com.filenet.ae.toolkit.server.servlet.filter
Class ContainerBasedFilter

java.lang.Object
  extended bycom.filenet.ae.toolkit.server.servlet.filter.ContainerBasedFilter
All Implemented Interfaces:
javax.servlet.Filter

public class ContainerBasedFilter
extends java.lang.Object
implements javax.servlet.Filter

This Container Based Authentication filter is designed to work with container managed security and authentication per the Servlet 2.3 specification. It also assumes that the web application container inlcudes Java™ Authentication and Authorization Service (JAAS) support and JAAS providers that allow for connection to user repositories (i.e. Active Directory and LDAP) that are supported by the Content Engine. The following are prerequisites for using this filter.

The following configuration steps are required in order to deploy and use this filter.


Field Summary
static java.lang.String CHALLENGE_PROXY_ENABLED
          By default, the value is true, meaning that the application is configured with a single protected resource that is being used to trigger container-based user challenge.
static java.lang.String CHALLENGE_PROXY_URI_KEY
          The URI of a deployed page or resource that is configured to require authentication.
protected static java.lang.Boolean challengeProxyEnabled
           
protected static java.lang.String challengeProxyURI
           
static WcmString incompleteConfiguration
           
protected static java.util.Map jaasMap
           
static java.lang.String PERIMETER_CHALLENGE_MODE_KEY
          The flag value indicating whether or not the user challenge UI is being presented by the application or container - or not.
protected static java.lang.Boolean perimeterChallengeMode
           
static java.lang.String SSO_PROXY_CONTEXT_PATH
          The context path as presented by the SSO proxy server, if the SSO solution uses a proxy server, and its context path to the web application is different from the native context path.
static java.lang.String SSO_PROXY_HOST
          The host name as presented by the SSO proxy server, if the SSO solution uses a proxy server host different from the host name where the web application is natively deployed.
static java.lang.String SSO_PROXY_PORT
          The http port as presented by the SSO proxy server that is used to access the web application, if the SSO solution uses a proxy server host/port different from the port of the server where the application is natively deployed.
static java.lang.String SSO_PROXY_SSL_PORT
          The SSL port as presented by the SSO proxy server that is used to access the web application via SSL, if the SSO solution uses a proxy server SSL host/port different from the port of the server where the application is natively deployed.
protected static java.lang.String ssoProxyContextPath
           
protected static java.lang.String ssoProxyHost
           
protected static java.lang.String ssoProxyPort
           
protected static java.lang.String ssoProxySSLPort
           
 
Constructor Summary
ContainerBasedFilter()
           
 
Method Summary
 void destroy()
          Stub required to satisfy Interface requirements.
 void doFilter(javax.servlet.ServletRequest servletRequest, javax.servlet.ServletResponse servletResponse, javax.servlet.FilterChain filterChain)
          Check the request for existence of a user Principal.
static java.lang.String getBaseURL(javax.servlet.http.HttpServletRequest request)
          Get the application context root URL, which will prefix the configured challengeProxyURI.
 void init(javax.servlet.FilterConfig filterConfig)
           
protected  void sendUserChallenge(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
          Perform a redirect to the URI of the container-protected resource/JSP.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

incompleteConfiguration

public static final WcmString incompleteConfiguration

CHALLENGE_PROXY_ENABLED

public static final java.lang.String CHALLENGE_PROXY_ENABLED
By default, the value is true, meaning that the application is configured with a single protected resource that is being used to trigger container-based user challenge. On some webapp containers, all container-secured resources must be called out, or else they won't be running under secured threads. When the value is set to false, it is assumed that all of the secured resources have been specified in url-patterns within a web-resource-collection element in the servlet descriptor. Therefore, the entire user challenge process is managed by the container instead of this filter.

See Also:
Constant Field Values

CHALLENGE_PROXY_URI_KEY

public static final java.lang.String CHALLENGE_PROXY_URI_KEY
The URI of a deployed page or resource that is configured to require authentication. Triggers the user challenge process when there is no user authenticated.

