Package com.caplin.signon
Class AuthenticationFilter
- java.lang.Object
-
- com.caplin.signon.AuthenticationFilter
-
- All Implemented Interfaces:
javax.servlet.Filter
public class AuthenticationFilter extends java.lang.Object implements javax.servlet.Filter
Authentication filter that prevents access to protected resources when the user is not signed on to an allowed authentication level.
The allowed authentication levels are loaded from a servlet parameter:
allowed.auth.levels - a comma separated list of authentication levels e.g 1FA,2FA
The common authentication levels are defined as string constants in SessionData (with prefix LEVEL_)
If the signon session data does not exist or is not set to one of the allowed levels then access will be denied by sending a not found (403) http response code.
-
-
Field Summary
Fields Modifier and Type Field Description static java.lang.String
ALLOWED_AUTH_LEVELS
-
Constructor Summary
Constructors Constructor Description AuthenticationFilter()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
destroy()
void
doFilter(javax.servlet.ServletRequest req, javax.servlet.ServletResponse resp, javax.servlet.FilterChain chain)
void
init(javax.servlet.FilterConfig config)
java.lang.String
logPrefix(javax.servlet.http.HttpServletRequest req)
Gets the session id prefix added to all log messages.
-
-
-
Field Detail
-
ALLOWED_AUTH_LEVELS
public static final java.lang.String ALLOWED_AUTH_LEVELS
- See Also:
- Constant Field Values
-
-
Method Detail
-
init
public void init(javax.servlet.FilterConfig config) throws javax.servlet.ServletException
- Specified by:
init
in interfacejavax.servlet.Filter
- Throws:
javax.servlet.ServletException
-
doFilter
public void doFilter(javax.servlet.ServletRequest req, javax.servlet.ServletResponse resp, javax.servlet.FilterChain chain) throws javax.servlet.ServletException, java.io.IOException
- Specified by:
doFilter
in interfacejavax.servlet.Filter
- Throws:
javax.servlet.ServletException
java.io.IOException
-
logPrefix
public java.lang.String logPrefix(javax.servlet.http.HttpServletRequest req)
Gets the session id prefix added to all log messages.- Parameters:
req
- the servlet request object- Returns:
- the prefix to add to all log messages
-
destroy
public void destroy()
- Specified by:
destroy
in interfacejavax.servlet.Filter
-
-