Example 56 with Filter
use of javax.servlet.Filter in project steve by RWTH-i5-IDSG.
the class SteveAppContext method addSecurityFilter.
private void addSecurityFilter(WebAppContext ctx) {
// The bean name is not arbitrary, but is as expected by Spring
Filter f = new DelegatingFilterProxy(AbstractSecurityWebApplicationInitializer.DEFAULT_FILTER_NAME);
ctx.addFilter(new FilterHolder(f), CONFIG.getSpringManagerMapping(), EnumSet.allOf(DispatcherType.class));
}
Also used :
FilterHolder(org.eclipse.jetty.servlet.FilterHolder)
Filter(javax.servlet.Filter)
DispatcherType(javax.servlet.DispatcherType)
DelegatingFilterProxy(org.springframework.web.filter.DelegatingFilterProxy)
Example 57 with Filter
use of javax.servlet.Filter in project adeptj-modules by AdeptJ.
the class ShiroActivator method start.
/**
* Initializes the Shiro Security Framework.
*/
@Override
public void start(BundleContext context) throws Exception {
cacheProviderTracker = new CacheProviderTracker(context, CacheProvider.class);
cacheProviderTracker.open();
// Register the Shiro EnvironmentLoaderListener first.
Dictionary<String, Object> shiroListenerProps = new Hashtable<>();
shiroListenerProps.put(Constants.SERVICE_VENDOR, "AdeptJ");
shiroListenerProps.put("osgi.http.whiteboard.listener", "true");
servRegShiroListener = context.registerService(ServletContextListener.class, new ExtEnvironmentLoaderListener(), shiroListenerProps);
// Now Register the ShiroFilter.
Dictionary<String, Object> shiroFilterProps = new Hashtable<>();
shiroFilterProps.put(Constants.SERVICE_VENDOR, "AdeptJ");
shiroFilterProps.put("osgi.http.whiteboard.filter.name", "Shiro Filter");
shiroFilterProps.put("osgi.http.whiteboard.filter.pattern", "/*");
shiroFilterProps.put("osgi.http.whiteboard.filter.asyncSupported", "true");
shiroFilterProps.put("osgi.http.whiteboard.filter.dispatcher", new String[] { "REQUEST", "INCLUDE", "FORWARD", "ASYNC", "ERROR" });
servRegShiroFilter = context.registerService(Filter.class, new ShiroFilter(), shiroFilterProps);
}
Also used :
ExtEnvironmentLoaderListener(com.adeptj.modules.security.shiro.listener.ExtEnvironmentLoaderListener)
CacheProviderTracker(com.adeptj.modules.security.shiro.internal.CacheProviderTracker)
ServletContextListener(javax.servlet.ServletContextListener)
ShiroFilter(org.apache.shiro.web.servlet.ShiroFilter)
Filter(javax.servlet.Filter)
Hashtable(java.util.Hashtable)
CacheProvider(com.adeptj.modularweb.cache.api.CacheProvider)
ShiroFilter(org.apache.shiro.web.servlet.ShiroFilter)
Example 58 with Filter
use of javax.servlet.Filter in project jspwiki by apache.
the class WikiSessionTest method runSecurityFilter.
/**
* "Scaffolding" method that runs the session security filter on a mock request. We do this by creating a
* complete mock servlet context and filter chain, and running the request through it.
