Package io.jmix.webdavrest.security
Class CookieAuthenticationFilter
java.lang.Object
org.springframework.web.filter.GenericFilterBean
org.springframework.web.filter.OncePerRequestFilter
io.jmix.webdavrest.security.CookieAuthenticationFilter
- All Implemented Interfaces:
jakarta.servlet.Filter,org.springframework.beans.factory.Aware,org.springframework.beans.factory.BeanNameAware,org.springframework.beans.factory.DisposableBean,org.springframework.beans.factory.InitializingBean,org.springframework.context.EnvironmentAware,org.springframework.core.env.EnvironmentCapable,org.springframework.web.context.ServletContextAware
public class CookieAuthenticationFilter
extends org.springframework.web.filter.OncePerRequestFilter
This filter is used for cookie authentication method.
Filter works only with WebDAV request with URL-token in path - extracts URL-token and cookie-token
from incoming request, generate auth request (CookieAuthenticationToken) and try to authenticate it
via CookieAuthenticationProvider.
If authentication is unsuccessful filter requests basic auth from user. In this case further communication works based on basic auth - this filter will not check requests for URL- and cookie-tokens and call the next filter in the filter chain.
-
Field Summary
Fields inherited from class org.springframework.web.filter.OncePerRequestFilter
ALREADY_FILTERED_SUFFIXFields inherited from class org.springframework.web.filter.GenericFilterBean
logger -
Constructor Summary
ConstructorsConstructorDescriptionCookieAuthenticationFilter(org.springframework.security.authentication.AuthenticationManager authenticationManager, WebdavProperties webdavProperties) CookieAuthenticationFilter(org.springframework.security.authentication.AuthenticationManager authenticationManager, org.springframework.security.web.AuthenticationEntryPoint authenticationEntryPoint, WebdavProperties webdavProperties) -
Method Summary
Modifier and TypeMethodDescriptionprotected StringbuildCookiePath(String requestUri) protected voiddoFilterInternal(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, jakarta.servlet.FilterChain chain) protected StringextractUrlToken(jakarta.servlet.http.HttpServletRequest request) protected booleanisAuthenticationRequired(jakarta.servlet.http.HttpServletRequest request) protected voidonSuccessfulAuthentication(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, CookieAuthenticationToken authResult) protected voidonUnsuccessfulAuthentication(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, org.springframework.security.core.AuthenticationException failed) voidsetSecurityContextRepository(org.springframework.security.web.context.SecurityContextRepository securityContextRepository) protected voidsetupAuthCookie(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, CookieAuthenticationToken authResult) Generates cookie and adds it to response.Methods inherited from class org.springframework.web.filter.OncePerRequestFilter
doFilter, doFilterNestedErrorDispatch, getAlreadyFilteredAttributeName, isAsyncDispatch, isAsyncStarted, shouldNotFilter, shouldNotFilterAsyncDispatch, shouldNotFilterErrorDispatchMethods inherited from class org.springframework.web.filter.GenericFilterBean
addRequiredProperty, afterPropertiesSet, createEnvironment, destroy, getEnvironment, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext
-
Constructor Details
-
CookieAuthenticationFilter
public CookieAuthenticationFilter(org.springframework.security.authentication.AuthenticationManager authenticationManager, WebdavProperties webdavProperties) -
CookieAuthenticationFilter
public CookieAuthenticationFilter(org.springframework.security.authentication.AuthenticationManager authenticationManager, org.springframework.security.web.AuthenticationEntryPoint authenticationEntryPoint, WebdavProperties webdavProperties)
-
-
Method Details
-
setSecurityContextRepository
public void setSecurityContextRepository(org.springframework.security.web.context.SecurityContextRepository securityContextRepository) -
doFilterInternal
protected void doFilterInternal(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, jakarta.servlet.FilterChain chain) throws jakarta.servlet.ServletException, IOException - Specified by:
doFilterInternalin classorg.springframework.web.filter.OncePerRequestFilter- Throws:
jakarta.servlet.ServletExceptionIOException
-
onSuccessfulAuthentication
protected void onSuccessfulAuthentication(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, CookieAuthenticationToken authResult) throws IOException, jakarta.servlet.ServletException - Throws:
IOExceptionjakarta.servlet.ServletException
-
onUnsuccessfulAuthentication
protected void onUnsuccessfulAuthentication(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, org.springframework.security.core.AuthenticationException failed) throws IOException - Throws:
IOException
-
setupAuthCookie
protected void setupAuthCookie(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, CookieAuthenticationToken authResult) throws jakarta.servlet.ServletException Generates cookie and adds it to response. Do nothing if there is an existing cookie- Parameters:
request- requestresponse- responseauthResult- fully authenticated authentication object- Throws:
jakarta.servlet.ServletException
-
buildCookiePath
-
isAuthenticationRequired
protected boolean isAuthenticationRequired(jakarta.servlet.http.HttpServletRequest request) -
extractUrlToken
-