequest request)
Gets the trusted locale code override from the request, and optionally from the HTTP header.- Parameters:
request
- The HttpServletRequest to examine for the trusted information- Returns:
- The specified trusted locale code, if any;
null
, otherwise.
-
isEmpty
public boolean isEmpty(String str)
-
becomeUser
protected void becomeUser(String principalName)
-
setSystemLocaleOverrideCode
protected void setSystemLocaleOverrideCode(String localeOverrideCode)
Sets the system's locale override.- Parameters:
localeOverrideCode
- The locale override code.
-
-