BaseLoginFilter (Atlassian Seraph 4.0.2 API)

java.lang.Object
- com.atlassian.seraph.filter.BaseLoginFilter

All Implemented Interfaces:

javax.servlet.Filter

Direct Known Subclasses:

PasswordBasedLoginFilter
```
public abstract class BaseLoginFilter
extends Object
implements javax.servlet.Filter
```
This is a base authentication filter. It delegates the actual login process to a child class but takes care of the redirection process.
If the authentication is successful, the user will be redirected by the filter to the URL given by the session attribute at SecurityFilter.ORIGINAL_URL_KEY.
If this URL doesn't exist, it will look for a parameter 'os_destination' to use as the redirected URL instead.
If neither is found, it is assumed that the page will check the authorisation status and handle redirection itself.
From the any other filter in the request, or the servlet/JSP/action which processes the request, you can look up the status of the authorisation attempt. The status is a String request attribute, with the key 'os_authstatus'.
The possible statuses are:
- LoginFilter.LOGIN_SUCCESS - the login was processed, and user was logged in
- LoginFilter.LOGIN_FAILURE - the login was processed, the user gave a bad username or password
- LoginFilter.LOGIN_ERROR - the login was processed, an exception occurred trying to log the user in
- LoginFilter.LOGIN_NOATTEMPT - the login was no processed, no form parameters existed

Field Summary

Fields
Modifier and Type	Field and Description
`static String`	`AUTHENTICATION_ERROR_TYPE`
`static String`	`LOGIN_ERROR`
`static String`	`LOGIN_FAILED`
`static String`	`LOGIN_NOATTEMPT`
`static String`	`LOGIN_SUCCESS`
`static String`	`OS_AUTHSTATUS_KEY`

Constructor Summary

Constructors
Constructor and Description

BaseLoginFilter()

Constructors
Constructor and Description
`BaseLoginFilter()`

Method Summary

All Methods Instance Methods Abstract Methods Concrete Methods
Modifier and Type	Method and Description
`void`	`destroy()`
`void`	`doFilter(javax.servlet.ServletRequest servletRequest, javax.servlet.ServletResponse servletResponse, javax.servlet.FilterChain filterChain)`
`protected AuthenticationContext`	`getAuthenticationContext()`
`protected Authenticator`	`getAuthenticator()`
`protected ElevatedSecurityGuard`	`getElevatedSecurityGuard()`
`protected SecurityConfig`	`getSecurityConfig()`
`void`	`init(javax.servlet.FilterConfig config)`
`protected boolean`	`isAbsoluteUrl(String url)`
`abstract String`	`login(javax.servlet.http.HttpServletRequest httpServletRequest, javax.servlet.http.HttpServletResponse httpServletResponse)` Performs the actual authentication (if required) and returns the status code.
`protected boolean`	`redirectToOriginalDestination(javax.servlet.http.HttpServletRequest httpServletRequest, javax.servlet.http.HttpServletResponse httpServletResponse)` Redirect the response to the original destination if present

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Field Detail
  - LOGIN_SUCCESS
```
public static final String LOGIN_SUCCESS
```
    See Also:
    
    Constant Field Values
  - LOGIN_FAILED
```
public static final String LOGIN_FAILED
```
    See Also:
    
    Constant Field Values
  - LOGIN_ERROR
```
public static final String LOGIN_ERROR
```
    See Also:
    
    Constant Field Values
  - LOGIN_NOATTEMPT
```
public static final String LOGIN_NOATTEMPT
```
  - OS_AUTHSTATUS_KEY
```
public static final String OS_AUTHSTATUS_KEY
```
    See Also:
    
    Constant Field Values
  - AUTHENTICATION_ERROR_TYPE
```
public static final String AUTHENTICATION_ERROR_TYPE
```
    See Also:
    
    Constant Field Values
- Constructor Detail
  - BaseLoginFilter
```
public BaseLoginFilter()
```
- Method Detail
  - init
```
public void init(javax.servlet.FilterConfig config)
```
    Specified by:
    
    init in interface javax.servlet.Filter
  - destroy
```
public void destroy()
```
    Specified by:
    
    destroy in interface javax.servlet.Filter
  - doFilter
```
public void doFilter(javax.servlet.ServletRequest servletRequest,
                     javax.servlet.ServletResponse servletResponse,
                     javax.servlet.FilterChain filterChain)
              throws IOException,
                     javax.servlet.ServletException
```
    Specified by:
    
    doFilter in interface javax.servlet.Filter
    
    Throws:
    
    IOException
    
    javax.servlet.ServletException
  - login
```
public abstract String login(javax.servlet.http.HttpServletRequest httpServletRequest,
                             javax.servlet.http.HttpServletResponse httpServletResponse)
```
    Performs the actual authentication (if required) and returns the status code. Status code is chosen to be one of these:
    The possible statuses are:
    - BaseLoginFilter.LOGIN_SUCCESS - the login was processed, and user was logged in
    - BaseLoginFilter.LOGIN_FAILURE - the login was processed, the user gave a bad username or password
    - BaseLoginFilter.LOGIN_ERROR - the login was processed, an exception occurred trying to log the user in
    - BaseLoginFilter.LOGIN_NOATTEMPT - the login was no processed, no form parameters existed
    When there is an error on login, implementations should set a request attribute with name AUTHENTICATION_ERROR_TYPE and a type of AuthenticationErrorType in order to indicate the type of error.
    Parameters:
    
    httpServletRequest - the HTTP request in play
    
    httpServletResponse - the HTTP response in play
    
    Returns:
    
    authentication status
  - redirectToOriginalDestination
```
protected boolean redirectToOriginalDestination(javax.servlet.http.HttpServletRequest httpServletRequest,
                                                javax.servlet.http.HttpServletResponse httpServletResponse)
                                         throws IOException
```
    Redirect the response to the original destination if present
    
    Parameters:
    
    httpServletRequest - the HTTP request in play
    
    httpServletResponse - the HTTP response in play
    
    Returns:
    
    true if a redirect was needed and issued
    
    Throws:
    
    IOException - If the redirect throws IOException. See HttpServletResponse.sendRedirect(String)
  - isAbsoluteUrl
```
protected boolean isAbsoluteUrl(String url)
```
  - getAuthenticator
```
protected Authenticator getAuthenticator()
```
  - getElevatedSecurityGuard
```
protected ElevatedSecurityGuard getElevatedSecurityGuard()
```
  - getSecurityConfig
```
protected SecurityConfig getSecurityConfig()
```
  - getAuthenticationContext
```
protected AuthenticationContext getAuthenticationContext()
```

Class BaseLoginFilter

Field Summary

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Field Detail

LOGIN_SUCCESS

LOGIN_FAILED

LOGIN_ERROR

LOGIN_NOATTEMPT

OS_AUTHSTATUS_KEY

AUTHENTICATION_ERROR_TYPE

Constructor Detail

BaseLoginFilter

Method Detail

init

destroy

doFilter

login

redirectToOriginalDestination

isAbsoluteUrl

getAuthenticator

getElevatedSecurityGuard

getSecurityConfig

getAuthenticationContext