Class NuxeoAuthenticationFilter
java.lang.Object
org.nuxeo.ecm.platform.ui.web.auth.NuxeoAuthenticationFilter
- All Implemented Interfaces:
javax.servlet.Filter
Servlet filter handling Nuxeo authentication (JAAS + EJB).
Also handles logout and identity switch.
- Author:
- Thierry Delprat, Bogdan Stefanescu, Anahide Tchertchian, Florent Guillaume
-
Field Summary
Modifier and TypeFieldDescriptionprotected final io.dropwizard.metrics5.Counter
protected final io.dropwizard.metrics5.Counter
protected static final String
The Seam conversation id query parameter.protected static final Principal
Used internally as a marker.protected static final String
protected static final String
static final String
LoginContext domain name in use by default in Nuxeo.protected final io.dropwizard.metrics5.Counter
protected final io.dropwizard.metrics5.MetricRegistry
protected final io.dropwizard.metrics5.Timer
protected PluggableAuthenticationService
protected static final String
protected ReentrantReadWriteLock
protected static final String
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionprotected void
buildUnauthorizedResponse
(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse resp) protected boolean
bypassAuth
(javax.servlet.http.HttpServletRequest httpRequest) protected void
checkRequestedURL
(javax.servlet.ServletRequest request) Checks if the "requestedUrl" request parameter is an absolute URL or starts with "//", in which case, throws a NuxeoException with a 400 status code.protected static NuxeoPrincipal
createPrincipal
(String username) Creates a principal without checking authentication.void
destroy()
protected Principal
doAuthenticate
(CachableUserIdentificationInfo cachableUserIdent, javax.servlet.http.HttpServletRequest httpRequest) void
doFilter
(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain) void
doFilterInternal
(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain) protected void
protected String
protected String
protected Principal
getPrincipalCheckingAuth
(UserIdentificationInfo userIdent, javax.servlet.http.HttpServletRequest request) Creates a principal, checking authentication from the UserIdentificationInfo credentials.protected static String
getRequestedPage
(javax.servlet.http.HttpServletRequest httpRequest) static String
getRequestedPage
(javax.servlet.ServletRequest request) static String
getRequestedUrl
(javax.servlet.http.HttpServletRequest request) The requested URL is like the requested page BUT is not decoded AND also includes the query string (except without conversation id).protected static String
getSavedRequestedURL
(javax.servlet.http.HttpServletRequest httpRequest, javax.servlet.http.HttpServletResponse httpResponse) protected boolean
handleLogin
(javax.servlet.http.HttpServletRequest httpRequest, javax.servlet.http.HttpServletResponse httpResponse) protected boolean
handleLoginPrompt
(javax.servlet.http.HttpServletRequest httpRequest, javax.servlet.http.HttpServletResponse httpResponse) protected boolean
handleLogout
(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, CachableUserIdentificationInfo cachedUserInfo) protected UserIdentificationInfo
handleRetrieveIdentity
(javax.servlet.http.HttpServletRequest httpRequest, javax.servlet.http.HttpServletResponse httpResponse) void
init
(javax.servlet.FilterConfig config) protected void
protected boolean
isCallbackURLValid
(String callbackURL, String baseURL) protected boolean
isStartPageValid
(String startPage) protected boolean
logAuthenticationAttempt
(UserIdentificationInfo userInfo, boolean success) static NuxeoLoginContext
Does a forced login as the given user.protected boolean
logLogout
(UserIdentificationInfo userInfo) protected boolean
needSessionSaving
(UserIdentificationInfo userInfo) protected static CachableUserIdentificationInfo
retrieveIdentityFromCache
(javax.servlet.http.HttpServletRequest httpRequest) boolean
saveRequestedURLBeforeRedirect
(javax.servlet.http.HttpServletRequest httpRequest, javax.servlet.http.HttpServletResponse httpResponse) Save requested URL before redirecting to login form.protected static boolean
sendAuthenticationEvent
(UserIdentificationInfo userInfo, String eventId, String comment) protected boolean
switchUser
(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain)
-
Field Details
-
LOGIN_DOMAIN
LoginContext domain name in use by default in Nuxeo.- See Also:
-
XMLHTTP_REQUEST_TYPE
- See Also:
-
LOGIN_CATEGORY
- See Also:
-
DIRECTORY_ERROR_PRINCIPAL
Used internally as a marker. -
INDEX_JSP
- See Also:
-
SLASH_INDEX_JSP
- See Also:
-
CONVERSATION_ID
The Seam conversation id query parameter.- See Also:
-
service
-
unAuthenticatedURLPrefixLock
-
unAuthenticatedURLPrefix
-
registry
