Package com.sonymobile.jenkins.plugins.kerberossso

Class KerberosSSOFilter

  • All Implemented Interfaces:
    javax.servlet.Filter
    public class KerberosSSOFilter
extends Object
implements javax.servlet.Filter
    Filter that authenticates users using Kerberos SSO.
    Author:
    Joakim Ahle <joakim.ahle@sonymobile.com>, Fredrik Persson <fredrik6.persson@sonymobile.com>

    • Field Summary

      Fields 
      Modifier and Type Field Description
      static String BYPASS_HEADER
      Header name that can be passed in a request in order to make this filter ignore the request and just pass it on in the filter chain.

    • Field Detail

      • BYPASS_HEADER

        public static final String BYPASS_HEADER
        Header name that can be passed in a request in order to make this filter ignore the request and just pass it on in the filter chain.
        See Also:
        Constant Field Values

    • Method Detail

      • init

        public void init​(javax.servlet.FilterConfig filterConfig)
          throws javax.servlet.ServletException
        Creates the spnego authenticator to be used in doFilter.
        Specified by:
        init in interface javax.servlet.Filter
        Parameters:
        filterConfig - ignored.
        Throws:
        javax.servlet.ServletException - if the SpnegoAuthenticator can't be created. (Something is wrong in the config)

      • doFilter

        public void doFilter​(javax.servlet.ServletRequest request,
                     javax.servlet.ServletResponse response,
                     javax.servlet.FilterChain chain)
              throws IOException,
                     javax.servlet.ServletException
        Filters every request made to the server to determine and set authentication of the user. 1. Find out if the user is already authenticated (by checking the securityContext). 2. Otherwise, authenticate the user from his Kerberos ticket and, 3. Set him as authenticated by setting a new securityContext. During the negotiation process used by Spnego, none of the filters after this one in the chain will be allowed to execute.
        Specified by:
        doFilter in interface javax.servlet.Filter
        Parameters:
        request - the Servlet request to serve
        response - the Servlet response to serve
        chain - the filter chain determining which filter will execute after ours.
        Throws:
        IOException - if redirection goes wrong or if another filter in the chain fails.
        javax.servlet.ServletException - if the authentication fails.

      • destroy

        public void destroy()
        Called if the filter needs to be destroyed.
        Specified by:
        destroy in interface javax.servlet.Filter