com.neurosys.amorphous.security.filter

Class KeyBasedSecurityFilter

java.lang.Object

org.springframework.web.filter.GenericFilterBean

org.springframework.web.filter.OncePerRequestFilter

com.neurosys.amorphous.security.filter.KeyBasedSecurityFilter

All Implemented Interfaces:

javax.servlet.Filter, org.springframework.beans.factory.Aware, org.springframework.beans.factory.BeanNameAware, org.springframework.beans.factory.DisposableBean, org.springframework.beans.factory.InitializingBean, org.springframework.context.EnvironmentAware, org.springframework.web.context.ServletContextAware

public class KeyBasedSecurityFilter
extends org.springframework.web.filter.OncePerRequestFilter

For a given value of nameOfIdentifier match if the provided value of nameOfKey matches. Executes a configured Transformer that returns a hashed key. The filter then compared the 2 hashed keys and determines to allow the request to go through or not.

Error Flows:
If the transformer throws a ValidationException, then it is redirected to a validation page (if defined) else goes to access denied page.
If the transformer throws a ContinueProcessingException then it will skip/bypass any check needed.
If the request is denied (any other eException is thrown), then the response is a redirect to a configured access denied page.

Author:

Arjun Dhar

Field Summary

Fields inherited from class org.springframework.web.filter.OncePerRequestFilter

ALREADY_FILTERED_SUFFIX

Fields inherited from class org.springframework.web.filter.GenericFilterBean

logger

Constructor Summary

Constructors

Constructor and Description
KeyBasedSecurityFilter()

Method Summary

Modifier and Type	Method and Description
protected void	doFilterInternal(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, javax.servlet.FilterChain filterChain)
String	getEncoding()
String	getNameOfIdentifier() Name of the parameter is is the identifier
String	getNameOfKey() Name of the parameter that is the key
String	getTransformerBeanName() Bean name of the Spring instantiated Transformer transformer.
String	getUnauthorizedRedirectUrl() Absolute path for redirected url with nameOfIdentifier appended to it.
String	getValidationRedirectUrl() Absolute path for redirected url with nameOfIdentifier and validaton exception cause appended to it.
void	initFilterBean()
void	setEncoding(String encoding)
void	setNameOfIdentifier(String nameOfIdentifier) Name of the parameter is is the identifier
void	setNameOfKey(String nameOfKey) Name of the parameter that is the key
void	setTransformerBeanName(String transformerBeanName) Bean name of the Spring instantiated Transformer transformer.
void	setUnauthorizedRedirectUrl(String unauthorizedRedirectUrl) Absolute path for redirected url with nameOfIdentifier appended to it.
void	setValidationRedirectUrl(String validationRedirectUrl) Absolute path for redirected url with nameOfIdentifier and validaton exception cause appended to it.
protected void	unauthorizedError(javax.servlet.http.HttpServletResponse response, String id, int httpResponseCode)
protected void	validationError(javax.servlet.http.HttpServletResponse response, String id, int httpResponseCode, Exception e)

Methods inherited from class org.springframework.web.filter.OncePerRequestFilter

doFilter, getAlreadyFilteredAttributeName, isAsyncDispatch, isAsyncStarted, shouldNotFilter, shouldNotFilterAsyncDispatch, shouldNotFilterErrorDispatch

Methods inherited from class org.springframework.web.filter.GenericFilterBean

addRequiredProperty, afterPropertiesSet, destroy, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, setBeanName, setEnvironment, setServletContext

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

KeyBasedSecurityFilter

public KeyBasedSecurityFilter()

Method Detail

initFilterBean

public void initFilterBean()

Overrides:

initFilterBean in class org.springframework.web.filter.GenericFilterBean

doFilterInternal

protected void doFilterInternal(javax.servlet.http.HttpServletRequest request,
                                javax.servlet.http.HttpServletResponse response,
                                javax.servlet.FilterChain filterChain)
                         throws javax.servlet.ServletException,
                                IOException

Specified by:

doFilterInternal in class org.springframework.web.filter.OncePerRequestFilter

Throws:

javax.servlet.ServletException

IOException

unauthorizedError

protected void unauthorizedError(javax.servlet.http.HttpServletResponse response,
                                 String id,
                                 int httpResponseCode)
                          throws IOException

Throws:

IOException

validationError

protected void validationError(javax.servlet.http.HttpServletResponse response,
                               String id,
                               int httpResponseCode,
                               Exception e)
                        throws IOException

Throws:

IOException

getNameOfKey

public String getNameOfKey()

Name of the parameter that is the key

setNameOfKey

public void setNameOfKey(String nameOfKey)

Name of the parameter that is the key

getNameOfIdentifier

public String getNameOfIdentifier()

Name of the parameter is is the identifier

setNameOfIdentifier

public void setNameOfIdentifier(String nameOfIdentifier)

Name of the parameter is is the identifier

getTransformerBeanName

public String getTransformerBeanName()

Bean name of the Spring instantiated Transformer transformer.

See Also:

transformer

setTransformerBeanName

public void setTransformerBeanName(String transformerBeanName)

Bean name of the Spring instantiated Transformer transformer.

See Also:

transformer

getUnauthorizedRedirectUrl

public String getUnauthorizedRedirectUrl()

Absolute path for redirected url with nameOfIdentifier appended to it.
If not provided by default will return an HttpServletResponse.SC_UNAUTHORIZED

setUnauthorizedRedirectUrl

public void setUnauthorizedRedirectUrl(String unauthorizedRedirectUrl)

Absolute path for redirected url with nameOfIdentifier appended to it.
If not provided by default will return an HttpServletResponse.SC_UNAUTHORIZED

getValidationRedirectUrl

public String getValidationRedirectUrl()

Absolute path for redirected url with nameOfIdentifier and validaton exception cause appended to it.
If not provided by default will use unauthorizedRedirectUrl

setValidationRedirectUrl

public void setValidationRedirectUrl(String validationRedirectUrl)

Absolute path for redirected url with nameOfIdentifier and validaton exception cause appended to it.
If not provided by default will use unauthorizedRedirectUrl

getEncoding

public String getEncoding()

Default value:

UTF-8

setEncoding

public void setEncoding(String encoding)

Default value:

UTF-8