Class AuthenticationFilter

java.lang.Object
sonia.scm.web.filter.HttpFilter
sonia.scm.web.filter.AuthenticationFilter
All Implemented Interfaces:
jakarta.servlet.Filter
Direct Known Subclasses:
HttpProtocolServletAuthenticationFilterBase

public class AuthenticationFilter extends HttpFilter
Handles authentication, if a one of the WebTokenGenerator returns an AuthenticationToken.
Since:
2.0.0
  • Field Details

  • Constructor Details

    • AuthenticationFilter

      @Inject public AuthenticationFilter(ScmConfiguration configuration, Set<WebTokenGenerator> tokenGenerators)
      Constructs a new basic authenticaton filter.
      Parameters:
      configuration - scm-manager global configuration
      tokenGenerators - web token generators
  • Method Details

    • doFilter

      protected void doFilter(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, jakarta.servlet.FilterChain chain) throws IOException, jakarta.servlet.ServletException
      Handles authentication, if a one of the WebTokenGenerator returns an AuthenticationToken.
      Specified by:
      doFilter in class HttpFilter
      Parameters:
      request - servlet request
      response - servlet response
      chain - filter chain
      Throws:
      IOException
      jakarta.servlet.ServletException
    • handleUnauthorized

      protected void handleUnauthorized(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, jakarta.servlet.FilterChain chain) throws IOException, jakarta.servlet.ServletException
      Sends status code 401 back to client, if the authentication has failed. In all other cases the method will send status code 403 back to client.
      Parameters:
      request - servlet request
      response - servlet response
      chain - filter chain
      Throws:
      IOException
      jakarta.servlet.ServletException
      Since:
      1.8
    • sendFailedAuthenticationError

      protected void sendFailedAuthenticationError(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) throws IOException
      Sends an error for a failed authentication back to client.
      Parameters:
      request - http request
      response - http response
      Throws:
      IOException
    • sendUnauthorizedError

      protected void sendUnauthorizedError(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) throws IOException
      Sends an unauthorized error back to client.
      Parameters:
      request - http request
      response - http response
      Throws:
      IOException
    • handleTokenExpiredException

      protected void handleTokenExpiredException(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, jakarta.servlet.FilterChain chain, TokenExpiredException tokenExpiredException) throws IOException, jakarta.servlet.ServletException
      Throws:
      IOException
      jakarta.servlet.ServletException
    • handleTokenValidationFailedException

      protected void handleTokenValidationFailedException(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, jakarta.servlet.FilterChain chain, TokenValidationFailedException tokenValidationFailedException) throws IOException, jakarta.servlet.ServletException
      Throws:
      IOException
      jakarta.servlet.ServletException
    • isAnonymousAccessEnabled

      protected boolean isAnonymousAccessEnabled()
      Returns true if anonymous access is enabled.