Class X509AuthenticationFilter

  • All Implemented Interfaces:
    javax.servlet.Filter, org.apache.shiro.util.Nameable, org.apache.shiro.web.filter.PathConfigProcessor

    public class X509AuthenticationFilter
    extends org.apache.shiro.web.filter.authc.AuthenticatingFilter
    Based on work: Copyright Paul Merlin 2011 (Apache Licence v2.0) This implementation enable authentication by header if no certificate found in the request attribute and the useHeader parameter is true The checked header is "X-SSL-CLIENT-CERT" and the value must be a valid public certificate as pem formatted string To enable this filter, replace in shiro.ini the key x509 to be equal to the current filter as follow. x509 = fr.gouv.vitam.common.auth.web.filter.X509AuthenticationFilter To enable use if header check in shiro.ini add the following x509.useHeader = true Be careful, passing a header certificate is not fully secure (Possible injection during the routing). We recommend the use of request attribute instead of header.
    • Field Summary

      • Fields inherited from class org.apache.shiro.web.filter.authc.AuthenticatingFilter

        PERMISSIVE
      • Fields inherited from class org.apache.shiro.web.filter.authc.AuthenticationFilter

        DEFAULT_SUCCESS_URL
      • Fields inherited from class org.apache.shiro.web.filter.AccessControlFilter

        DEFAULT_LOGIN_URL, GET_METHOD, POST_METHOD
      • Fields inherited from class org.apache.shiro.web.filter.PathMatchingFilter

        appliedPaths, pathMatcher
      • Fields inherited from class org.apache.shiro.web.servlet.OncePerRequestFilter

        ALREADY_FILTERED_SUFFIX
      • Fields inherited from class org.apache.shiro.web.servlet.AbstractFilter

        filterConfig
    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      protected org.apache.shiro.authc.AuthenticationToken createToken​(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response)  
      protected boolean onAccessDenied​(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response)  
      protected boolean onLoginSuccess​(org.apache.shiro.authc.AuthenticationToken token, org.apache.shiro.subject.Subject subject, javax.servlet.ServletRequest request, javax.servlet.ServletResponse response)  
      void setUseHeader​(boolean useHeader)  
      • Methods inherited from class org.apache.shiro.web.filter.authc.AuthenticatingFilter

        cleanup, createToken, createToken, executeLogin, getHost, isAccessAllowed, isPermissive, isRememberMe, onLoginFailure
      • Methods inherited from class org.apache.shiro.web.filter.authc.AuthenticationFilter

        getSuccessUrl, issueSuccessRedirect, setSuccessUrl
      • Methods inherited from class org.apache.shiro.web.filter.AccessControlFilter

        getLoginUrl, getSubject, isLoginRequest, onAccessDenied, onPreHandle, redirectToLogin, saveRequest, saveRequestAndRedirectToLogin, setLoginUrl
      • Methods inherited from class org.apache.shiro.web.filter.PathMatchingFilter

        getPathWithinApplication, isEnabled, pathsMatch, pathsMatch, preHandle, processPathConfig
      • Methods inherited from class org.apache.shiro.web.servlet.AdviceFilter

        afterCompletion, doFilterInternal, executeChain, postHandle
      • Methods inherited from class org.apache.shiro.web.servlet.OncePerRequestFilter

        doFilter, getAlreadyFilteredAttributeName, isEnabled, isEnabled, isFilterOncePerRequest, setEnabled, setFilterOncePerRequest, shouldNotFilter
      • Methods inherited from class org.apache.shiro.web.servlet.NameableFilter

        getName, setName, toStringBuilder
      • Methods inherited from class org.apache.shiro.web.servlet.AbstractFilter

        destroy, getFilterConfig, getInitParam, init, onFilterConfigSet, setFilterConfig
      • Methods inherited from class org.apache.shiro.web.servlet.ServletContextSupport

        getContextAttribute, getContextInitParam, getServletContext, removeContextAttribute, setContextAttribute, setServletContext, toString
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
    • Constructor Detail

      • X509AuthenticationFilter

        public X509AuthenticationFilter()
    • Method Detail

      • setUseHeader

        public void setUseHeader​(boolean useHeader)
      • onAccessDenied

        protected boolean onAccessDenied​(javax.servlet.ServletRequest request,
                                         javax.servlet.ServletResponse response)
                                  throws java.lang.Exception
        Specified by:
        onAccessDenied in class org.apache.shiro.web.filter.AccessControlFilter
        Throws:
        java.lang.Exception
      • onLoginSuccess

        protected boolean onLoginSuccess​(org.apache.shiro.authc.AuthenticationToken token,
                                         org.apache.shiro.subject.Subject subject,
                                         javax.servlet.ServletRequest request,
                                         javax.servlet.ServletResponse response)
                                  throws java.lang.Exception
        Overrides:
        onLoginSuccess in class org.apache.shiro.web.filter.authc.AuthenticatingFilter
        Throws:
        java.lang.Exception
      • createToken

        protected org.apache.shiro.authc.AuthenticationToken createToken​(javax.servlet.ServletRequest request,
                                                                         javax.servlet.ServletResponse response)
        Specified by:
        createToken in class org.apache.shiro.web.filter.authc.AuthenticatingFilter