org.apache.marmotta.platform.security.filters

Class MarmottaAccessControlFilter

java.lang.Object

org.apache.marmotta.platform.security.filters.MarmottaAccessControlFilter

All Implemented Interfaces:

javax.servlet.Filter, org.apache.marmotta.platform.core.api.modules.MarmottaHttpFilter

@ApplicationScoped
public class MarmottaAccessControlFilter
extends Object
implements org.apache.marmotta.platform.core.api.modules.MarmottaHttpFilter

A filter providing basic access control for the Apache Marmotta. Makes use of container-managed user authentication and security roles as provided e.g. by the org.apache.marmotta.platform.user.filters.LMFAuthenticationFilter.

Whenever an HTTP request is received, the filter runs through the configured security constraints and checks whether one of the constraints matches. In case the constraint is a permission, the execution proceeds. In case the constraint is a restriction, an AccessDeniedException is thrown, which is then handled by the LMFAuthenticationFilter.

See Also:

org.apache.marmotta.platform.user.filters.LMFAuthenticationFilter, SecurityService, SecurityServiceImpl,

Author: Sebastian Schaffert

Field Summary

Fields inherited from interface org.apache.marmotta.platform.core.api.modules.MarmottaHttpFilter

PRIO_ACL, PRIO_AUTH, PRIO_FIRST, PRIO_LAST, PRIO_MIDDLE

Constructor Summary

Constructors

Constructor and Description
MarmottaAccessControlFilter()

Method Summary

Methods

Modifier and Type	Method and Description
void	destroy() Called by the web container to indicate to a filter that it is being taken out of service.
void	doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain) The doFilter method of the Filter is called by the container each time a request/response pair is passed through the chain due to a client request for a resource at the end of the chain.
String	getPattern() Return the pattern (regular expression) that a request URI (relative to the LMF base URI) has to match before triggering this filter.
int	getPriority() Return the priority of the filter.
void	init(javax.servlet.FilterConfig filterConfig) Called by the web container to indicate to a filter that it is being placed into service.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

MarmottaAccessControlFilter

public MarmottaAccessControlFilter()

Method Detail

init

public void init(javax.servlet.FilterConfig filterConfig)
          throws javax.servlet.ServletException

Called by the web container to indicate to a filter that it is being placed into service. The servlet container calls the init method exactly once after instantiating the filter. The init method must complete successfully before the filter is asked to do any filtering work.

The web container cannot place the filter into service if the init method either
1.Throws a ServletException
2.Does not return within a time period defined by the web container

Specified by:

init in interface javax.servlet.Filter

Throws:

javax.servlet.ServletException

getPattern

public String getPattern()

Return the pattern (regular expression) that a request URI (relative to the LMF base URI) has to match before triggering this filter.

Specified by:

getPattern in interface org.apache.marmotta.platform.core.api.modules.MarmottaHttpFilter

Returns:

getPriority

public int getPriority()

Return the priority of the filter. Filters that need to be executed before anything else should return PRIO_FIRST, filters that need to be executed last in the chain should return PRIO_LAST, all other filters something inbetween (e.g. PRIO_MIDDLE).

Specified by:

getPriority in interface org.apache.marmotta.platform.core.api.modules.MarmottaHttpFilter

Returns:

doFilter

public void doFilter(javax.servlet.ServletRequest request,
            javax.servlet.ServletResponse response,
            javax.servlet.FilterChain chain)
              throws IOException,
                     javax.servlet.ServletException

The doFilter method of the Filter is called by the container each time a request/response pair is passed through the chain due to a client request for a resource at the end of the chain. The FilterChain passed in to this method allows the Filter to pass on the request and response to the next entity in the chain.

A typical implementation of this method would follow the following pattern:-
1. Examine the request
2. Optionally wrap the request object with a custom implementation to filter content or headers for input filtering
3. Optionally wrap the response object with a custom implementation to filter content or headers for output filtering
4. a) Either invoke the next entity in the chain using the FilterChain object (chain.doFilter()),
* 4. b) or not pass on the request/response pair to the next entity in the filter chain to block the request processing
* 5. Directly set headers on the response after invocation of the next entity in the filter chain.

Specified by:

doFilter in interface javax.servlet.Filter

Throws:

IOException

javax.servlet.ServletException

destroy

public void destroy()

Called by the web container to indicate to a filter that it is being taken out of service. This method is only called once all threads within the filter's doFilter method have exited or after a timeout period has passed. After the web container calls this method, it will not call the doFilter method again on this instance of the filter.

This method gives the filter an opportunity to clean up any resources that are being held (for example, memory, file handles, threads) and make sure that any persistent state is synchronized with the filter's current state in memory.

Specified by:

destroy in interface javax.servlet.Filter