Class X509AuthenticationFilter
- java.lang.Object
-
- org.apache.shiro.web.servlet.ServletContextSupport
-
- org.apache.shiro.web.servlet.AbstractFilter
-
- org.apache.shiro.web.servlet.NameableFilter
-
- org.apache.shiro.web.servlet.OncePerRequestFilter
-
- org.apache.shiro.web.servlet.AdviceFilter
-
- org.apache.shiro.web.filter.PathMatchingFilter
-
- org.apache.shiro.web.filter.AccessControlFilter
-
- org.apache.shiro.web.filter.authc.AuthenticationFilter
-
- org.apache.shiro.web.filter.authc.AuthenticatingFilter
-
- fr.gouv.vitam.common.auth.web.filter.X509AuthenticationFilter
-
- All Implemented Interfaces:
javax.servlet.Filter
,org.apache.shiro.util.Nameable
,org.apache.shiro.web.filter.PathConfigProcessor
public class X509AuthenticationFilter extends org.apache.shiro.web.filter.authc.AuthenticatingFilter
Based on work: Copyright Paul Merlin 2011 (Apache Licence v2.0) This implementation enable authentication by header if no certificate found in the request attribute and the useHeader parameter is true The checked header is "X-SSL-CLIENT-CERT" and the value must be a valid public certificate as pem formatted string To enable this filter, replace in shiro.ini the key x509 to be equal to the current filter as follow. x509 = fr.gouv.vitam.common.auth.web.filter.X509AuthenticationFilter To enable use if header check in shiro.ini add the following x509.useHeader = true Be careful, passing a header certificate is not fully secure (Possible injection during the routing). We recommend the use of request attribute instead of header.
-
-
Field Summary
-
Fields inherited from class org.apache.shiro.web.filter.authc.AuthenticationFilter
DEFAULT_SUCCESS_URL
-
Fields inherited from class org.apache.shiro.web.filter.AccessControlFilter
DEFAULT_LOGIN_URL, GET_METHOD, POST_METHOD
-
Fields inherited from class org.apache.shiro.web.filter.PathMatchingFilter
appliedPaths, pathMatcher
-
-
Constructor Summary
Constructors Constructor Description X509AuthenticationFilter()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected org.apache.shiro.authc.AuthenticationToken
createToken(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response)
protected boolean
onAccessDenied(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response)
protected boolean
onLoginSuccess(org.apache.shiro.authc.AuthenticationToken token, org.apache.shiro.subject.Subject subject, javax.servlet.ServletRequest request, javax.servlet.ServletResponse response)
void
setUseHeader(boolean useHeader)
-
Methods inherited from class org.apache.shiro.web.filter.authc.AuthenticatingFilter
cleanup, createToken, createToken, executeLogin, getHost, isAccessAllowed, isPermissive, isRememberMe, onLoginFailure
-
Methods inherited from class org.apache.shiro.web.filter.authc.AuthenticationFilter
getSuccessUrl, issueSuccessRedirect, setSuccessUrl
-
Methods inherited from class org.apache.shiro.web.filter.AccessControlFilter
getLoginUrl, getSubject, isLoginRequest, onAccessDenied, onPreHandle, redirectToLogin, saveRequest, saveRequestAndRedirectToLogin, setLoginUrl
-
Methods inherited from class org.apache.shiro.web.filter.PathMatchingFilter
getPathWithinApplication, isEnabled, pathsMatch, pathsMatch, preHandle, processPathConfig
-
Methods inherited from class org.apache.shiro.web.servlet.AdviceFilter
afterCompletion, doFilterInternal, executeChain, postHandle
-
Methods inherited from class org.apache.shiro.web.servlet.OncePerRequestFilter
doFilter, getAlreadyFilteredAttributeName, isEnabled, isEnabled, isFilterOncePerRequest, setEnabled, setFilterOncePerRequest, shouldNotFilter
-
Methods inherited from class org.apache.shiro.web.servlet.NameableFilter
getName, setName, toStringBuilder
-
Methods inherited from class org.apache.shiro.web.servlet.AbstractFilter
destroy, getFilterConfig, getInitParam, init, onFilterConfigSet, setFilterConfig
-
-
-
-
Method Detail
-
setUseHeader
public void setUseHeader(boolean useHeader)
-
onAccessDenied
protected boolean onAccessDenied(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response) throws java.lang.Exception
- Specified by:
onAccessDenied
in classorg.apache.shiro.web.filter.AccessControlFilter
- Throws:
java.lang.Exception
-
onLoginSuccess
protected boolean onLoginSuccess(org.apache.shiro.authc.AuthenticationToken token, org.apache.shiro.subject.Subject subject, javax.servlet.ServletRequest request, javax.servlet.ServletResponse response) throws java.lang.Exception
- Overrides:
onLoginSuccess
in classorg.apache.shiro.web.filter.authc.AuthenticatingFilter
- Throws:
java.lang.Exception
-
createToken
protected org.apache.shiro.authc.AuthenticationToken createToken(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response)
- Specified by:
createToken
in classorg.apache.shiro.web.filter.authc.AuthenticatingFilter
-
-