Class DynamicAuthenticationFilter

java.lang.Object
org.apache.shiro.web.servlet.ServletContextSupport
org.apache.shiro.web.servlet.AbstractFilter
org.apache.shiro.web.servlet.NameableFilter
org.apache.shiro.web.servlet.OncePerRequestFilter
org.apache.shiro.web.servlet.AdviceFilter
org.apache.shiro.web.filter.PathMatchingFilter
org.apache.shiro.web.filter.AccessControlFilter
org.apache.shiro.web.filter.authc.AuthenticationFilter
org.apache.shiro.web.filter.authc.AuthenticatingFilter
org.apache.shiro.web.filter.authc.FormAuthenticationFilter
waffle.shiro.dynamic.DynamicAuthenticationFilter
All Implemented Interfaces:
javax.servlet.Filter, org.apache.shiro.lang.util.Nameable, org.apache.shiro.web.filter.PathConfigProcessor
public class DynamicAuthenticationFilter extends org.apache.shiro.web.filter.authc.FormAuthenticationFilter
When combined with the NegotiateAuthenticationStrategy, this filter can be used to allow a client to choose which authentication filter is used at runtime. This filter assumes the shiro.ini is configured with both the NegotiateAuthenticationRealm and some User/Password Realm like: GroupMappingWaffleRealm.

Requires use of NegotiateAuthenticationStrategy when more than one realm is configured in shiro.ini (which should be the case for multiple authentication type options).

To use NegotiateAuthenticationRealm, the client must pass the parameter PARAM_NAME_AUTHTYPE with a value of PARAM_VAL_AUTHTYPE_NEGOTIATE.

Example shiro.ini snippet below: 

 # =======================
 # Shiro INI configuration
 # =======================

 [main]

 # Setup custom AuthenticationRealm
 waffleRealmSSO = waffle.shiro.negotiate.NegotiateAuthenticationRealm
 waffleUserPass = waffle.shiro.GroupMappingWaffleRealm
 securityManager.realms = $waffleRealmSSO, $waffleUserPass


 # Use the configured native session manager:
 sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
 securityManager.sessionManager = $sessionManager

 # the following call is only necessary in a web-configured ShiroFilter (otherwise
 # a native session manager is already enabled):
 securityManager.sessionMode = native


 # cookie for single sign on
 cookie = org.apache.shiro.web.servlet.SimpleCookie
 cookie.name = SSOcookie
 cookie.path = /
 securityManager.sessionManager.sessionIdCookie = $cookie


 authcStrategy = waffle.shiro.negotiate.NegotiateAuthenticationStrategy
 securityManager.authenticator.authenticationStrategy = $authcStrategy

 # Waffle filter
 waffleFilter = waffle.shiro.dynamic.DynamicAuthenticationFilter

 #Configure filter chains and filter parameters
 authc.loginUrl = /login.jsp
 waffleFilter.loginUrl = /login.jsp
 logout.redirectUrl = login.jsp

 ...

 [urls]
 # The 'urls' section is used for url-based security
 /logout = logout
 /* = waffleFilter

  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    static final String
    PARAM_NAME_AUTHTYPE
    The Constant PARAM_NAME_AUTHTYPE.
    static final String
    PARAM_VAL_AUTHTYPE_NEGOTIATE
    The Constant PARAM_VAL_AUTHTYPE_NEGOTIATE.

    Fields inherited from class org.apache.shiro.web.filter.authc.FormAuthenticationFilter

    DEFAULT_ERROR_KEY_ATTRIBUTE_NAME, DEFAULT_PASSWORD_PARAM, DEFAULT_REMEMBER_ME_PARAM, DEFAULT_USERNAME_PARAM

    Fields inherited from class org.apache.shiro.web.filter.authc.AuthenticatingFilter

    PERMISSIVE

    Fields inherited from class org.apache.shiro.web.filter.authc.AuthenticationFilter

