au.org.ala.cas.client

Class UriFilter

java.lang.Object

au.org.ala.cas.client.UriFilter

All Implemented Interfaces:

javax.servlet.Filter

public class UriFilter
extends Object
implements javax.servlet.Filter

Meta filter that provides filtering based on URI patterns that require authentication (and thus redirection) to the CAS server.

There are 3 possible filter configurations and these filtering criteria are applied in the following order,

UriFilter configuration order

Criterion	context-param	Required	Description
URI exclusion	uriExclusionFilterPattern	No	URIs that should not be subject to CAS authentication
URI inclusion	uriFilterPattern	No	URIs that are to be subject to CAS authentication
Only if logged in	authenticateOnlyIfLoggedInFilterPattern	No	URIs that should be subject to CAS authentication only if logged in (indicated by the presence of the ALA-Auth cookie)

The list of URI patterns is specified as a comma delimited list of regular expressions in a <context-param>.

So if a request's path matches one of the URI patterns then the filter specified by the filterClass <init-param> is invoked.

The contextPath from the ServletContext is prefixed to each URI pattern defined for each filter.

An example of usage is shown in the following web.xml fragment,

     ...

     <context-param>
         <param-name>uriFilterPattern</param-name>
         <param-value>/occurrences/\d+</param-value>
     </context-param>

     <!-- CAS Authentication Service filters -->
     <filter>
         <filter-name>CAS Authentication Filter</filter-name>
         <filter-class>au.org.ala.cas.client.UriFilter</filter-class>
         <init-param>
             <param-name>filterClass</param-name>
             <param-value>org.jasig.cas.client.authentication.AuthenticationFilter</param-value>
         </init-param>
         <init-param>
             <param-name>casServerLoginUrl</param-name>
             <param-value>https://auth.ala.org.au/cas/login</param-value>
         </init-param>
         <init-param>
             <param-name>gateway</param-name>
             <param-value>true</param-value>
         </init-param>
     </filter>
     ...
 

Author:

peter flemming

Field Summary

Fields

Modifier and Type	Field and Description
static String	AUTHENTICATE_ONLY_IF_LOGGED_IN_FILTER_PATTERN
static String	URI_EXCLUSION_FILTER_PATTERN
static String	URI_FILTER_PATTERN

Constructor Summary

Constructors

Constructor and Description
UriFilter()

Method Summary

Methods

Modifier and Type	Method and Description
void	destroy()
void	doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain)
void	init(javax.servlet.FilterConfig filterConfig)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

URI_FILTER_PATTERN

public static final String URI_FILTER_PATTERN

See Also:

Constant Field Values

URI_EXCLUSION_FILTER_PATTERN

public static final String URI_EXCLUSION_FILTER_PATTERN

See Also:

Constant Field Values

AUTHENTICATE_ONLY_IF_LOGGED_IN_FILTER_PATTERN

public static final String AUTHENTICATE_ONLY_IF_LOGGED_IN_FILTER_PATTERN

See Also:

Constant Field Values

Constructor Detail

UriFilter

public UriFilter()

Method Detail

init

public void init(javax.servlet.FilterConfig filterConfig)
          throws javax.servlet.ServletException

Specified by:

init in interface javax.servlet.Filter

Throws:

javax.servlet.ServletException

doFilter

public void doFilter(javax.servlet.ServletRequest request,
            javax.servlet.ServletResponse response,
            javax.servlet.FilterChain chain)
              throws IOException,
                     javax.servlet.ServletException

Specified by:

doFilter in interface javax.servlet.Filter

Throws:

IOException

javax.servlet.ServletException

destroy

public void destroy()

Specified by:

destroy in interface javax.servlet.Filter