Class JaasApiIntegrationFilter
- All Implemented Interfaces:
jakarta.servlet.Filter
,org.springframework.beans.factory.Aware
,org.springframework.beans.factory.BeanNameAware
,org.springframework.beans.factory.DisposableBean
,org.springframework.beans.factory.InitializingBean
,org.springframework.context.EnvironmentAware
,org.springframework.core.env.EnvironmentCapable
,org.springframework.web.context.ServletContextAware
A Filter
which attempts to obtain a JAAS Subject
and continue
the FilterChain
running as that Subject
.
By using this Filter
in conjunction with Spring's
JaasAuthenticationProvider
both Spring's SecurityContext
and
a JAAS Subject
can be populated simultaneously. This is useful when
integrating with code that requires a JAAS Subject
to be populated.
-
Field Summary
Fields inherited from class org.springframework.web.filter.GenericFilterBean
logger
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionfinal void
doFilter
(jakarta.servlet.ServletRequest request, jakarta.servlet.ServletResponse response, jakarta.servlet.FilterChain chain) Attempts to obtain and run as a JAASSubject
usingobtainSubject(ServletRequest)
.protected Subject
obtainSubject
(jakarta.servlet.ServletRequest request) Obtains theSubject
to run as ornull
if noSubject
is available.final void
setCreateEmptySubject
(boolean createEmptySubject) SetscreateEmptySubject
.void
setSecurityContextHolderStrategy
(org.springframework.security.core.context.SecurityContextHolderStrategy securityContextHolderStrategy) Sets theSecurityContextHolderStrategy
to use.Methods inherited from class org.springframework.web.filter.GenericFilterBean
addRequiredProperty, afterPropertiesSet, createEnvironment, destroy, getEnvironment, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext
-
Constructor Details
-
JaasApiIntegrationFilter
public JaasApiIntegrationFilter()
-
-
Method Details
-
doFilter
public final void doFilter(jakarta.servlet.ServletRequest request, jakarta.servlet.ServletResponse response, jakarta.servlet.FilterChain chain) throws jakarta.servlet.ServletException, IOException Attempts to obtain and run as a JAAS
Subject
usingobtainSubject(ServletRequest)
.If the
Subject
isnull
and createEmptySubject istrue
, an empty, writeableSubject
is used. This allows for theSubject
to be populated at the time of login. If theSubject
isnull
, theFilterChain
continues with no additional processing. If theSubject
is notnull
, theFilterChain
is ran withSubject.doAs(Subject, PrivilegedExceptionAction)
in conjunction with theSubject
obtained.- Throws:
jakarta.servlet.ServletException
IOException
-
obtainSubject
Obtains the
Subject
to run as ornull
if noSubject
is available.The default implementation attempts to obtain the
Subject
from theSecurityContext
'sAuthentication
. If it is of typeJaasAuthenticationToken
and is authenticated, theSubject
is returned from it. Otherwise,null
is returned.- Parameters:
request
- the currentServletRequest
- Returns:
- the Subject to run as or
null
if noSubject
is available.
-
setCreateEmptySubject
public final void setCreateEmptySubject(boolean createEmptySubject) SetscreateEmptySubject
. If the value istrue
, andobtainSubject(ServletRequest)
returnsnull
, an empty, writeableSubject
is created instead. Otherwise noSubject
is used. The default isfalse
.- Parameters:
createEmptySubject
- the new value
-
setSecurityContextHolderStrategy
public void setSecurityContextHolderStrategy(org.springframework.security.core.context.SecurityContextHolderStrategy securityContextHolderStrategy) Sets theSecurityContextHolderStrategy
to use. The default action is to use theSecurityContextHolderStrategy
stored inSecurityContextHolder
.- Since:
- 5.8
-