* @param engine the wiki engine
* @param request the mock request to pass itnto the
* @throws ServletException
* @throws IOException
*/
private static void runSecurityFilter(WikiEngine engine, HttpServletRequest request) throws ServletException, IOException {
// Create a mock servlet context and stash the wiki engine in it
ServletContext servletCtx = new MockServletContext("JSPWiki");
servletCtx.setAttribute("org.apache.wiki.WikiEngine", engine);
// Create a mock filter configuration and add the servlet context we just created
MockFilterConfig filterConfig = new MockFilterConfig();
filterConfig.setFilterName("WikiServletFilter");
filterConfig.setServletContext(servletCtx);
// Create the security filter and run the request through it
Filter filter = new WikiServletFilter();
MockFilterChain chain = new MockFilterChain();
chain.addFilter(filter);
Servlet servlet = new MockServlet();
chain.setServlet(servlet);
filter.init(filterConfig);
filter.doFilter(request, null, chain);
}
Also used :
Filter(javax.servlet.Filter)
WikiServletFilter(org.apache.wiki.ui.WikiServletFilter)
MockServletContext(net.sourceforge.stripes.mock.MockServletContext)
ServletContext(javax.servlet.ServletContext)
WikiServletFilter(org.apache.wiki.ui.WikiServletFilter)
Servlet(javax.servlet.Servlet)
MockFilterChain(net.sourceforge.stripes.mock.MockFilterChain)
MockServletContext(net.sourceforge.stripes.mock.MockServletContext)
MockFilterConfig(net.sourceforge.stripes.mock.MockFilterConfig)
Example 59 with Filter
use of javax.servlet.Filter in project motech by motech.
the class SecurityRuleBuilder method buildSecurityChain.
/**
* Builds SecurityFilterChain which is capable of being
* matched against HttpServletRequest in order to decide
* whether it applies to that request
*
* @param securityRule that will be used as pattern
* @param method to be used in filter
* @return new filter chain with security rule, matcher and filters
*/
public synchronized SecurityFilterChain buildSecurityChain(MotechURLSecurityRule securityRule, HTTPMethod method) {
LOGGER.info("Building security chain for rule: {} and method: {}", securityRule.getPattern(), method);
List<Filter> filters = new ArrayList<>();
RequestMatcher matcher;
validateRule(securityRule);
String pattern = securityRule.getPattern();
if (pattern.equals(SecurityConfigConstants.ANY_PATTERN) || "/**".equals(pattern) || "**".equals(pattern)) {
matcher = AnyRequestMatcher.INSTANCE;
} else if (ANY == method) {
matcher = new AntPathRequestMatcher(pattern);
} else {
matcher = new AntPathRequestMatcher(pattern, method.name());
}
if (!noSecurity(securityRule)) {
try {
filters = addFilters(securityRule);
} catch (ServletException e) {
LOGGER.error("Cannot create {} in {} security rule.", SecurityContextHolderAwareRequestFilter.class, securityRule.getPattern(), e);
}
}
LOGGER.info("Built security chain for rule: {} and method: {}", securityRule.getPattern(), method);
return new MotechSecurityFilterChain(securityRule, matcher, filters);
}
Also used :
ServletException(javax.servlet.ServletException)
RequestMatcher(org.springframework.security.web.util.matcher.RequestMatcher)
AnyRequestMatcher(org.springframework.security.web.util.matcher.AnyRequestMatcher)
AntPathRequestMatcher(org.springframework.security.web.util.matcher.AntPathRequestMatcher)
OpenIDAuthenticationFilter(org.springframework.security.openid.OpenIDAuthenticationFilter)
SessionManagementFilter(org.springframework.security.web.session.SessionManagementFilter)
Filter(javax.servlet.Filter)
ChannelProcessingFilter(org.springframework.security.web.access.channel.ChannelProcessingFilter)
ExceptionTranslationFilter(org.springframework.security.web.access.ExceptionTranslationFilter)
UsernamePasswordAuthenticationFilter(org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter)
SecurityContextPersistenceFilter(org.springframework.security.web.context.SecurityContextPersistenceFilter)
LogoutFilter(org.springframework.security.web.authentication.logout.LogoutFilter)
AnonymousAuthenticationFilter(org.springframework.security.web.authentication.AnonymousAuthenticationFilter)
BasicAuthenticationFilter(org.springframework.security.web.authentication.www.BasicAuthenticationFilter)
SecurityContextHolderAwareRequestFilter(org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter)
RequestCacheAwareFilter(org.springframework.security.web.savedrequest.RequestCacheAwareFilter)
ArrayList(java.util.ArrayList)
AntPathRequestMatcher(org.springframework.security.web.util.matcher.AntPathRequestMatcher)
SecurityContextHolderAwareRequestFilter(org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter)
MotechSecurityFilterChain(org.motechproject.security.chain.MotechSecurityFilterChain)
Example 60 with Filter
use of javax.servlet.Filter in project motech by motech.
