GeoServerSecurityFilter.java

/* (c) 2014 Open Source Geospatial Foundation - all rights reserved
 * (c) 2001 - 2013 OpenPlans
 * This code is licensed under the GPL 2.0 license, available at the root
 * application directory.
 */
package org.geoserver.security.filter;

import javax.servlet.Filter;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;

import org.geoserver.security.GeoServerSecurityManager;
import org.geoserver.security.GeoServerSecurityProvider;
import org.geoserver.security.config.SecurityManagerConfig;
import org.geoserver.security.impl.AbstractGeoServerSecurityService;
import org.springframework.beans.factory.BeanNameAware;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.AuthenticationEntryPoint;

/**
 * Extension of {@link Filter} for the geoserver security subsystem.
 * <p>
 * Instances of this class are provided by {@link GeoServerSecurityProvider}, or may also be 
 * contribute via a spring context. Filters are configured via name through 
 * {@link SecurityManagerConfig#getFilterChain()}.The referenced name will be matched to a named 
 * security configuration through {@link GeoServerSecurityManager#loadFilter(String)} or matched
 * to a bean name in the application context.
 * </p>
 * 
 * @author Justin Deoliveira, OpenGeo
 * 
 */
public abstract class GeoServerSecurityFilter extends AbstractGeoServerSecurityService
    implements Filter, BeanNameAware {

    /**
     * Geoserver authentication filter should set an {@link AuthenticationEntryPoint} using
     * this servlet attribute name.
     * 
     * The {@link GeoServerExceptionTranslationFilter} may use the entry point in case of an
     * {@link AuthenticationException}
     * 
     */
    public final static String AUTHENTICATION_ENTRY_POINT_HEADER = "_AUTHENTICATION_ENTRY_POINT_HEADER";

    private String beanName;

    public String getBeanName() {
        return beanName;
    }

    public void setBeanName(String beanName) {
        this.beanName = beanName;
    }

    /**
     * Not used, these filters are not plugged in via web.xml
     */
    @Override
    public final void init(FilterConfig filterConfig) throws ServletException {
    }

    /**
     * Does nothing, subclasses may override.
     */
    @Override
    public void destroy() {
    }

    /**
     * Tries to authenticate from cache
     * if a key can be derived and the {@link Authentication} object
     * is not in the cache, the key will be returned.
     * 
     * A not <code>null</code> return value indicates a 
     * missing cache entry
     *  
     * 
     * @param filter
     * @param request
     *
     */
    protected String authenticateFromCache(AuthenticationCachingFilter filter,HttpServletRequest request) {
    
        Authentication authFromCache=null;
        String cacheKey=null;
        if (SecurityContextHolder.getContext().getAuthentication()==null) {
            cacheKey = filter.getCacheKey(request);
            if (cacheKey!=null) { 
                authFromCache = getSecurityManager().getAuthenticationCache().get(getName(), cacheKey);
                if (authFromCache!=null)
                    SecurityContextHolder.getContext().setAuthentication(authFromCache);
                else
                    return cacheKey;
            }
                
        }
        return null;     
    }
    
    protected String getRequestPath(HttpServletRequest request) {
        String url = request.getServletPath();

        if (request.getPathInfo() != null) {
            url += request.getPathInfo();
        }

        url = url.toLowerCase();

        return url;
    }

}