com.fgm.security.pki

Class FilterFacade

java.lang.Object

com.fgm.security.pki.FilterFacade

All Implemented Interfaces:

javax.servlet.Filter

Direct Known Subclasses:

AccessControlFilter, IPFilter

public abstract class FilterFacade
extends java.lang.Object
implements javax.servlet.Filter

Base Filter class which abstracts out any specific security implementation. When the filter is run, it checks for a USER_NAME_ATTRBUTE property on the session. If one is not found, it calls the abstract setupUserName() and setupUserCredentials() methods in that order. Finally, if filter.indexPage is defined in the properties file, it will forward all newly authenticated requests to that url. If USER_NAME_ATTRIBUTE is defined on the session, all requests are passed through with no further filtering. In order to use this Filter in a web application, the Filter must be defined in the web.xml as follows: AccessControlFilter com.fgm.security.pki.AccessControlFilter propertyFile security.properties MyFilter /*

Author:

mike.kluever

Field Summary

Fields

Modifier and Type	Field and Description
protected javax.servlet.FilterConfig	filterConfig FilterConfig object this filter was initialized with
protected java.lang.String	forwardAddress Address to forward new requests to
protected org.apache.log4j.Logger	logger Log4J Logger
static java.lang.String	USER_CLEARANCE_ATTRIBUTE The user clearance attribute session property name
static java.lang.String	USER_CREDENTIALS_ATTRIBUTE The user credentials attribute session property name
static java.lang.String	USER_DN_ATTRIBUTE The user distinguished name attribute session property name
static java.lang.String	USER_NAME_ATTRIBUTE The user name attribute session property name

Constructor Summary

Constructors

Constructor and Description
FilterFacade()

Method Summary

Methods

Modifier and Type	Method and Description
void	destroy()
void	doFilter(javax.servlet.ServletRequest req, javax.servlet.ServletResponse rsp, javax.servlet.FilterChain chain)
void	init(javax.servlet.FilterConfig filterConfig) Run once on server start-up to initialize the Filter.
protected abstract boolean	setupUserCredentials(javax.servlet.http.HttpSession session) Set up the user credentials and classification properties
protected abstract boolean	setupUserName(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpSession session) Gets the user name and sets up the user session attributes
void	unauthorizedRequest(javax.servlet.ServletResponse rsp) Displays a default unauthorized message if either setupUserName() or setupUserCrenditals() returns false.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

logger

protected org.apache.log4j.Logger logger

Log4J Logger

USER_CLEARANCE_ATTRIBUTE

public static final java.lang.String USER_CLEARANCE_ATTRIBUTE

The user clearance attribute session property name

See Also:

Constant Field Values

USER_CREDENTIALS_ATTRIBUTE

public static final java.lang.String USER_CREDENTIALS_ATTRIBUTE

The user credentials attribute session property name

See Also:

Constant Field Values

USER_DN_ATTRIBUTE

public static final java.lang.String USER_DN_ATTRIBUTE

The user distinguished name attribute session property name

See Also:

Constant Field Values

USER_NAME_ATTRIBUTE

public static final java.lang.String USER_NAME_ATTRIBUTE

The user name attribute session property name

See Also:

Constant Field Values

filterConfig

protected javax.servlet.FilterConfig filterConfig

FilterConfig object this filter was initialized with

forwardAddress

protected java.lang.String forwardAddress

Address to forward new requests to

Constructor Detail

FilterFacade

public FilterFacade()

Method Detail

destroy

public void destroy()

Specified by:

destroy in interface javax.servlet.Filter

doFilter

public void doFilter(javax.servlet.ServletRequest req,
            javax.servlet.ServletResponse rsp,
            javax.servlet.FilterChain chain)
              throws java.io.IOException,
                     javax.servlet.ServletException

Specified by:

doFilter in interface javax.servlet.Filter

Throws:

java.io.IOException

javax.servlet.ServletException

unauthorizedRequest

public void unauthorizedRequest(javax.servlet.ServletResponse rsp)
                         throws java.io.IOException

Displays a default unauthorized message if either setupUserName() or setupUserCrenditals() returns false.

Parameters:

rsp - response to write to

Throws:

java.io.IOException

init

public void init(javax.servlet.FilterConfig filterConfig)
          throws javax.servlet.ServletException

Run once on server start-up to initialize the Filter. The provided FilterConfig should contain a parameter called 'propertyFile' which is the name of the properties file to be read,

Specified by:

init in interface javax.servlet.Filter

Parameters:

filterConfig - configuration defined in the web.xml file

Throws:

javax.servlet.ServletException

setupUserName

protected abstract boolean setupUserName(javax.servlet.http.HttpServletRequest request,
                    javax.servlet.http.HttpSession session)

Gets the user name and sets up the user session attributes

Parameters:

request - the http request

session - the http session

setupUserCredentials

protected abstract boolean setupUserCredentials(javax.servlet.http.HttpSession session)

Set up the user credentials and classification properties

Parameters:

session - the http session