public abstract class SessionAuthorizationFilterStrategy extends Object implements javax.servlet.Filter
Modifier and Type | Field and Description |
---|---|
protected static org.apache.commons.logging.Log |
logger |
Constructor and Description |
---|
SessionAuthorizationFilterStrategy() |
Modifier and Type | Method and Description |
---|---|
protected abstract void |
addAuthenticatedSubjectsToRequest(org.dataone.cn.servlet.http.ProxyServletRequestWrapper proxyRequest,
org.dataone.service.types.v1.Session session,
org.dataone.service.types.v1.Subject authorizedSubject)
Allows concrete implementations of SessionAuthorizationFilterStrategy to determine how/what authenticated
subjects are added to the request's parameter values - ParameterKeys.AUTHORIZED_SUBJECTS, as well as if public
user and authenticated user constants are provided.
|
void |
destroy() |
void |
doFilter(javax.servlet.ServletRequest request,
javax.servlet.ServletResponse response,
javax.servlet.FilterChain fc)
The strategy method that defines how and what subjects are added to the request's parameter values.
|
protected abstract String |
getServiceMethodName()
The service name to look up for additional admin users defined for the services service method restrictions.
|
protected abstract void |
handleNoCertificateManagerSession(org.dataone.cn.servlet.http.ProxyServletRequestWrapper proxyRequest,
javax.servlet.ServletResponse response,
javax.servlet.FilterChain filterChain)
Allows concrete implementations of SessionAuthorizationFilterStrategy to determine what access (if any) to allow
requests that do have session information available from the dataONE CertificateManager.
|
void |
init(javax.servlet.FilterConfig fc)
Initialize the filter by pre-caching a list of administrative subjects
|
protected abstract void handleNoCertificateManagerSession(org.dataone.cn.servlet.http.ProxyServletRequestWrapper proxyRequest, javax.servlet.ServletResponse response, javax.servlet.FilterChain filterChain) throws javax.servlet.ServletException, IOException, org.dataone.service.exceptions.NotAuthorized
proxyRequest
- response
- filterChain
- javax.servlet.ServletException
IOException
org.dataone.service.exceptions.NotAuthorized
protected abstract void addAuthenticatedSubjectsToRequest(org.dataone.cn.servlet.http.ProxyServletRequestWrapper proxyRequest, org.dataone.service.types.v1.Session session, org.dataone.service.types.v1.Subject authorizedSubject) throws org.dataone.service.exceptions.ServiceFailure, org.dataone.service.exceptions.NotAuthorized, org.dataone.service.exceptions.NotImplemented
proxyRequest
- session
- authorizedSubject
- org.dataone.service.exceptions.ServiceFailure
org.dataone.service.exceptions.NotAuthorized
org.dataone.service.exceptions.NotImplemented
protected abstract String getServiceMethodName()
public void init(javax.servlet.FilterConfig fc) throws javax.servlet.ServletException
init
in interface javax.servlet.Filter
fc
- javax.servlet.ServletException
public void doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain fc) throws IOException, javax.servlet.ServletException
doFilter
in interface javax.servlet.Filter
request
- response
- fc
- IOException
javax.servlet.ServletException
public void destroy()
destroy
in interface javax.servlet.Filter
Copyright © 2018. All rights reserved.