Class RequestAttributeAuthenticationFilter
- java.lang.Object
-
- org.springframework.web.filter.GenericFilterBean
-
- org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter
-
- org.springframework.security.web.authentication.preauth.RequestAttributeAuthenticationFilter
-
- All Implemented Interfaces:
javax.servlet.Filter
,org.springframework.beans.factory.Aware
,org.springframework.beans.factory.BeanNameAware
,org.springframework.beans.factory.DisposableBean
,org.springframework.beans.factory.InitializingBean
,org.springframework.context.ApplicationEventPublisherAware
,org.springframework.context.EnvironmentAware
,org.springframework.core.env.EnvironmentCapable
,org.springframework.web.context.ServletContextAware
public class RequestAttributeAuthenticationFilter extends AbstractPreAuthenticatedProcessingFilter
A simple pre-authenticated filter which obtains the username from request attributes, for use with SSO systems such as Stanford WebAuth or Shibboleth.As with most pre-authenticated scenarios, it is essential that the external authentication system is set up correctly as this filter does no authentication whatsoever.
The property
principalEnvironmentVariable
is the name of the request attribute that contains the username. It defaults to "REMOTE_USER" for compatibility with WebAuth and Shibboleth.If the environment variable is missing from the request,
getPreAuthenticatedPrincipal
will throw an exception. You can override this behaviour by setting theexceptionIfVariableMissing
property.- Since:
- 4.2
-
-
Constructor Summary
Constructors Constructor Description RequestAttributeAuthenticationFilter()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected java.lang.Object
getPreAuthenticatedCredentials(javax.servlet.http.HttpServletRequest request)
Credentials aren't usually applicable, but if acredentialsEnvironmentVariable
is set, this will be read and used as the credentials value.protected java.lang.Object
getPreAuthenticatedPrincipal(javax.servlet.http.HttpServletRequest request)
Read and returns the variable named byprincipalEnvironmentVariable
from the request.void
setCredentialsEnvironmentVariable(java.lang.String credentialsEnvironmentVariable)
void
setExceptionIfVariableMissing(boolean exceptionIfVariableMissing)
Defines whether an exception should be raised if the principal variable is missing.void
setPrincipalEnvironmentVariable(java.lang.String principalEnvironmentVariable)
-
Methods inherited from class org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter
afterPropertiesSet, doFilter, getAuthenticationDetailsSource, principalChanged, setApplicationEventPublisher, setAuthenticationDetailsSource, setAuthenticationFailureHandler, setAuthenticationManager, setAuthenticationSuccessHandler, setCheckForPrincipalChanges, setContinueFilterChainOnUnsuccessfulAuthentication, setInvalidateSessionOnPrincipalChange, setRequiresAuthenticationRequestMatcher, successfulAuthentication, unsuccessfulAuthentication
-
-
-
-
Method Detail
-
getPreAuthenticatedPrincipal
protected java.lang.Object getPreAuthenticatedPrincipal(javax.servlet.http.HttpServletRequest request)
Read and returns the variable named byprincipalEnvironmentVariable
from the request.- Specified by:
getPreAuthenticatedPrincipal
in classAbstractPreAuthenticatedProcessingFilter
- Throws:
PreAuthenticatedCredentialsNotFoundException
- if the environment variable is missing andexceptionIfVariableMissing
is set totrue
.
-
getPreAuthenticatedCredentials
protected java.lang.Object getPreAuthenticatedCredentials(javax.servlet.http.HttpServletRequest request)
Credentials aren't usually applicable, but if acredentialsEnvironmentVariable
is set, this will be read and used as the credentials value. Otherwise a dummy value will be used.- Specified by:
getPreAuthenticatedCredentials
in classAbstractPreAuthenticatedProcessingFilter
-
setPrincipalEnvironmentVariable
public void setPrincipalEnvironmentVariable(java.lang.String principalEnvironmentVariable)
-
setCredentialsEnvironmentVariable
public void setCredentialsEnvironmentVariable(java.lang.String credentialsEnvironmentVariable)
-
setExceptionIfVariableMissing
public void setExceptionIfVariableMissing(boolean exceptionIfVariableMissing)
Defines whether an exception should be raised if the principal variable is missing. Defaults totrue
.- Parameters:
exceptionIfVariableMissing
- set tofalse
to override the default behaviour and allow the request to proceed if no variable is found.
-
-