Class AuthenticationFilter

  • All Implemented Interfaces:
    javax.servlet.Filter

    public class AuthenticationFilter
    extends java.lang.Object
    implements javax.servlet.Filter

    Authentication filter that prevents access to protected resources when the user is not signed on to an allowed authentication level.

    The allowed authentication levels are loaded from a servlet parameter:

     allowed.auth.levels - a comma separated list of authentication levels e.g 1FA,2FA
     

    The common authentication levels are defined as string constants in SessionData (with prefix LEVEL_)

    If the signon session data does not exist or is not set to one of the allowed levels then access will be denied by sending a not found (403) http response code.

    • Field Summary

      Fields 
      Modifier and Type Field Description
      static java.lang.String ALLOWED_AUTH_LEVELS  
    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      void destroy()  
      void doFilter​(javax.servlet.ServletRequest req, javax.servlet.ServletResponse resp, javax.servlet.FilterChain chain)  
      void init​(javax.servlet.FilterConfig config)  
      java.lang.String logPrefix​(javax.servlet.http.HttpServletRequest req)
      Gets the session id prefix added to all log messages.
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Field Detail

      • ALLOWED_AUTH_LEVELS

        public static final java.lang.String ALLOWED_AUTH_LEVELS
        See Also:
        Constant Field Values
    • Constructor Detail

      • AuthenticationFilter

        public AuthenticationFilter()
    • Method Detail

      • init

        public void init​(javax.servlet.FilterConfig config)
                  throws javax.servlet.ServletException
        Specified by:
        init in interface javax.servlet.Filter
        Throws:
        javax.servlet.ServletException
      • doFilter

        public void doFilter​(javax.servlet.ServletRequest req,
                             javax.servlet.ServletResponse resp,
                             javax.servlet.FilterChain chain)
                      throws javax.servlet.ServletException,
                             java.io.IOException
        Specified by:
        doFilter in interface javax.servlet.Filter
        Throws:
        javax.servlet.ServletException
        java.io.IOException
      • logPrefix

        public java.lang.String logPrefix​(javax.servlet.http.HttpServletRequest req)
        Gets the session id prefix added to all log messages.
        Parameters:
        req - the servlet request object
        Returns:
        the prefix to add to all log messages
      • destroy

        public void destroy()
        Specified by:
        destroy in interface javax.servlet.Filter