Package fr.gouv.vitam.common.auth.web.filter

Class X509AuthenticationFilter

java.lang.Object
org.apache.shiro.web.servlet.ServletContextSupport
org.apache.shiro.web.servlet.AbstractFilter
org.apache.shiro.web.servlet.NameableFilter
org.apache.shiro.web.servlet.OncePerRequestFilter
org.apache.shiro.web.servlet.AdviceFilter
org.apache.shiro.web.filter.PathMatchingFilter
org.apache.shiro.web.filter.AccessControlFilter
org.apache.shiro.web.filter.authc.AuthenticationFilter
org.apache.shiro.web.filter.authc.AuthenticatingFilter
fr.gouv.vitam.common.auth.web.filter.X509AuthenticationFilter
All Implemented Interfaces:
javax.servlet.Filter, org.apache.shiro.util.Nameable, org.apache.shiro.web.filter.PathConfigProcessor
public class X509AuthenticationFilter extends org.apache.shiro.web.filter.authc.AuthenticatingFilter
Based on work: Copyright Paul Merlin 2011 (Apache Licence v2.0) This implementation enable authentication by header if no certificate found in the request attribute and the useHeader parameter is true The checked header is "X-SSL-CLIENT-CERT" and the value must be a valid public certificate as pem formatted string To enable this filter, replace in shiro.ini the key x509 to be equal to the current filter as follow. x509 = fr.gouv.vitam.common.auth.web.filter.X509AuthenticationFilter To enable use if header check in shiro.ini add the following x509.useHeader = true Be careful, passing a header certificate is not fully secure (Possible injection during the routing). We recommend the use of request attribute instead of header.

  • Field Summary

    Fields inherited from class org.apache.shiro.web.filter.authc.AuthenticatingFilter

    PERMISSIVE

    Fields inherited from class org.apache.shiro.web.filter.authc.AuthenticationFilter

    DEFAULT_SUCCESS_URL

    Fields inherited from class org.apache.shiro.web.filter.AccessControlFilter

    DEFAULT_LOGIN_URL, GET_METHOD, POST_METHOD

    Fields inherited from class org.apache.shiro.web.filter.PathMatchingFilter

    appliedPaths, pathMatcher

    Fields inherited from class org.apache.shiro.web.servlet.OncePerRequestFilter

    ALREADY_FILTERED_SUFFIX

    Fields inherited from class org.apache.shiro.web.servlet.AbstractFilter

    filterConfig

  • Constructor Summary

    Constructors
    Constructor
    Description
    X509AuthenticationFilter()
     

  • Method Summary

    Modifier and Type
    Method
    Description
    protected org.apache.shiro.authc.AuthenticationToken
    createToken(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response)
     
    protected boolean
    onAccessDenied(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response)
     
    protected boolean
    onLoginSuccess(org.apache.shiro.authc.AuthenticationToken token, org.apache.shiro.subject.Subject subject, javax.servlet.ServletRequest request, javax.servlet.ServletResponse response)
     
    void
    setUseHeader(boolean useHeader)
     

    Methods inherited from class org.apache.shiro.web.filter.authc.AuthenticatingFilter

    cleanup, createToken, createToken, executeLogin, getHost, isAccessAllowed, isPermissive, isRememberMe, onLoginFailure

    Methods inherited from class org.apache.shiro.web.filter.authc.AuthenticationFilter

    getSuccessUrl, issueSuccessRedirect, setSuccessUrl

    Methods inherited from class org.apache.shiro.web.filter.AccessControlFilter

    getLoginUrl, getSubject, isLoginRequest, onAccessDenied, onPreHandle, redirectToLogin, saveRequest, saveRequestAndRedirectToLogin, setLoginUrl

    Methods inherited from class org.apache.shiro.web.filter.PathMatchingFilter

    getPathWithinApplication, isEnabled, pathsMatch, pathsMatch, preHandle, processPathConfig

    Methods inherited from class org.apache.shiro.web.servlet.AdviceFilter

    afterCompletion, doFilterInternal, executeChain, postHandle

    Methods inherited from class org.apache.shiro.web.servlet.OncePerRequestFilter

    doFilter, getAlreadyFilteredAttributeName, isEnabled, isEnabled, isFilterOncePerRequest, setEnabled, setFilterOncePerRequest, shouldNotFilter

    Methods inherited from class org.apache.shiro.web.servlet.NameableFilter

    getName, setName, toStringBuilder

    Methods inherited from class org.apache.shiro.web.servlet.AbstractFilter

    destroy, getFilterConfig, getInitParam, init, onFilterConfigSet, setFilterConfig

    Methods inherited from class org.apache.shiro.web.servlet.ServletContextSupport

    getContextAttribute, getContextInitParam, getServletContext, removeContextAttribute, setContextAttribute, setServletContext, toString

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

  • Constructor Details

    • X509AuthenticationFilter

      public X509AuthenticationFilter()

  • Method Details

    • setUseHeader

      public void setUseHeader(boolean useHeader)

    • onAccessDenied

      protected boolean onAccessDenied(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response) throws Exception
      Specified by:
      onAccessDenied in class org.apache.shiro.web.filter.AccessControlFilter
      Throws:
      Exception

    • onLoginSuccess

      protected boolean onLoginSuccess(org.apache.shiro.authc.AuthenticationToken token, org.apache.shiro.subject.Subject subject, javax.servlet.ServletRequest request, javax.servlet.ServletResponse response) throws Exception
      Overrides:
      onLoginSuccess in class org.apache.shiro.web.filter.authc.AuthenticatingFilter
      Throws:
      Exception

    • createToken

      protected org.apache.shiro.authc.AuthenticationToken createToken(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response)
      Specified by:
      createToken in class org.apache.shiro.web.filter.authc.AuthenticatingFilter