public abstract class SessionAuthorizationFilterStrategy extends Object implements javax.servlet.Filter
| Modifier and Type | Field and Description |
|---|---|
protected static org.apache.commons.logging.Log |
logger |
| Constructor and Description |
|---|
SessionAuthorizationFilterStrategy() |
| Modifier and Type | Method and Description |
|---|---|
protected abstract void |
addAuthenticatedSubjectsToRequest(org.dataone.cn.servlet.http.ProxyServletRequestWrapper proxyRequest,
org.dataone.service.types.v1.Session session,
org.dataone.service.types.v1.Subject authorizedSubject)
Allows concrete implementations of SessionAuthorizationFilterStrategy to determine how/what authenticated
subjects are added to the request's parameter values - ParameterKeys.AUTHORIZED_SUBJECTS, as well as if public
user and authenticated user constants are provided.
|
void |
destroy() |
void |
doFilter(javax.servlet.ServletRequest request,
javax.servlet.ServletResponse response,
javax.servlet.FilterChain fc)
The strategy method that defines how and what subjects are added to the request's parameter values.
|
protected abstract String |
getServiceMethodName()
The service name to look up for additional admin users defined for the services service method restrictions.
|
protected abstract void |
handleNoCertificateManagerSession(org.dataone.cn.servlet.http.ProxyServletRequestWrapper proxyRequest,
javax.servlet.ServletResponse response,
javax.servlet.FilterChain filterChain)
Allows concrete implementations of SessionAuthorizationFilterStrategy to determine what access (if any) to allow
requests that do have session information available from the dataONE CertificateManager.
|
void |
init(javax.servlet.FilterConfig fc)
Initialize the filter by pre-caching a list of administrative subjects
|
protected abstract void handleNoCertificateManagerSession(org.dataone.cn.servlet.http.ProxyServletRequestWrapper proxyRequest,
javax.servlet.ServletResponse response,
javax.servlet.FilterChain filterChain)
throws javax.servlet.ServletException,
IOException,
org.dataone.service.exceptions.NotAuthorized
proxyRequest - response - filterChain - javax.servlet.ServletExceptionIOExceptionorg.dataone.service.exceptions.NotAuthorizedprotected abstract void addAuthenticatedSubjectsToRequest(org.dataone.cn.servlet.http.ProxyServletRequestWrapper proxyRequest,
org.dataone.service.types.v1.Session session,
org.dataone.service.types.v1.Subject authorizedSubject)
throws org.dataone.service.exceptions.ServiceFailure,
org.dataone.service.exceptions.NotAuthorized,
org.dataone.service.exceptions.NotImplemented
proxyRequest - session - authorizedSubject - org.dataone.service.exceptions.ServiceFailureorg.dataone.service.exceptions.NotAuthorizedorg.dataone.service.exceptions.NotImplementedprotected abstract String getServiceMethodName()
public void init(javax.servlet.FilterConfig fc)
throws javax.servlet.ServletException
init in interface javax.servlet.Filterfc - javax.servlet.ServletExceptionpublic void doFilter(javax.servlet.ServletRequest request,
javax.servlet.ServletResponse response,
javax.servlet.FilterChain fc)
throws IOException,
javax.servlet.ServletException
doFilter in interface javax.servlet.Filterrequest - response - fc - IOExceptionjavax.servlet.ServletExceptionpublic void destroy()
destroy in interface javax.servlet.FilterCopyright © 2020. All rights reserved.