protected final io.dropwizard.metrics5.MetricRegistry registry -
requestTimer
protected final io.dropwizard.metrics5.Timer requestTimer -
concurrentCount
protected final io.dropwizard.metrics5.Counter concurrentCount -
concurrentMaxCount
protected final io.dropwizard.metrics5.Counter concurrentMaxCount -
loginCount
protected final io.dropwizard.metrics5.Counter loginCount
-
-
Constructor Details
-
NuxeoAuthenticationFilter
public NuxeoAuthenticationFilter()
-
-
Method Details
-
destroy
public void destroy()- Specified by:
destroy
in interfacejavax.servlet.Filter
-
sendAuthenticationEvent
protected static boolean sendAuthenticationEvent(UserIdentificationInfo userInfo, String eventId, String comment) -
logAuthenticationAttempt
-
logLogout
-
doAuthenticate
protected Principal doAuthenticate(CachableUserIdentificationInfo cachableUserIdent, javax.servlet.http.HttpServletRequest httpRequest) -
switchUser
protected boolean switchUser(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain) throws IOException - Throws:
IOException
-
doFilter
public void doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain) throws IOException, javax.servlet.ServletException - Specified by:
doFilter
in interfacejavax.servlet.Filter
- Throws:
IOException
javax.servlet.ServletException
-
doFilterInternal
public void doFilterInternal(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain) throws IOException, javax.servlet.ServletException - Throws:
IOException
javax.servlet.ServletException
-
getAuthenticator
-
retrieveIdentityFromCache
protected static CachableUserIdentificationInfo retrieveIdentityFromCache(javax.servlet.http.HttpServletRequest httpRequest) -
getAnonymousId
-
doInitIfNeeded
protected void doInitIfNeeded() throws javax.servlet.ServletException- Throws:
javax.servlet.ServletException
-
init
public void init(javax.servlet.FilterConfig config) throws javax.servlet.ServletException - Specified by:
init
in interfacejavax.servlet.Filter
- Throws:
javax.servlet.ServletException
-
saveRequestedURLBeforeRedirect
public boolean saveRequestedURLBeforeRedirect(javax.servlet.http.HttpServletRequest httpRequest, javax.servlet.http.HttpServletResponse httpResponse) Save requested URL before redirecting to login form.Returns true if target url is a valid startup page.
-
getRequestedUrl
The requested URL is like the requested page BUT is not decoded AND also includes the query string (except without conversation id). -
getSavedRequestedURL
protected static String getSavedRequestedURL(javax.servlet.http.HttpServletRequest httpRequest, javax.servlet.http.HttpServletResponse httpResponse) -
isStartPageValid
-
handleLogout
protected boolean handleLogout(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, CachableUserIdentificationInfo cachedUserInfo) throws javax.servlet.ServletException - Throws:
javax.servlet.ServletException
-
getLogoutRedirectURL
protected String getLogoutRedirectURL(String callbackURL, String baseURL, Map<String, String> parameters) - Since:
- 10.3
-
isCallbackURLValid
- Since:
- 10.3
-
initUnAuthenticatedURLPrefix
protected void initUnAuthenticatedURLPrefix() -
bypassAuth
protected boolean bypassAuth(javax.servlet.http.HttpServletRequest httpRequest) -
getRequestedPage
-
getRequestedPage
-
handleLoginPrompt
protected boolean handleLoginPrompt(javax.servlet.http.HttpServletRequest httpRequest, javax.servlet.http.HttpServletResponse httpResponse) -
handleLogin
protected boolean handleLogin(javax.servlet.http.HttpServletRequest httpRequest, javax.servlet.http.HttpServletResponse httpResponse) -
buildUnauthorizedResponse
protected void buildUnauthorizedResponse(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse resp) -
handleRetrieveIdentity
protected UserIdentificationInfo handleRetrieveIdentity(javax.servlet.http.HttpServletRequest httpRequest, javax.servlet.http.HttpServletResponse httpResponse) -
needSessionSaving
-
loginAs
Does a forced login as the given user. Bypasses all authentication checks.- Parameters:
username
- the user name- Returns:
- the login context, which MUST be used for logout in a
finally
block - Throws:
LoginException
-
createPrincipal
Creates a principal without checking authentication.- Throws:
LoginException
- Since:
- 11.1
-
getPrincipalCheckingAuth
protected Principal getPrincipalCheckingAuth(UserIdentificationInfo userIdent, javax.servlet.http.HttpServletRequest request) Creates a principal, checking authentication from the UserIdentificationInfo credentials.- Since:
- 11.1
-
checkRequestedURL
protected void checkRequestedURL(javax.servlet.ServletRequest request) Checks if the "requestedUrl" request parameter is an absolute URL or starts with "//", in which case, throws a NuxeoException with a 400 status code.- Since:
- 11.5
-