jrun.servlet.security
Class StandardSecurityFilter
java.lang.Object
|
+--jrun.servlet.security.StandardSecurityFilter
- All Implemented Interfaces:
- SecurityFilter
- public class StandardSecurityFilter
- extends java.lang.Object
- implements SecurityFilter
This filter represents one url-pattern in a web-resource-collection
as defined in web.xml. It handles security for this url pattern at the
beginning of a request. If needed, authentication work is handed off to
*Authentication classes.
- Author:
- Brian Deitte
- See Also:
FormAuthentication,
BasicAuthentication,
ClientCertAuthentication,
DigestAuthentication
|
Method Summary |
void |
destroy()
|
void |
doFilter(javax.servlet.ServletRequest request,
javax.servlet.ServletResponse response,
javax.servlet.FilterChain chain)
Attempt to authenticate and authorize a session for the requested resource. |
java.lang.String |
getMapping()
|
void |
init(javax.servlet.FilterConfig config)
|
protected boolean |
isLoginOrErrorPage(javax.servlet.http.HttpServletRequest request)
Determines if a request is for the login or error page |
protected boolean |
methodMatches(java.util.Collection methods,
javax.servlet.http.HttpServletRequest request)
Check if the method matches the types specified. |
protected boolean |
noRoles(java.util.Collection roles,
javax.servlet.http.HttpServletResponse response)
Simply checks if any roles have been specified. |
java.lang.String |
toString()
|
protected boolean |
transportValid(java.lang.String transGuarantee,
ForwardRequest request,
JRunResponse response)
Enforce any trasport guarantee required by the security constraint
guarding this request URI. |
| Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait |
StandardSecurityFilter
public StandardSecurityFilter(java.lang.String mapping,
java.lang.String resourceName,
WebAppSecurity appSecurity)
destroy
public void destroy()
init
public void init(javax.servlet.FilterConfig config)
getMapping
public java.lang.String getMapping()
- Specified by:
getMapping in interface SecurityFilter
doFilter
public void doFilter(javax.servlet.ServletRequest request,
javax.servlet.ServletResponse response,
javax.servlet.FilterChain chain)
throws javax.servlet.ServletException,
java.io.IOException
- Attempt to authenticate and authorize a session for the requested resource.
Since each filter is mapped directly to a security contraint url pattern,
this is always a request that needs to be checked, although it will
not neccesarily be a request that is authenticated or authorized.
- Parameters:
request - The requestresponse - The response
isLoginOrErrorPage
protected boolean isLoginOrErrorPage(javax.servlet.http.HttpServletRequest request)
- Determines if a request is for the login or error page
methodMatches
protected boolean methodMatches(java.util.Collection methods,
javax.servlet.http.HttpServletRequest request)
- Check if the method matches the types specified.
transportValid
protected boolean transportValid(java.lang.String transGuarantee,
ForwardRequest request,
JRunResponse response)
throws java.io.IOException
- Enforce any trasport guarantee required by the security constraint
guarding this request URI. Return
true if this guarantee
was not violated and processing should continue, or false
if we have created a response already.
noRoles
protected boolean noRoles(java.util.Collection roles,
javax.servlet.http.HttpServletResponse response)
- Simply checks if any roles have been specified.
toString
public java.lang.String toString()
- Overrides:
toString in class java.lang.Object
Copyright � 2002 Macromedia Corporation. All Rights Reserved.