LoginFilter (Atlassian Seraph 4.0.2 API)

java.lang.Object
- com.atlassian.seraph.filter.BaseLoginFilter
- - com.atlassian.seraph.filter.PasswordBasedLoginFilter
  - - com.atlassian.seraph.filter.LoginFilter

All Implemented Interfaces:

javax.servlet.Filter
```
public class LoginFilter
extends PasswordBasedLoginFilter
```
This is a filter that logs the user in. It works a little like J2EE form-based seraph, except it looks for the parameters 'os_username' and 'os_password' instead of j_username and j_password.
Since 3.1.0 this filter does not let you log in through values in the URL "query string" by default because your password will then end up in HTTP Request logs. Host Applications can override the default or even expose a flag to users to set the required behaviour if required for legacy situations.
The form post/get action should be the URL of the login servlet/JSP/action - given by SecurityFilter.LOGIN_URL.
If the parameters exist and authentication is successful, the user will be redirected by the filter to the URL given by the session attribute at SecurityFilter.ORIGINAL_URL_KEY.
If this URL doesn't exist, it will look for a parameter 'os_destination' to use as the redirected URL instead.
If neither is found, it is assumed that the page will check the authorisation status and handle redirection itself.
From the any other filter in the request, or the servlet/JSP/action which processes the request, you can look up the status of the authorisation attempt. The status is a String request attribute, with the key 'os_authstatus'.
The possible statuses are:
- LoginFilter.LOGIN_SUCCESS - the login was processed, and user was logged in
- LoginFilter.LOGIN_FAILURE - the login was processed, the user gave a bad username or password
- LoginFilter.LOGIN_ERROR - the login was processed, an exception occurred trying to log the user in
- LoginFilter.LOGIN_NOATTEMPT - the login was no processed, no form parameters existed

Nested Class Summary
- Nested classes/interfaces inherited from class com.atlassian.seraph.filter.PasswordBasedLoginFilter
  PasswordBasedLoginFilter.UserPasswordPair

Field Summary
- Fields inherited from class com.atlassian.seraph.filter.BaseLoginFilter
  AUTHENTICATION_ERROR_TYPE, LOGIN_ERROR, LOGIN_FAILED, LOGIN_NOATTEMPT, LOGIN_SUCCESS, OS_AUTHSTATUS_KEY

Constructor Summary

Constructors
Constructor and Description

LoginFilter()

Constructors
Constructor and Description
`LoginFilter()`

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`protected PasswordBasedLoginFilter.UserPasswordPair`	`extractUserPasswordPair(javax.servlet.http.HttpServletRequest request)` Returns a username password pair for this request.
`void`	`init(javax.servlet.FilterConfig config)`
`void`	`setAllowUrlParameterValue(boolean allowUrlParameterValue)` Sets the value of allowUrlParameterValue.
`void`	`setDisableLoggingDeprecationUrlParameterValue(boolean disableLoggingDeprecationUrlParameterValue)` Sets the value of disableLoggingDeprecationUrlParameterValue.

Methods inherited from class com.atlassian.seraph.filter.PasswordBasedLoginFilter
login

Methods inherited from class com.atlassian.seraph.filter.BaseLoginFilter
destroy, doFilter, getAuthenticationContext, getAuthenticator, getElevatedSecurityGuard, getSecurityConfig, isAbsoluteUrl, redirectToOriginalDestination

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - LoginFilter
```
public LoginFilter()
```
- Method Detail
  - init
```
public void init(javax.servlet.FilterConfig config)
```
    Specified by:
    
    init in interface javax.servlet.Filter
    
    Overrides:
    
    init in class BaseLoginFilter
  - setAllowUrlParameterValue
```
public void setAllowUrlParameterValue(boolean allowUrlParameterValue)
```
    Sets the value of allowUrlParameterValue.
    
    Parameters:
    
    allowUrlParameterValue - if true then url parameter values for username and password will be accepted. If false url parameter values for username and password will not be accepted.
    
    Since:
    
    3.1.0
  - setDisableLoggingDeprecationUrlParameterValue
```
public void setDisableLoggingDeprecationUrlParameterValue(boolean disableLoggingDeprecationUrlParameterValue)
```
    Sets the value of disableLoggingDeprecationUrlParameterValue.
    
    Parameters:
    
    disableLoggingDeprecationUrlParameterValue - if true then deprecated url parameter usage will not be logged. If false then deprecated url parameter usage will be logged.
    
    Since:
    
    4.0.2
  - extractUserPasswordPair
```
protected PasswordBasedLoginFilter.UserPasswordPair extractUserPasswordPair(javax.servlet.http.HttpServletRequest request)
```
    Description copied from class: PasswordBasedLoginFilter
    
    Returns a username password pair for this request. If this request does not contain user credentials - returns null;
    
    Specified by:
    
    extractUserPasswordPair in class PasswordBasedLoginFilter
    
    Parameters:
    
    request - the HTTP request in play
    
    Returns:
    
    user credentials or null

Class LoginFilter

Nested Class Summary

Nested classes/interfaces inherited from class com.atlassian.seraph.filter.PasswordBasedLoginFilter

Field Summary

Fields inherited from class com.atlassian.seraph.filter.BaseLoginFilter

Constructor Summary

Method Summary

Methods inherited from class com.atlassian.seraph.filter.PasswordBasedLoginFilter

Methods inherited from class com.atlassian.seraph.filter.BaseLoginFilter

Methods inherited from class java.lang.Object

Constructor Detail

LoginFilter

Method Detail

init

setAllowUrlParameterValue

setDisableLoggingDeprecationUrlParameterValue

extractUserPasswordPair