Class NuxeoAuthenticationFilter
- java.lang.Object
-
- org.nuxeo.ecm.platform.ui.web.auth.NuxeoAuthenticationFilter
-
- All Implemented Interfaces:
javax.servlet.Filter
public class NuxeoAuthenticationFilter extends Object implements javax.servlet.Filter
Servlet filter handling Nuxeo authentication (JAAS + EJB).Also handles logout and identity switch.
- Author:
- Thierry Delprat, Bogdan Stefanescu, Anahide Tchertchian, Florent Guillaume
-
-
Field Summary
Fields Modifier and Type Field Description protected io.dropwizard.metrics5.CounterconcurrentCountprotected io.dropwizard.metrics5.CounterconcurrentMaxCountprotected static StringCONVERSATION_IDThe Seam conversation id query parameter.static StringDEFAULT_START_PAGEDeprecated.Since 8.4.protected static PrincipalDIRECTORY_ERROR_PRINCIPALUsed internally as a marker.protected static StringINDEX_JSPprotected static StringLOGIN_CATEGORYstatic StringLOGIN_DOMAINLoginContext domain name in use by default in Nuxeo.protected io.dropwizard.metrics5.CounterloginCountprotected io.dropwizard.metrics5.MetricRegistryregistryprotected io.dropwizard.metrics5.TimerrequestTimerprotected PluggableAuthenticationServiceserviceprotected static StringSLASH_INDEX_JSPprotected List<String>unAuthenticatedURLPrefixprotected ReentrantReadWriteLockunAuthenticatedURLPrefixLockprotected static StringXMLHTTP_REQUEST_TYPE
-
Constructor Summary
Constructors Constructor Description NuxeoAuthenticationFilter()
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description protected voidbuildUnauthorizedResponse(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse resp)protected booleanbypassAuth(javax.servlet.http.HttpServletRequest httpRequest)protected voidcheckRequestedURL(javax.servlet.ServletRequest request)Checks if the "requestedUrl" request parameter is an absolute URL, in which case, throws a NuxeoException with a 400 status code.protected static NuxeoPrincipalcreatePrincipal(String username)Creates a principal without checking authentication.voiddestroy()protected PrincipaldoAuthenticate(CachableUserIdentificationInfo cachableUserIdent, javax.servlet.http.HttpServletRequest httpRequest)voiddoFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain)voiddoFilterInternal(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain)protected voiddoInitIfNeeded()protected StringgetAnonymousId()NuxeoAuthenticationPlugingetAuthenticator(CachableUserIdentificationInfo ci)protected StringgetLogoutRedirectURL(String callbackURL, String baseURL, Map<String,String> parameters)protected PrincipalgetPrincipalCheckingAuth(UserIdentificationInfo userIdent, javax.servlet.http.HttpServletRequest request)Creates a principal, checking authentication from the UserIdentificationInfo credentials.protected static StringgetRequestedPage(javax.servlet.http.HttpServletRequest httpRequest)static StringgetRequestedPage(javax.servlet.ServletRequest request)static StringgetRequestedUrl(javax.servlet.http.HttpServletRequest request)The requested URL is like the requested page BUT is not decoded AND also includes the query string (except without conversation id).protected static StringgetSavedRequestedURL(javax.servlet.http.HttpServletRequest httpRequest, javax.servlet.http.HttpServletResponse httpResponse)protected booleanhandleLogin(javax.servlet.http.HttpServletRequest httpRequest, javax.servlet.http.HttpServletResponse httpResponse)protected booleanhandleLoginPrompt(javax.servlet.http.HttpServletRequest httpRequest, javax.servlet.http.HttpServletResponse httpResponse)protected booleanhandleLogout(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, CachableUserIdentificationInfo cachedUserInfo)protected UserIdentificationInfohandleRetrieveIdentity(javax.servlet.http.HttpServletRequest httpRequest, javax.servlet.http.HttpServletResponse httpResponse)voidinit(javax.servlet.FilterConfig config)protected voidinitUnAuthenticatedURLPrefix()protected booleanisCallbackURLValid(String callbackURL, String baseURL)protected booleanisStartPageValid(String startPage)protected booleanlogAuthenticationAttempt(UserIdentificationInfo userInfo, boolean success)static NuxeoLoginContextloginAs(String username)Does a forced login as the given user.protected booleanlogLogout(UserIdentificationInfo userInfo)protected booleanneedSessionSaving(UserIdentificationInfo userInfo)protected static CachableUserIdentificationInforetrieveIdentityFromCache(javax.servlet.http.HttpServletRequest httpRequest)booleansaveRequestedURLBeforeRedirect(javax.servlet.http.HttpServletRequest httpRequest, javax.servlet.http.HttpServletResponse httpResponse)Save requested URL before redirecting to login form.protected static booleansendAuthenticationEvent(UserIdentificationInfo userInfo, String eventId, String comment)protected booleanswitchUser(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain)