See Also:
Constant Field Values

PERIMETER_CHALLENGE_MODE_KEY

public static final java.lang.String PERIMETER_CHALLENGE_MODE_KEY
The flag value indicating whether or not the user challenge UI is being presented by the application or container - or not. The default if unspecified will be false. This is because by default, when this filter is configured, the FORM based login-method of container based authentication will be used. The most common case where this should be set to true is when the container based CLIENT_CERT login-method is configured for the web application.

See Also:
Constant Field Values

SSO_PROXY_CONTEXT_PATH

public static final java.lang.String SSO_PROXY_CONTEXT_PATH
The context path as presented by the SSO proxy server, if the SSO solution uses a proxy server, and its context path to the web application is different from the native context path.

See Also:
Constant Field Values

SSO_PROXY_HOST

public static final java.lang.String SSO_PROXY_HOST
The host name as presented by the SSO proxy server, if the SSO solution uses a proxy server host different from the host name where the web application is natively deployed.

See Also:
Constant Field Values

SSO_PROXY_SSL_PORT

public static final java.lang.String SSO_PROXY_SSL_PORT
The SSL port as presented by the SSO proxy server that is used to access the web application via SSL, if the SSO solution uses a proxy server SSL host/port different from the port of the server where the application is natively deployed.

See Also:
Constant Field Values

SSO_PROXY_PORT

public static final java.lang.String SSO_PROXY_PORT
The http port as presented by the SSO proxy server that is used to access the web application, if the SSO solution uses a proxy server host/port different from the port of the server where the application is natively deployed.

See Also:
Constant Field Values

challengeProxyEnabled

protected static java.lang.Boolean challengeProxyEnabled

challengeProxyURI

protected static java.lang.String challengeProxyURI

perimeterChallengeMode

protected static java.lang.Boolean perimeterChallengeMode

jaasMap

protected static java.util.Map jaasMap

ssoProxyContextPath

protected static java.lang.String ssoProxyContextPath

ssoProxyHost

protected static java.lang.String ssoProxyHost

ssoProxySSLPort

protected static java.lang.String ssoProxySSLPort

ssoProxyPort

protected static java.lang.String ssoProxyPort
Constructor Detail

ContainerBasedFilter

public ContainerBasedFilter()
Method Detail

init

public void init(javax.servlet.FilterConfig filterConfig)
          throws javax.servlet.ServletException
Specified by:
init in interface javax.servlet.Filter
Throws:
javax.servlet.ServletException

doFilter

public void doFilter(javax.servlet.ServletRequest servletRequest,
                     javax.servlet.ServletResponse servletResponse,
                     javax.servlet.FilterChain filterChain)
              throws java.io.IOException,
                     javax.servlet.ServletException
Check the request for existence of a user Principal. If defined, it indicates that we have been authenticated by the container. When the Principal is present, an assumption is made that there is a retrievable JAAS Subject available on the current Thread. When a user Principal is defined, a call is made to AuthenticationUtil.setCredentials with a parameter indicating to use the existing JAAS Subject. This is followed by passing control to the next filter in the Filter chain. When a user Principal is not present on the request, initiate a user challenge (prompt) for credentials by redirecting to the configured, container-protected resource defined in challengeProxyURI.

Specified by:
doFilter in interface javax.servlet.Filter
Parameters:
servletRequest -
servletResponse -
filterChain -
Throws:
java.io.IOException
javax.servlet.ServletException

sendUserChallenge

protected void sendUserChallenge(javax.servlet.http.HttpServletRequest request,
                                 javax.servlet.http.HttpServletResponse response)
                          throws java.io.IOException
Perform a redirect to the URI of the container-protected resource/JSP. Should only be called when no user Principal is available on the Request.

Parameters:
request -
response -
Throws:
java.io.IOException

getBaseURL

public static java.lang.String getBaseURL(javax.servlet.http.HttpServletRequest request)
Get the application context root URL, which will prefix the configured challengeProxyURI.

Parameters:
request -
Returns:

destroy

public void destroy()
Stub required to satisfy Interface requirements.

Specified by:
destroy in interface javax.servlet.Filter


© Copyright IBM Corp. 2002, 2007. All Rights Reserved.