AjaxSecurityFilter (stumps 1.0-SNAPSHOT API)

java.lang.Object
- org.springframework.web.filter.GenericFilterBean
- - org.springframework.web.filter.OncePerRequestFilter
  - - com.neurosys.amorphous.security.filter.AjaxSecurityFilter

All Implemented Interfaces:

javax.servlet.Filter, org.springframework.beans.factory.Aware, org.springframework.beans.factory.BeanNameAware, org.springframework.beans.factory.DisposableBean, org.springframework.beans.factory.InitializingBean, org.springframework.context.EnvironmentAware, org.springframework.web.context.ServletContextAware

Direct Known Subclasses:

AjaxSiteSessionSecurityFilter
```
public abstract class AjaxSecurityFilter
extends org.springframework.web.filter.OncePerRequestFilter
```
Designed with Ajax requests in mind of generic nature to the framework.

Author:

Arjun Dhar

Field Summary
- Fields inherited from class org.springframework.web.filter.OncePerRequestFilter
  ALREADY_FILTERED_SUFFIX
- Fields inherited from class org.springframework.web.filter.GenericFilterBean
  logger

Constructor Summary

Constructors
Constructor and Description

AjaxSecurityFilter()

Constructors
Constructor and Description
`AjaxSecurityFilter()`

Method Summary

All Methods Instance Methods Abstract Methods Concrete Methods
Modifier and Type	Method and Description
`protected void`	`doFilterInternal(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, javax.servlet.FilterChain filterChain)`
`protected abstract Principal`	`getPrincipal(javax.servlet.http.HttpServletRequest request)` There can be many methods, session, cookie etc..
`protected boolean`	`isAjaxRequest(javax.servlet.http.HttpServletRequest request)`
`protected abstract boolean`	`isRequestValid(javax.servlet.http.HttpServletRequest request)` Check if the request is valid based on the user logged in, or authentication/authorized to use this service.
`void`	`setAjaxRequestTokens(String ajaxRequestTokens)` Allow us to configure the filter to test HTTP Headers for specific type of requests marked for Ajax, The filter does not assume to be a broker in the Authentication process itself, it simply checks if the user is an authenticated user according to the system and in accordance to the request.
`void`	`setLoginPageRedirectUrl(String loginPageRedirectUrl)` If supplied, it will redirect on failure to the provided Authorization page.
`void`	`setRejectIfNotAjax(boolean rejectIfNotAjax)` Will check header for types of ajaxRequestTokens; if it does not match and this is set to true, then the request will be rejected `rejectIfNotAjax true`

Methods inherited from class org.springframework.web.filter.OncePerRequestFilter
doFilter, getAlreadyFilteredAttributeName, isAsyncDispatch, isAsyncStarted, shouldNotFilter, shouldNotFilterAsyncDispatch, shouldNotFilterErrorDispatch

Methods inherited from class org.springframework.web.filter.GenericFilterBean
addRequiredProperty, afterPropertiesSet, destroy, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - AjaxSecurityFilter
```
public AjaxSecurityFilter()
```
- Method Detail
  - setAjaxRequestTokens
```
public void setAjaxRequestTokens(String ajaxRequestTokens)
```
    Allow us to configure the filter to test HTTP Headers for specific type of requests marked for Ajax,
    The filter does not assume to be a broker in the Authentication process itself,
    it simply checks if the user is an authenticated user according to the system and in accordance to the request.
    
    Configures the name/value pair of tokens that can be applied to the request header to indicate the the current request is an ajax request. These are applied to the init-params of the filter configuration in the web.xml file, and have the following form: ajaxRequestTokens X-Requested-With=XMLHttpRequest,DwrRequest=AJAX This configuration tests the request for 2 header names: 'X-Requested-With' and 'DwrRequest'. If either header name exists and contains the corresponding value, this request is determined to be an ajax request.
    
    Parameters:
    
    ajaxRequestTokens - a string containing name/value pairs separated by commas. Each pair is of the form: "name=value".
  - setRejectIfNotAjax
```
public void setRejectIfNotAjax(boolean rejectIfNotAjax)
```
    Will check header for types of ajaxRequestTokens; if it does not match and this is set to true, then the request will be rejected rejectIfNotAjax true
    
    Parameters:
    
    rejectIfNotAjax - @default false
  - setLoginPageRedirectUrl
```
public void setLoginPageRedirectUrl(String loginPageRedirectUrl)
```
    If supplied, it will redirect on failure to the provided Authorization page. The location is the same if we were doing a HttpServletResponse.sendRedirect(String)
    The filter does not assume to be a broker in the Authentication process itself,
    it simply checks if the user is an authenticated user according to the system and in accordance to the request.
    
    Parameters:
    
    loginPageRedirectUrl - @default null @nullable true
  - doFilterInternal
```
protected void doFilterInternal(javax.servlet.http.HttpServletRequest request,
                                javax.servlet.http.HttpServletResponse response,
                                javax.servlet.FilterChain filterChain)
                         throws javax.servlet.ServletException,
                                IOException
```
    Specified by:
    
    doFilterInternal in class org.springframework.web.filter.OncePerRequestFilter
    
    Throws:
    
    javax.servlet.ServletException
    
    IOException
  - isRequestValid
```
protected abstract boolean isRequestValid(javax.servlet.http.HttpServletRequest request)
                                   throws org.springframework.security.access.AuthorizationServiceException
```
    Check if the request is valid based on the user logged in, or authentication/authorized to use this service.
    How the validity is defined is based on the implementation class. It maybe session related or service token dependent.
    
    Returns:
    
    Throws:
    
    org.springframework.security.access.AuthorizationServiceException
  - getPrincipal
```
protected abstract Principal getPrincipal(javax.servlet.http.HttpServletRequest request)
```
    There can be many methods, session, cookie etc.. ways to determine the principal. Determine the principal (user)
    
    Parameters:
    
    request -
    
    Returns:
    
    @nullable true
  - isAjaxRequest
```
protected boolean isAjaxRequest(javax.servlet.http.HttpServletRequest request)
```
    Parameters:
    
    request - the request object
    
    Returns:
    
    true if this request is an ajax request. This is determined by a configured name/value pair that is applied to the request header

Class AjaxSecurityFilter

Field Summary

Fields inherited from class org.springframework.web.filter.OncePerRequestFilter

Fields inherited from class org.springframework.web.filter.GenericFilterBean

Constructor Summary

Method Summary

Methods inherited from class org.springframework.web.filter.OncePerRequestFilter

Methods inherited from class org.springframework.web.filter.GenericFilterBean

Methods inherited from class java.lang.Object

Constructor Detail

AjaxSecurityFilter

Method Detail

setAjaxRequestTokens

setRejectIfNotAjax

setLoginPageRedirectUrl

doFilterInternal

isRequestValid

getPrincipal

isAjaxRequest