Package waffle.shiro.dynamic

Class DynamicAuthenticationFilter

java.lang.Object
org.apache.shiro.web.servlet.ServletContextSupport
org.apache.shiro.web.servlet.AbstractFilter
org.apache.shiro.web.servlet.NameableFilter
org.apache.shiro.web.servlet.OncePerRequestFilter
org.apache.shiro.web.servlet.AdviceFilter
org.apache.shiro.web.filter.PathMatchingFilter
org.apache.shiro.web.filter.AccessControlFilter
org.apache.shiro.web.filter.authc.AuthenticationFilter
org.apache.shiro.web.filter.authc.AuthenticatingFilter
org.apache.shiro.web.filter.authc.FormAuthenticationFilter
waffle.shiro.dynamic.DynamicAuthenticationFilter
All Implemented Interfaces:
javax.servlet.Filter, org.apache.shiro.lang.util.Nameable, org.apache.shiro.web.filter.PathConfigProcessor
public class DynamicAuthenticationFilter extends org.apache.shiro.web.filter.authc.FormAuthenticationFilter
When combined with the NegotiateAuthenticationStrategy, this filter can be used to allow a client to choose which authentication filter is used at runtime. This filter assumes the shiro.ini is configured with both the NegotiateAuthenticationRealm and some User/Password Realm like: GroupMappingWaffleRealm.

Requires use of NegotiateAuthenticationStrategy when more than one realm is configured in shiro.ini (which should be the case for multiple authentication type options).

To use NegotiateAuthenticationRealm, the client must pass the parameter PARAM_NAME_AUTHTYPE with a value of PARAM_VAL_AUTHTYPE_NEGOTIATE.

Example shiro.ini snippet below: 

  # =======================
  # Shiro INI configuration
  # =======================

  [main]

  # Setup custom AuthenticationRealm
  waffleRealmSSO = waffle.shiro.negotiate.NegotiateAuthenticationRealm
  waffleUserPass = waffle.shiro.GroupMappingWaffleRealm
  securityManager.realms = $waffleRealmSSO, $waffleUserPass


  # Use the configured native session manager:
  sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
  securityManager.sessionManager = $sessionManager

  # the following call is only necessary in a web-configured ShiroFilter (otherwise
  # a native session manager is already enabled):
  securityManager.sessionMode = native


  # cookie for single sign on
  cookie = org.apache.shiro.web.servlet.SimpleCookie
  cookie.name = SSOcookie
  cookie.path = /
  securityManager.sessionManager.sessionIdCookie = $cookie


  authcStrategy = waffle.shiro.negotiate.NegotiateAuthenticationStrategy
  securityManager.authenticator.authenticationStrategy = $authcStrategy

  # Waffle filter
  waffleFilter = waffle.shiro.dynamic.DynamicAuthenticationFilter

  #Configure filter chains and filter parameters
  authc.loginUrl = /login.jsp
  waffleFilter.loginUrl = /login.jsp
  logout.redirectUrl = login.jsp

  ...

  [urls]
  # The 'urls' section is used for url-based security
  /logout = logout
  /* = waffleFilter

  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    static final String
    PARAM_NAME_AUTHTYPE
    The Constant PARAM_NAME_AUTHTYPE.
    static final String
    PARAM_VAL_AUTHTYPE_NEGOTIATE
    The Constant PARAM_VAL_AUTHTYPE_NEGOTIATE.

    Fields inherited from class org.apache.shiro.web.filter.authc.FormAuthenticationFilter

    DEFAULT_ERROR_KEY_ATTRIBUTE_NAME, DEFAULT_PASSWORD_PARAM, DEFAULT_REMEMBER_ME_PARAM, DEFAULT_USERNAME_PARAM

    Fields inherited from class org.apache.shiro.web.filter.authc.AuthenticatingFilter

    PERMISSIVE

    Fields inherited from class org.apache.shiro.web.filter.authc.AuthenticationFilter

