GeoServerSecurityContextPersistenceFilter.java example

Explorer

geoserver-master
- doc
  - en
    - developer
      - source
        programming-guide
        ows-services
        hello
        src
        main
        java
        HelloWorld.java
        web-ui
        ComponentInfo.java
    - user
      - source
        security
        tutorials
        ldap
        acme-ldap
        src
        main
        java
        org
        acme
        Ldap.java
- src

/* (c) 2014 Open Source Geospatial Foundation - all rights reserved
 * (c) 2001 - 2013 OpenPlans
 * This code is licensed under the GPL 2.0 license, available at the root
 * application directory.
 */

package org.geoserver.security.filter;

import java.io.IOException;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;

import org.geoserver.security.GeoServerSecurityFilterChainProxy;
import org.geoserver.security.config.SecurityContextPersistenceFilterConfig;
import org.geoserver.security.config.SecurityNamedServiceConfig;
import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
import org.springframework.security.web.context.SecurityContextPersistenceFilter;

/**
 * Security context persitence filter 
 * 
 * @author mcr
 *
 */
public class GeoServerSecurityContextPersistenceFilter extends GeoServerCompositeFilter {
    
    public final static String ALLOWSESSIONCREATION_ATTR = "_allowSessionCreation"; 
    Boolean isAllowSessionCreation;
    
    @Override
    public void initializeFromConfig(SecurityNamedServiceConfig config) throws IOException {
        super.initializeFromConfig(config);
        
        
        SecurityContextPersistenceFilterConfig pConfig = 
                (SecurityContextPersistenceFilterConfig) config;
                
        HttpSessionSecurityContextRepository repo = new HttpSessionSecurityContextRepository();
        SecurityContextPersistenceFilter filter = new SecurityContextPersistenceFilter(repo) {
          @Override
        public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
                throws IOException, ServletException {
                 // set the hint for authentcation servlets
                 req.setAttribute(ALLOWSESSIONCREATION_ATTR, isAllowSessionCreation);
                 if (isAllowSessionCreation)
                     ((HttpServletRequest)req).getSession(); // create session if allowed
                 // set the hint for other components
                 req.setAttribute(GeoServerSecurityFilterChainProxy.SECURITY_ENABLED_ATTRIBUTE,Boolean.TRUE);
                 super.doFilter(req, res, chain);
        }  
        };
        isAllowSessionCreation=pConfig.isAllowSessionCreation();
        repo.setAllowSessionCreation(pConfig.isAllowSessionCreation());        
        filter.setForceEagerSessionCreation(false);

        try {
            filter.afterPropertiesSet();
        } catch (ServletException e) {
            throw new RuntimeException(e);
        }
        getNestedFilters().add(filter);        
    }
    
}