info.magnolia.cms.security
Class BaseSecurityFilter

java.lang.Object
  info.magnolia.cms.filters.AbstractMgnlFilter
      info.magnolia.cms.security.BaseSecurityFilter

All Implemented Interfaces:

MgnlFilter, javax.servlet.Filter

Direct Known Subclasses:

ContentSecurityFilter, URISecurityFilter

public abstract class BaseSecurityFilter
extends AbstractMgnlFilter

Provides basic infrastructure for filters which check if a request is authorized.

Author:

Sameer Charles $Id$

Constructor Summary

BaseSecurityFilter()

Method Summary

protected void	doAuthenticate(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) Deprecated. since 4.5, should not be needed, and does nothing.
void	doFilter(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, javax.servlet.FilterChain chain) Continue with the Magnolia defined filter chain if isAllowed(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) returns true.
protected abstract boolean	isAllowed(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) Implementations need to return false if the request can not be proceeded with, but also need to set an appropriate error code.

Methods inherited from class info.magnolia.cms.filters.AbstractMgnlFilter

acceptsEncoding, acceptsGzipEncoding, addAndVerifyHeader, addBypass, addMapping, bypasses, destroy, doFilter, getBypasses, getDispatching, getMapping, getMappings, getName, headerContains, init, isEnabled, mapsTo, matches, matchesDispatching, setDispatching, setEnabled, setName

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

BaseSecurityFilter

public BaseSecurityFilter()

Method Detail

doFilter

public void doFilter(javax.servlet.http.HttpServletRequest request,
                     javax.servlet.http.HttpServletResponse response,
                     javax.servlet.FilterChain chain)
              throws IOException,
                     javax.servlet.ServletException

Continue with the Magnolia defined filter chain if isAllowed(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) returns true. Else subclasses should set the appropriate http response code 401 (or 403).

Specified by:

doFilter in class AbstractMgnlFilter

Throws:

IOException

javax.servlet.ServletException

isAllowed

protected abstract boolean isAllowed(javax.servlet.http.HttpServletRequest request,
                                     javax.servlet.http.HttpServletResponse response)
                              throws IOException

Implementations need to return false if the request can not be proceeded with, but also need to set an appropriate error code.

Throws:

IOException

doAuthenticate

protected void doAuthenticate(javax.servlet.http.HttpServletRequest request,
                              javax.servlet.http.HttpServletResponse response)

Deprecated. since 4.5, should not be needed, and does nothing.

TODO : verify we do have a correct http status code?.