Package com.devonfw.module.security.common.impl.rest

Class JsonUsernamePasswordAuthenticationFilter

  • All Implemented Interfaces:
    javax.servlet.Filter, org.springframework.beans.factory.Aware, org.springframework.beans.factory.BeanNameAware, org.springframework.beans.factory.DisposableBean, org.springframework.beans.factory.InitializingBean, org.springframework.context.ApplicationEventPublisherAware, org.springframework.context.EnvironmentAware, org.springframework.context.MessageSourceAware, org.springframework.core.env.EnvironmentCapable, org.springframework.web.context.ServletContextAware
    public class JsonUsernamePasswordAuthenticationFilter
extends org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

    Processes authentication where credentials are sent as a JSON object.

    The JSON object must contain two properties: a username and a password. The default properties' names to use are contained in the static fields UsernamePasswordAuthenticationFilter.SPRING_SECURITY_FORM_USERNAME_KEY and UsernamePasswordAuthenticationFilter.SPRING_SECURITY_FORM_PASSWORD_KEY. The JSON object properties' names can also be changed by setting the usernameParameter and passwordParameter properties. Assuming the default properties' names were not changed, if the credentials user/pass are to be sent, the following JSON object is expected: 

     
     {
        "j_username": "user",
        "j_password": "pass",
    }

    The URL this filter responds to is passed as a constructor parameter.

    This authentication filter is intended for One Page Applications which handle a login page/dialog/pop-up on their own. This filter combined with:

    makes the login/logout API fully RESTful.

    • Field Summary

      Fields 
      Modifier and Type Field Description
      private com.fasterxml.jackson.databind.ObjectMapper objectMapper  
      private String passwordParameter  
      private boolean postOnly  
      private String usernameParameter  

      • Fields inherited from class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

        authenticationDetailsSource, eventPublisher, messages

      • Fields inherited from class org.springframework.web.filter.GenericFilterBean

        logger

    • Constructor Summary

      Constructors 
      Constructor Description
      JsonUsernamePasswordAuthenticationFilter​(org.springframework.security.web.util.matcher.RequestMatcher requiresAuthenticationRequestMatcher)
      The constructor.

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      org.springframework.security.core.Authentication attemptAuthentication​(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)  
      String getPasswordParameter()  
      String getUsernameParameter()  
      boolean isPostOnly()  
      void setPasswordParameter​(String passwordParameter)  
      void setPostOnly​(boolean postOnly)  
      void setUsernameParameter​(String usernameParameter)  

      • Methods inherited from class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

        afterPropertiesSet, doFilter, getAllowSessionCreation, getAuthenticationManager, getFailureHandler, getRememberMeServices, getSuccessHandler, requiresAuthentication, setAllowSessionCreation, setApplicationEventPublisher, setAuthenticationDetailsSource, setAuthenticationFailureHandler, setAuthenticationManager, setAuthenticationSuccessHandler, setContinueChainBeforeSuccessfulAuthentication, setFilterProcessesUrl, setMessageSource, setRememberMeServices, setRequiresAuthenticationRequestMatcher, setSessionAuthenticationStrategy, successfulAuthentication, unsuccessfulAuthentication

      • Methods inherited from class org.springframework.web.filter.GenericFilterBean

        addRequiredProperty, createEnvironment, destroy, getEnvironment, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext

    • Field Detail

      • usernameParameter

        private String usernameParameter

      • passwordParameter

        private String passwordParameter

      • postOnly

        private boolean postOnly

      • objectMapper

        private com.fasterxml.jackson.databind.ObjectMapper objectMapper

    • Constructor Detail

      • JsonUsernamePasswordAuthenticationFilter

        public JsonUsernamePasswordAuthenticationFilter​(org.springframework.security.web.util.matcher.RequestMatcher requiresAuthenticationRequestMatcher)
        The constructor.
        Parameters:
        requiresAuthenticationRequestMatcher - the RequestMatcher used to determine if authentication is required. Cannot be null.

    • Method Detail

      • attemptAuthentication

        public org.springframework.security.core.Authentication attemptAuthentication​(javax.servlet.http.HttpServletRequest request,
                                                                              javax.servlet.http.HttpServletResponse response)
                                                                       throws org.springframework.security.core.AuthenticationException,
                                                                              IOException,
                                                                              javax.servlet.ServletException
        Specified by:
        attemptAuthentication in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
        Throws:
        org.springframework.security.core.AuthenticationException
        IOException
        javax.servlet.ServletException

      • getUsernameParameter

        public String getUsernameParameter()
        Returns:
        Value of usernameParameter

      • setUsernameParameter

        public void setUsernameParameter​(String usernameParameter)
        Parameters:
        usernameParameter - new value for usernameParameter

      • getPasswordParameter

        public String getPasswordParameter()
        Returns:
        Value of passwordParameter

      • setPasswordParameter

        public void setPasswordParameter​(String passwordParameter)
        Parameters:
        passwordParameter - new value for passwordParameter

      • isPostOnly

        public boolean isPostOnly()
        Returns:
        value of postOnly

      • setPostOnly

        public void setPostOnly​(boolean postOnly)
        Parameters:
        postOnly - new value for postOnly