-
-
-
Field Detail
-
DEFAULT_START_PAGE
@Deprecated public static final String DEFAULT_START_PAGE
Deprecated.Since 8.4. UseLoginScreenHelper.getStartupPagePath()instead.- See Also:
LoginScreenHelper, Constant Field Values
-
LOGIN_DOMAIN
public static final String LOGIN_DOMAIN
LoginContext domain name in use by default in Nuxeo.- See Also:
- Constant Field Values
-
XMLHTTP_REQUEST_TYPE
protected static final String XMLHTTP_REQUEST_TYPE
- See Also:
- Constant Field Values
-
LOGIN_CATEGORY
protected static final String LOGIN_CATEGORY
- See Also:
- Constant Field Values
-
DIRECTORY_ERROR_PRINCIPAL
protected static final Principal DIRECTORY_ERROR_PRINCIPAL
Used internally as a marker.
-
INDEX_JSP
protected static final String INDEX_JSP
- See Also:
- Constant Field Values
-
SLASH_INDEX_JSP
protected static final String SLASH_INDEX_JSP
- See Also:
- Constant Field Values
-
CONVERSATION_ID
protected static final String CONVERSATION_ID
The Seam conversation id query parameter.- See Also:
- Constant Field Values
-
service
protected volatile PluggableAuthenticationService service
-
unAuthenticatedURLPrefixLock
protected ReentrantReadWriteLock unAuthenticatedURLPrefixLock
-
registry
protected final io.dropwizard.metrics5.MetricRegistry registry
-
requestTimer
protected final io.dropwizard.metrics5.Timer requestTimer
-
concurrentCount
protected final io.dropwizard.metrics5.Counter concurrentCount
-
concurrentMaxCount
protected final io.dropwizard.metrics5.Counter concurrentMaxCount
-
loginCount
protected final io.dropwizard.metrics5.Counter loginCount
-
-
Method Detail
-
destroy
public void destroy()
- Specified by:
destroyin interfacejavax.servlet.Filter
-
sendAuthenticationEvent
protected static boolean sendAuthenticationEvent(UserIdentificationInfo userInfo, String eventId, String comment)
-
logAuthenticationAttempt
protected boolean logAuthenticationAttempt(UserIdentificationInfo userInfo, boolean success)
-
logLogout
protected boolean logLogout(UserIdentificationInfo userInfo)
-
doAuthenticate
protected Principal doAuthenticate(CachableUserIdentificationInfo cachableUserIdent, javax.servlet.http.HttpServletRequest httpRequest)
-
switchUser
protected boolean switchUser(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain) throws IOException- Throws:
IOException
-
doFilter
public void doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain) throws IOException, javax.servlet.ServletException- Specified by:
doFilterin interfacejavax.servlet.Filter- Throws:
IOExceptionjavax.servlet.ServletException
-
doFilterInternal
public void doFilterInternal(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain) throws IOException, javax.servlet.ServletException- Throws:
IOExceptionjavax.servlet.ServletException
-
getAuthenticator
public NuxeoAuthenticationPlugin getAuthenticator(CachableUserIdentificationInfo ci)
-
retrieveIdentityFromCache
protected static CachableUserIdentificationInfo retrieveIdentityFromCache(javax.servlet.http.HttpServletRequest httpRequest)
-
getAnonymousId
protected String getAnonymousId()
-
doInitIfNeeded
protected void doInitIfNeeded() throws javax.servlet.ServletException- Throws:
javax.servlet.ServletException
-
init
public void init(javax.servlet.FilterConfig config) throws javax.servlet.ServletException- Specified by:
initin interfacejavax.servlet.Filter- Throws:
javax.servlet.ServletException
-
saveRequestedURLBeforeRedirect
public boolean saveRequestedURLBeforeRedirect(javax.servlet.http.HttpServletRequest httpRequest, javax.servlet.http.HttpServletResponse httpResponse)Save requested URL before redirecting to login form.Returns true if target url is a valid startup page.
