Class RequestSecurityFilter
- java.lang.Object
-
- org.springframework.web.filter.GenericFilterBean
-
- org.craftercms.security.servlet.filters.RequestSecurityFilter
-
- All Implemented Interfaces:
javax.servlet.Filter
,SecurityEnabledAware
,org.springframework.beans.factory.Aware
,org.springframework.beans.factory.BeanNameAware
,org.springframework.beans.factory.DisposableBean
,org.springframework.beans.factory.InitializingBean
,org.springframework.context.EnvironmentAware
,org.springframework.core.env.EnvironmentCapable
,org.springframework.web.context.ServletContextAware
public class RequestSecurityFilter extends org.springframework.web.filter.GenericFilterBean implements SecurityEnabledAware
Filter for running security. Uses a list ofRequestSecurityProcessor
. The last processor should basically call the filter chain.- Author:
- Alfonso Vásquez
-
-
Field Summary
Fields Modifier and Type Field Description protected org.springframework.util.PathMatcher
pathMatcher
protected boolean
securityEnabled
protected List<RequestSecurityProcessor>
securityProcessors
protected String[]
urlsToExclude
protected String[]
urlsToInclude
-
Constructor Summary
Constructors Constructor Description RequestSecurityFilter()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected org.craftercms.commons.http.RequestContext
createRequestContext(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
Returns a newRequestContext
, using the specifiedHttpServletRequest
andHttpServletResponse
.void
doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain)
IfsecurityEnabled
, passes the request through the chain ofRequestSecurityProcessor
s, depending if the request URL matches or not theurlsToInclude
or theurlsToExclude
.protected void
doFilterInternal(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, javax.servlet.FilterChain chain)
Passes the request through the chain ofRequestSecurityProcessor
s.protected boolean
excludeRequest(javax.servlet.http.HttpServletRequest request)
Returns trues if the request should be excluded from processing.protected RequestSecurityProcessor
getLastProcessorInChain(javax.servlet.FilterChain chain)
Returns the last processor of the chain, which should actually call theFilterChain
.protected boolean
includeRequest(javax.servlet.http.HttpServletRequest request)
Returns trues if the request should be included for processing.void
setSecurityEnabled(boolean securityEnabled)
Sets if security is enabled or disabled.void
setSecurityProcessors(List<RequestSecurityProcessor> securityProcessors)
Sets the chain ofRequestSecurityProcessor
.void
setUrlsToExclude(String... urlsToExclude)
Sets the regular expressions used to match the URLs of requests that should NOT be processed by the security chain.void
setUrlsToInclude(String... urlsToInclude)
Sets the regular expressions used to match the URLs of requests that should be processed by the security chain.
-
-
-
Field Detail
-
securityEnabled
protected boolean securityEnabled
-
securityProcessors
protected List<RequestSecurityProcessor> securityProcessors
-
urlsToInclude
protected String[] urlsToInclude
-
urlsToExclude
protected String[] urlsToExclude
-
pathMatcher
protected org.springframework.util.PathMatcher pathMatcher
-
-
Method Detail
-
setSecurityEnabled
public void setSecurityEnabled(boolean securityEnabled)
Sets if security is enabled or disabled. If disabled, the security processor chain is not run.- Specified by:
setSecurityEnabled
in interfaceSecurityEnabledAware
-
setSecurityProcessors
public void setSecurityProcessors(List<RequestSecurityProcessor> securityProcessors)
Sets the chain ofRequestSecurityProcessor
.
-
setUrlsToInclude
public void setUrlsToInclude(String... urlsToInclude)
Sets the regular expressions used to match the URLs of requests that should be processed by the security chain.
-
setUrlsToExclude
public void setUrlsToExclude(String... urlsToExclude)
Sets the regular expressions used to match the URLs of requests that should NOT be processed by the security chain.
-
doFilter
public void doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain) throws IOException, javax.servlet.ServletException
IfsecurityEnabled
, passes the request through the chain ofRequestSecurityProcessor
s, depending if the request URL matches or not theurlsToInclude
or theurlsToExclude
. The last processor of the chain calls the actual filter chain.- Specified by:
doFilter
in interfacejavax.servlet.Filter
- Parameters:
request
-response
-chain
-- Throws:
IOException
javax.servlet.ServletException
-
doFilterInternal
protected void doFilterInternal(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, javax.servlet.FilterChain chain) throws IOException, javax.servlet.ServletException
Passes the request through the chain ofRequestSecurityProcessor
s.- Parameters:
request
-response
-chain
-- Throws:
IOException
javax.servlet.ServletException
-
excludeRequest
protected boolean excludeRequest(javax.servlet.http.HttpServletRequest request)
Returns trues if the request should be excluded from processing.
-
includeRequest
protected boolean includeRequest(javax.servlet.http.HttpServletRequest request)
Returns trues if the request should be included for processing.
-
createRequestContext
protected org.craftercms.commons.http.RequestContext createRequestContext(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
Returns a newRequestContext
, using the specifiedHttpServletRequest
andHttpServletResponse
.
-
getLastProcessorInChain
protected RequestSecurityProcessor getLastProcessorInChain(javax.servlet.FilterChain chain)
Returns the last processor of the chain, which should actually call theFilterChain
.
-
-