public class SecurityCallbackFilter extends OncePerRequestAbstractMgnlFilter
AccessDeniedException
s,
and renders an appropriate "login form" (which can consist of a redirect or anything else just as well).
A number of HttpClientCallback
s can be configured for this filter, each with a different configuration,
and behavior. The AbstractHttpClientCallback
provides a number
of filtering capabilities (using url, host or voters).
This functionality used to live in BaseSecurityFilter
, URISecurityFilter
, as well as ContentSecurityFilter
.
These filters now merely set an HTTP response code or throw an exception, which is handled here.Modifier and Type | Class and Description |
---|---|
static class |
SecurityCallbackFilter.StatusSniffingResponseWrapper
A simple HttpServletResponseWrapper which keeps track of the current http status code.
|
Constructor and Description |
---|
SecurityCallbackFilter() |
Modifier and Type | Method and Description |
---|---|
void |
addClientCallback(HttpClientCallback clientCallback) |
void |
doFilter(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse originalResponse,
javax.servlet.FilterChain chain) |
List<HttpClientCallback> |
getClientCallbacks() |
protected boolean |
needsCallback(SecurityCallbackFilter.StatusSniffingResponseWrapper response) |
protected void |
selectAndHandleCallback(javax.servlet.http.HttpServletRequest request,
SecurityCallbackFilter.StatusSniffingResponseWrapper response) |
protected HttpClientCallback |
selectClientCallback(javax.servlet.http.HttpServletRequest request) |
void |
setClientCallbacks(List<HttpClientCallback> clientCallbacks) |
bypasses, doFilter
acceptsEncoding, acceptsGzipEncoding, addAndVerifyHeader, addBypass, addMapping, destroy, getBypasses, getDispatching, getMapping, getMappings, getName, headerContains, init, isEnabled, mapsTo, matches, matchesDispatching, setBypasses, setDispatching, setEnabled, setMappings, setName
public void doFilter(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse originalResponse, javax.servlet.FilterChain chain) throws IOException, javax.servlet.ServletException
doFilter
in class AbstractMgnlFilter
IOException
javax.servlet.ServletException
protected boolean needsCallback(SecurityCallbackFilter.StatusSniffingResponseWrapper response)
protected void selectAndHandleCallback(javax.servlet.http.HttpServletRequest request, SecurityCallbackFilter.StatusSniffingResponseWrapper response)
protected HttpClientCallback selectClientCallback(javax.servlet.http.HttpServletRequest request)
public void addClientCallback(HttpClientCallback clientCallback)
public void setClientCallbacks(List<HttpClientCallback> clientCallbacks)
public List<HttpClientCallback> getClientCallbacks()
Copyright © 2003–2019 Magnolia International Ltd.. All rights reserved.