-
getRequestedUrl
public static String getRequestedUrl(javax.servlet.http.HttpServletRequest request)
The requested URL is like the requested page BUT is not decoded AND also includes the query string (except without conversation id).
-
getSavedRequestedURL
protected static String getSavedRequestedURL(javax.servlet.http.HttpServletRequest httpRequest, javax.servlet.http.HttpServletResponse httpResponse)
-
isStartPageValid
protected boolean isStartPageValid(String startPage)
-
handleLogout
protected boolean handleLogout(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, CachableUserIdentificationInfo cachedUserInfo) throws javax.servlet.ServletException- Throws:
javax.servlet.ServletException
-
getLogoutRedirectURL
protected String getLogoutRedirectURL(String callbackURL, String baseURL, Map<String,String> parameters)
- Since:
- 10.3
-
isCallbackURLValid
protected boolean isCallbackURLValid(String callbackURL, String baseURL)
- Since:
- 10.3
-
initUnAuthenticatedURLPrefix
protected void initUnAuthenticatedURLPrefix()
-
bypassAuth
protected boolean bypassAuth(javax.servlet.http.HttpServletRequest httpRequest)
-
getRequestedPage
public static String getRequestedPage(javax.servlet.ServletRequest request)
-
getRequestedPage
protected static String getRequestedPage(javax.servlet.http.HttpServletRequest httpRequest)
-
handleLoginPrompt
protected boolean handleLoginPrompt(javax.servlet.http.HttpServletRequest httpRequest, javax.servlet.http.HttpServletResponse httpResponse)
-
handleLogin
protected boolean handleLogin(javax.servlet.http.HttpServletRequest httpRequest, javax.servlet.http.HttpServletResponse httpResponse)
-
buildUnauthorizedResponse
protected void buildUnauthorizedResponse(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse resp)
-
handleRetrieveIdentity
protected UserIdentificationInfo handleRetrieveIdentity(javax.servlet.http.HttpServletRequest httpRequest, javax.servlet.http.HttpServletResponse httpResponse)
-
needSessionSaving
protected boolean needSessionSaving(UserIdentificationInfo userInfo)
-
loginAs
public static NuxeoLoginContext loginAs(String username) throws LoginException
Does a forced login as the given user. Bypasses all authentication checks.- Parameters:
username- the user name- Returns:
- the login context, which MUST be used for logout in a
finallyblock - Throws:
LoginException
-
createPrincipal
protected static NuxeoPrincipal createPrincipal(String username) throws LoginException
Creates a principal without checking authentication.- Throws:
LoginException- Since:
- 11.1
-
getPrincipalCheckingAuth
protected Principal getPrincipalCheckingAuth(UserIdentificationInfo userIdent, javax.servlet.http.HttpServletRequest request)
Creates a principal, checking authentication from the UserIdentificationInfo credentials.- Since:
- 11.1
-
checkRequestedURL
protected void checkRequestedURL(javax.servlet.ServletRequest request)
Checks if the "requestedUrl" request parameter is an absolute URL, in which case, throws a NuxeoException with a 400 status code.- Since:
- 11.5
-
-