    DEFAULT_SUCCESS_URL

    Fields inherited from class org.apache.shiro.web.filter.AccessControlFilter

    DEFAULT_LOGIN_URL, GET_METHOD, POST_METHOD

    Fields inherited from class org.apache.shiro.web.filter.PathMatchingFilter

    appliedPaths, pathMatcher

    Fields inherited from class org.apache.shiro.web.servlet.OncePerRequestFilter

    ALREADY_FILTERED_SUFFIX

    Fields inherited from class org.apache.shiro.web.servlet.AbstractFilter

    filterConfig

  • Constructor Summary

    Constructors
    Constructor
    Description
    DynamicAuthenticationFilter()
     

  • Method Summary

    Modifier and Type
    Method
    Description
    protected boolean
    executeLogin(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response)
    Call AccessControlFilter.onAccessDenied(javax.servlet.ServletRequest, javax.servlet.ServletResponse) for the user selected authentication type, which performs login logic.

    Methods inherited from class org.apache.shiro.web.filter.authc.FormAuthenticationFilter

    createToken, getFailureKeyAttribute, getPassword, getPasswordParam, getRememberMeParam, getUsername, getUsernameParam, isLoginSubmission, isRememberMe, onAccessDenied, onLoginFailure, onLoginSuccess, setFailureAttribute, setFailureKeyAttribute, setLoginUrl, setPasswordParam, setRememberMeParam, setUsernameParam

    Methods inherited from class org.apache.shiro.web.filter.authc.AuthenticatingFilter

    cleanup, createToken, createToken, getHost, isAccessAllowed, isPermissive

    Methods inherited from class org.apache.shiro.web.filter.authc.AuthenticationFilter

    getSuccessUrl, issueSuccessRedirect, setSuccessUrl

    Methods inherited from class org.apache.shiro.web.filter.AccessControlFilter

    getLoginUrl, getSubject, isLoginRequest, onAccessDenied, onPreHandle, redirectToLogin, saveRequest, saveRequestAndRedirectToLogin

    Methods inherited from class org.apache.shiro.web.filter.PathMatchingFilter

    getPathWithinApplication, isEnabled, pathsMatch, pathsMatch, preHandle, processPathConfig

    Methods inherited from class org.apache.shiro.web.servlet.AdviceFilter

    afterCompletion, doFilterInternal, executeChain, postHandle

    Methods inherited from class org.apache.shiro.web.servlet.OncePerRequestFilter

    doFilter, getAlreadyFilteredAttributeName, isEnabled, isEnabled, isFilterOncePerRequest, setEnabled, setFilterOncePerRequest, shouldNotFilter

    Methods inherited from class org.apache.shiro.web.servlet.NameableFilter

    getName, setName, toStringBuilder

    Methods inherited from class org.apache.shiro.web.servlet.AbstractFilter

    destroy, getFilterConfig, getInitParam, init, onFilterConfigSet, setFilterConfig

    Methods inherited from class org.apache.shiro.web.servlet.ServletContextSupport

    getContextAttribute, getContextInitParam, getServletContext, removeContextAttribute, setContextAttribute, setServletContext, toString

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

  • Field Details

    • PARAM_NAME_AUTHTYPE

      public static final String PARAM_NAME_AUTHTYPE
      The Constant PARAM_NAME_AUTHTYPE.
      See Also:

    • PARAM_VAL_AUTHTYPE_NEGOTIATE

      public static final String PARAM_VAL_AUTHTYPE_NEGOTIATE
      The Constant PARAM_VAL_AUTHTYPE_NEGOTIATE.
      See Also:

  • Constructor Details

    • DynamicAuthenticationFilter

      public DynamicAuthenticationFilter()

  • Method Details

    • executeLogin

      protected boolean executeLogin(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response) throws Exception
      Call AccessControlFilter.onAccessDenied(javax.servlet.ServletRequest, javax.servlet.ServletResponse) for the user selected authentication type, which performs login logic.

      Overrides:
      executeLogin in class org.apache.shiro.web.filter.authc.AuthenticatingFilter
      Throws:
      Exception