Package org.craftercms.security.servlet.filters

Class RequestSecurityFilter

java.lang.Object
org.springframework.web.filter.GenericFilterBean
org.craftercms.security.servlet.filters.RequestSecurityFilter
All Implemented Interfaces:
javax.servlet.Filter, SecurityEnabledAware, org.springframework.beans.factory.Aware, org.springframework.beans.factory.BeanNameAware, org.springframework.beans.factory.DisposableBean, org.springframework.beans.factory.InitializingBean, org.springframework.context.EnvironmentAware, org.springframework.core.env.EnvironmentCapable, org.springframework.web.context.ServletContextAware
public class RequestSecurityFilter extends org.springframework.web.filter.GenericFilterBean implements SecurityEnabledAware
Filter for running security. Uses a list of RequestSecurityProcessor. The last processor should basically call the filter chain.
Author:
Alfonso Vásquez

  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    protected org.springframework.util.PathMatcher
    pathMatcher
     
    protected boolean
    securityEnabled
     
    protected List<RequestSecurityProcessor>
    securityProcessors
     
    protected String[]
    urlsToExclude
     
    protected String[]
    urlsToInclude
     

    Fields inherited from class org.springframework.web.filter.GenericFilterBean

    logger

  • Constructor Summary

    Constructors
    Constructor
    Description
    RequestSecurityFilter()
     

  • Method Summary

    Modifier and Type
    Method
    Description
    protected org.craftercms.commons.http.RequestContext
    createRequestContext(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
    Returns a new RequestContext, using the specified HttpServletRequest and HttpServletResponse.
    void
    doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain)
    If securityEnabled, passes the request through the chain of RequestSecurityProcessors, depending if the request URL matches or not the urlsToInclude or the urlsToExclude.
    protected void
    doFilterInternal(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, javax.servlet.FilterChain chain)
    Passes the request through the chain of RequestSecurityProcessors.
    protected boolean
    excludeRequest(javax.servlet.http.HttpServletRequest request)
    Returns trues if the request should be excluded from processing.
    protected RequestSecurityProcessor
    getLastProcessorInChain(javax.servlet.FilterChain chain)
    Returns the last processor of the chain, which should actually call the FilterChain.
    protected boolean
    includeRequest(javax.servlet.http.HttpServletRequest request)
    Returns trues if the request should be included for processing.
    void
    setSecurityEnabled(boolean securityEnabled)
    Sets if security is enabled or disabled.
    void
    setSecurityProcessors(List<RequestSecurityProcessor> securityProcessors)
    Sets the chain of RequestSecurityProcessor.
    void
    setUrlsToExclude(String... urlsToExclude)
    Sets the regular expressions used to match the URLs of requests that should NOT be processed by the security chain.
    void
    setUrlsToInclude(String... urlsToInclude)
    Sets the regular expressions used to match the URLs of requests that should be processed by the security chain.

    Methods inherited from class org.springframework.web.filter.GenericFilterBean

    addRequiredProperty, afterPropertiesSet, createEnvironment, destroy, getEnvironment, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Field Details

    • securityEnabled

      protected boolean securityEnabled

    • securityProcessors

      protected List<RequestSecurityProcessor> securityProcessors

    • urlsToInclude

      protected String[] urlsToInclude

    • urlsToExclude

      protected String[] urlsToExclude

    • pathMatcher

      protected org.springframework.util.PathMatcher pathMatcher

  • Constructor Details

    • RequestSecurityFilter

      public RequestSecurityFilter()

  • Method Details

    • setSecurityEnabled

      public void setSecurityEnabled(boolean securityEnabled)
      Sets if security is enabled or disabled. If disabled, the security processor chain is not run.
      Specified by:
      setSecurityEnabled in interface SecurityEnabledAware

    • setSecurityProcessors

      public void setSecurityProcessors(List<RequestSecurityProcessor> securityProcessors)
      Sets the chain of RequestSecurityProcessor.

    • setUrlsToInclude

      public void setUrlsToInclude(String... urlsToInclude)
      Sets the regular expressions used to match the URLs of requests that should be processed by the security chain.

    • setUrlsToExclude

      public void setUrlsToExclude(String... urlsToExclude)
      Sets the regular expressions used to match the URLs of requests that should NOT be processed by the security chain.

    • doFilter

      public void doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain) throws IOException, javax.servlet.ServletException
      If securityEnabled, passes the request through the chain of RequestSecurityProcessors, depending if the request URL matches or not the urlsToInclude or the urlsToExclude. The last processor of the chain calls the actual filter chain.
      Specified by:
      doFilter in interface javax.servlet.Filter
      Parameters:
      request -
      response -
      chain -
      Throws:
      IOException
      javax.servlet.ServletException

    • doFilterInternal

      protected void doFilterInternal(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, javax.servlet.FilterChain chain) throws IOException, javax.servlet.ServletException
      Passes the request through the chain of RequestSecurityProcessors.
      Parameters:
      request -
      response -
      chain -
      Throws:
      IOException
      javax.servlet.ServletException

    • excludeRequest

      protected boolean excludeRequest(javax.servlet.http.HttpServletRequest request)
      Returns trues if the request should be excluded from processing.

    • includeRequest

      protected boolean includeRequest(javax.servlet.http.HttpServletRequest request)
      Returns trues if the request should be included for processing.

    • createRequestContext

      protected org.craftercms.commons.http.RequestContext createRequestContext(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
      Returns a new RequestContext, using the specified HttpServletRequest and HttpServletResponse.

    • getLastProcessorInChain

      protected RequestSecurityProcessor getLastProcessorInChain(javax.servlet.FilterChain chain)
      Returns the last processor of the chain, which should actually call the FilterChain.