the class SecurityRuleBuilder method addFilters.
private List<Filter> addFilters(MotechURLSecurityRule securityRule) throws ServletException {
List<Filter> filters = new ArrayList<>();
SecurityContextRepository contextRepository = new HttpSessionSecurityContextRepository();
RequestCache requestCache = new HttpSessionRequestCache();
addSecureChannel(filters, securityRule.getProtocol());
addSecurityContextPersistenceFilter(filters, contextRepository);
addLogoutFilter(filters, securityRule);
addAuthenticationFilters(filters, securityRule);
addRequestCacheFilter(filters, requestCache);
addSecurityContextHolderAwareRequestFilter(filters);
addAnonymousAuthenticationFilter(filters);
addSessionManagementFilter(filters, contextRepository);
addExceptionTranslationFilter(filters, requestCache, securityRule.isRest());
addFilterSecurityInterceptor(filters, securityRule);
return filters;
}
Also used :
HttpSessionSecurityContextRepository(org.springframework.security.web.context.HttpSessionSecurityContextRepository)
OpenIDAuthenticationFilter(org.springframework.security.openid.OpenIDAuthenticationFilter)
SessionManagementFilter(org.springframework.security.web.session.SessionManagementFilter)
Filter(javax.servlet.Filter)
ChannelProcessingFilter(org.springframework.security.web.access.channel.ChannelProcessingFilter)
ExceptionTranslationFilter(org.springframework.security.web.access.ExceptionTranslationFilter)
UsernamePasswordAuthenticationFilter(org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter)
SecurityContextPersistenceFilter(org.springframework.security.web.context.SecurityContextPersistenceFilter)
LogoutFilter(org.springframework.security.web.authentication.logout.LogoutFilter)
AnonymousAuthenticationFilter(org.springframework.security.web.authentication.AnonymousAuthenticationFilter)
BasicAuthenticationFilter(org.springframework.security.web.authentication.www.BasicAuthenticationFilter)
SecurityContextHolderAwareRequestFilter(org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter)
RequestCacheAwareFilter(org.springframework.security.web.savedrequest.RequestCacheAwareFilter)
HttpSessionRequestCache(org.springframework.security.web.savedrequest.HttpSessionRequestCache)
RequestCache(org.springframework.security.web.savedrequest.RequestCache)
HttpSessionRequestCache(org.springframework.security.web.savedrequest.HttpSessionRequestCache)
ArrayList(java.util.ArrayList)
HttpSessionSecurityContextRepository(org.springframework.security.web.context.HttpSessionSecurityContextRepository)
SecurityContextRepository(org.springframework.security.web.context.SecurityContextRepository)
Aggregations
Filter (javax.servlet.Filter)185
FilterChain (javax.servlet.FilterChain)67
Test (org.junit.Test)57
HttpServletRequest (javax.servlet.http.HttpServletRequest)53
HttpServletResponse (javax.servlet.http.HttpServletResponse)44
ServletRequest (javax.servlet.ServletRequest)43
ServletResponse (javax.servlet.ServletResponse)43
ServletException (javax.servlet.ServletException)28
FilterConfig (javax.servlet.FilterConfig)25
IOException (java.io.IOException)23
ServletContext (javax.servlet.ServletContext)20
Injector (com.google.inject.Injector)17
FilterHolder (org.eclipse.jetty.servlet.FilterHolder)16
OncePerRequestFilter (org.springframework.web.filter.OncePerRequestFilter)13
AnnotationConfigApplicationContext (org.springframework.context.annotation.AnnotationConfigApplicationContext)12
Map (java.util.Map)9
ServletContextHandler (org.eclipse.jetty.servlet.ServletContextHandler)9
ArrayList (java.util.ArrayList)8
Hashtable (java.util.Hashtable)8
DispatcherType (javax.servlet.DispatcherType)8
