Package org.nuxeo.ecm.platform.ui.web.auth

Class NuxeoAuthenticationFilter

java.lang.Object
org.nuxeo.ecm.platform.ui.web.auth.NuxeoAuthenticationFilter
All Implemented Interfaces:
javax.servlet.Filter
public class NuxeoAuthenticationFilter extends Object implements javax.servlet.Filter
Servlet filter handling Nuxeo authentication (JAAS + EJB).

Also handles logout and identity switch.

Author:
Thierry Delprat, Bogdan Stefanescu, Anahide Tchertchian, Florent Guillaume

  • Field Details

    • LOGIN_DOMAIN

      public static final String LOGIN_DOMAIN
      LoginContext domain name in use by default in Nuxeo.
      See Also:

    • XMLHTTP_REQUEST_TYPE

      protected static final String XMLHTTP_REQUEST_TYPE
      See Also:

    • LOGIN_CATEGORY

      protected static final String LOGIN_CATEGORY
      See Also:

    • DIRECTORY_ERROR_PRINCIPAL

      protected static final Principal DIRECTORY_ERROR_PRINCIPAL
      Used internally as a marker.

    • INDEX_JSP

      protected static final String INDEX_JSP
      See Also:

    • SLASH_INDEX_JSP

      protected static final String SLASH_INDEX_JSP
      See Also:

    • CONVERSATION_ID

      protected static final String CONVERSATION_ID
      The Seam conversation id query parameter.
      See Also:

    • service

      protected volatile PluggableAuthenticationService service

    • unAuthenticatedURLPrefixLock

      protected ReentrantReadWriteLock unAuthenticatedURLPrefixLock

    • unAuthenticatedURLPrefix

      protected List<String> unAuthenticatedURLPrefix

    • registry

      protected final io.dropwizard.metrics5.MetricRegistry registry

    • requestTimer

      protected final io.dropwizard.metrics5.Timer requestTimer

    • concurrentCount

      protected final io.dropwizard.metrics5.Counter concurrentCount

    • concurrentMaxCount

      protected final io.dropwizard.metrics5.Counter concurrentMaxCount

    • loginCount

      protected final io.dropwizard.metrics5.Counter loginCount

  • Constructor Details

    • NuxeoAuthenticationFilter

      public NuxeoAuthenticationFilter()

  • Method Details

    • destroy

      public void destroy()
      Specified by:
      destroy in interface javax.servlet.Filter

    • sendAuthenticationEvent

      protected static boolean sendAuthenticationEvent(UserIdentificationInfo userInfo, String eventId, String comment)

    • logAuthenticationAttempt

      protected boolean logAuthenticationAttempt(UserIdentificationInfo userInfo, boolean success)

    • logLogout

      protected boolean logLogout(UserIdentificationInfo userInfo)

    • doAuthenticate

      protected Principal doAuthenticate(CachableUserIdentificationInfo cachableUserIdent, javax.servlet.http.HttpServletRequest httpRequest)

    • switchUser

      protected boolean switchUser(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain) throws IOException
      Throws:
      IOException

    • doFilter

      public void doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain) throws IOException, javax.servlet.ServletException
      Specified by:
      doFilter in interface javax.servlet.Filter
      Throws:
      IOException
      javax.servlet.ServletException

    • doFilterInternal

      public void doFilterInternal(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain) throws IOException, javax.servlet.ServletException
      Throws:
      IOException
      javax.servlet.ServletException

    • getAuthenticator

      public NuxeoAuthenticationPlugin getAuthenticator(CachableUserIdentificationInfo ci)

    • retrieveIdentityFromCache

      protected static CachableUserIdentificationInfo retrieveIdentityFromCache(javax.servlet.http.HttpServletRequest httpRequest)

    • getAnonymousId

      protected String getAnonymousId()

    • doInitIfNeeded

      protected void doInitIfNeeded() throws javax.servlet.ServletException
      Throws:
      javax.servlet.ServletException

    • init

      public void init(javax.servlet.FilterConfig config) throws javax.servlet.ServletException
      Specified by:
      init in interface javax.servlet.Filter
      Throws:
      javax.servlet.ServletException

    • saveRequestedURLBeforeRedirect

      public boolean saveRequestedURLBeforeRedirect(javax.servlet.http.HttpServletRequest httpRequest, javax.servlet.http.HttpServletResponse httpResponse)
      Save requested URL before redirecting to login form.

      Returns true if target url is a valid startup page.

    • getRequestedUrl

      public static String getRequestedUrl(javax.servlet.http.HttpServletRequest request)
      The requested URL is like the requested page BUT is not decoded AND also includes the query string (except without conversation id).

    • getSavedRequestedURL

      protected static String getSavedRequestedURL(javax.servlet.http.HttpServletRequest httpRequest, javax.servlet.http.HttpServletResponse httpResponse)

    • isStartPageValid

      protected boolean isStartPageValid(String startPage)

    • handleLogout

      protected boolean handleLogout(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, CachableUserIdentificationInfo cachedUserInfo) throws javax.servlet.ServletException
      Throws:
      javax.servlet.ServletException

    • getLogoutRedirectURL

      protected String getLogoutRedirectURL(String callbackURL, String baseURL, Map<String,String> parameters)
      Since:
      10.3

    • isCallbackURLValid

      protected boolean isCallbackURLValid(String callbackURL, String baseURL)
      Since:
      10.3

    • initUnAuthenticatedURLPrefix

      protected void initUnAuthenticatedURLPrefix()

    • bypassAuth

      protected boolean bypassAuth(javax.servlet.http.HttpServletRequest httpRequest)

    • getRequestedPage

      public static String getRequestedPage(javax.servlet.ServletRequest request)

    • getRequestedPage

      protected static String getRequestedPage(javax.servlet.http.HttpServletRequest httpRequest)

    • handleLoginPrompt

      protected boolean handleLoginPrompt(javax.servlet.http.HttpServletRequest httpRequest, javax.servlet.http.HttpServletResponse httpResponse)

    • handleLogin

      protected boolean handleLogin(javax.servlet.http.HttpServletRequest httpRequest, javax.servlet.http.HttpServletResponse httpResponse)

    • buildUnauthorizedResponse

      protected void buildUnauthorizedResponse(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse resp)

    • handleRetrieveIdentity

      protected UserIdentificationInfo handleRetrieveIdentity(javax.servlet.http.HttpServletRequest httpRequest, javax.servlet.http.HttpServletResponse httpResponse)

    • needSessionSaving

      protected boolean needSessionSaving(UserIdentificationInfo userInfo)

    • loginAs

      public static NuxeoLoginContext loginAs(String username) throws LoginException
      Does a forced login as the given user. Bypasses all authentication checks.
      Parameters:
      username - the user name
      Returns:
      the login context, which MUST be used for logout in a finally block
      Throws:
      LoginException

    • createPrincipal

      protected static NuxeoPrincipal createPrincipal(String username) throws LoginException
      Creates a principal without checking authentication.
      Throws:
      LoginException
      Since:
      11.1

    • getPrincipalCheckingAuth

      protected Principal getPrincipalCheckingAuth(UserIdentificationInfo userIdent, javax.servlet.http.HttpServletRequest request)
      Creates a principal, checking authentication from the UserIdentificationInfo credentials.
      Since:
      11.1

    • checkRequestedURL

      protected void checkRequestedURL(javax.servlet.ServletRequest request)
      Checks if the "requestedUrl" request parameter is an absolute URL or starts with "//", in which case, throws a NuxeoException with a 400 status code.
      Since:
      11.5