Class AuthMethodFilter
java.lang.Object
javax.servlet.GenericFilter
javax.servlet.http.HttpFilter
org.dogtagpki.server.rest.v2.filters.AuthMethodFilter
- All Implemented Interfaces:
Serializable
,javax.servlet.Filter
,javax.servlet.FilterConfig
- Direct Known Subclasses:
AccountAuthMethod
,AuditAuthMethod
,GroupAuthMethod
,SecurityDomainAuthMethod
,SelfTestAuthMethod
,UserAuthMethod
public abstract class AuthMethodFilter
extends javax.servlet.http.HttpFilter
Basic Authentication Method filter for REST APIs
Subclasses can associate AuthMehtod to servlet, URLPatterns or specific endpoints. The :
The method is one of the HTTP method as defined in Java servlet request (e.g. GET, POST, etc.).
The path is the endpoint in the associated servlet where the ACL has to be applied. If there is a REST path param this can be indicated
with the sequence "{}".
Example of ACL a servlet handking token could be:
default authMethod: token.read
authMethodMap:
key= POST:token value=token.add
key= PUT:token/{} value=token.modify
key= DELETE:token/{} value=token.delete
setAuthMethod(String)
method will assign a
default AuthMehtod to use for all the associated entities (servlet or pattern). To provide a finer grained AuthMehtod it is possible to specify
a map with the method setAuthMethodMap(Map)
. The map value is the ACL to use while the key is the endpoint where
the ACL has to be applied. The key formal is:
key= - Author:
- Marco Fargetta <mfargett@redhat.com>, Endi S. Dewata
- See Also:
-
Field Summary
Fields -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionprotected void
checkAuthenticationMethod
(javax.servlet.http.HttpServletRequest request, String authMethName) void
doFilter
(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain) void
setAuthMethod
(String authMethod) void
setAuthMethodMap
(Map<String, String> authMethodMap) Methods inherited from class javax.servlet.http.HttpFilter
doFilter
Methods inherited from class javax.servlet.GenericFilter
getFilterConfig, getFilterName, getInitParameter, getInitParameterNames, getServletContext, init, init
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
Methods inherited from interface javax.servlet.Filter
destroy
-
Field Details
-
logger
public static final org.slf4j.Logger logger
-
-
Constructor Details
-
AuthMethodFilter
public AuthMethodFilter()
-
-
Method Details
-
doFilter
public void doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain) throws IOException, javax.servlet.ServletException - Specified by:
doFilter
in interfacejavax.servlet.Filter
- Overrides:
doFilter
in classjavax.servlet.http.HttpFilter
- Throws:
IOException
javax.servlet.ServletException
-
checkAuthenticationMethod
protected void checkAuthenticationMethod(javax.servlet.http.HttpServletRequest request, String authMethName) throws ForbiddenException - Throws:
ForbiddenException
-
setAuthMethod
-
setAuthMethodMap
-