    DEFAULT_SUCCESS_URL

    Fields inherited from class org.apache.shiro.web.filter.AccessControlFilter

    DEFAULT_LOGIN_URL, GET_METHOD, POST_METHOD

    Fields inherited from class org.apache.shiro.web.filter.PathMatchingFilter

    appliedPaths, pathMatcher

    Fields inherited from class org.apache.shiro.web.servlet.OncePerRequestFilter

    ALREADY_FILTERED_SUFFIX

    Fields inherited from class org.apache.shiro.web.servlet.AbstractFilter

    filterConfig

  • Constructor Summary

    Constructors
    Constructor
    Description
    DynamicAuthenticationFilter()
     

  • Method Summary

    Modifier and Type
    Method
    Description
    protected boolean
    executeLogin(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response)
    Call AccessControlFilter.onAccessDenied(javax.servlet.ServletRequest, javax.servlet.ServletResponse) for the user selected authentication type, which performs login logic.

    Methods inherited from class org.apache.shiro.web.filter.authc.FormAuthenticationFilter

    createToken, getFailureKeyAttribute, getPassword, getPasswordParam, getRememberMeParam, getUsername, getUsernameParam, isLoginSubmission, isRememberMe, onAccessDenied, onLoginFailure, onLoginSuccess, setFailureAttribute, setFailureKeyAttribute, setLoginUrl, setPasswordParam, setRememberMeParam, setUsernameParam

    Methods inherited from class org.apache.shiro.web.filter.authc.AuthenticatingFilter

    cleanup, createToken, createToken, getHost, isAccessAllowed, isPermissive

    Methods inherited from class org.apache.shiro.web.filter.authc.AuthenticationFilter

    getSuccessUrl, issueSuccessRedirect, setSuccessUrl

    Methods inherited from class org.apache.shiro.web.filter.AccessControlFilter

    getLoginUrl, getSubject, isLoginRequest, onAccessDenied, onPreHandle, redirectToLogin, saveRequest, saveRequestAndRedirectToLogin

    Methods inherited from class org.apache.shiro.web.filter.PathMatchingFilter

    getPathWithinApplication, isEnabled, pathsMatch, pathsMatch, preHandle, processPathConfig

    Methods inherited from class org.apache.shiro.web.servlet.AdviceFilter

    afterCompletion, doFilterInternal, executeChain, postHandle

    Methods inherited from class org.apache.shiro.web.servlet.OncePerRequestFilter

    doFilter, getAlreadyFilteredAttributeName, isEnabled, isEnabled, isFilterOncePerRequest, setEnabled, setFilterOncePerRequest, shouldNotFilter

    Methods inherited from class org.apache.shiro.web.servlet.NameableFilter

    getName, setName, toStringBuilder

    Methods inherited from class org.apache.shiro.web.servlet.AbstractFilter

    destroy, getFilterConfig, getInitParam, init, onFilterConfigSet, setFilterConfig

    Methods inherited from class org.apache.shiro.web.servlet.ServletContextSupport

    getContextAttribute, getContextInitParam, getServletContext, removeContextAttribute, setContextAttribute, setServletContext, toString

    Methods inherited from class Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

  • Field Details

    • PARAM_NAME_AUTHTYPE

      public static final String PARAM_NAME_AUTHTYPE
      The Constant PARAM_NAME_AUTHTYPE.
      See Also:

    • PARAM_VAL_AUTHTYPE_NEGOTIATE

      public static final String PARAM_VAL_AUTHTYPE_NEGOTIATE
      The Constant PARAM_VAL_AUTHTYPE_NEGOTIATE.
      See Also:

  • Constructor Details

    • DynamicAuthenticationFilter

      public DynamicAuthenticationFilter()

  • Method Details

    • executeLogin

      protected boolean executeLogin(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response) throws Exception
      Call AccessControlFilter.onAccessDenied(javax.servlet.ServletRequest, javax.servlet.ServletResponse) for the user selected authentication type, which performs login logic.

      Overrides:
      executeLogin in class org.apache.shiro.web.filter.authc.AuthenticatingFilter
      Throws:
      Exception