Package com.sonymobile.jenkins.plugins.kerberossso

Class KerberosSSOFilter

java.lang.Object
com.sonymobile.jenkins.plugins.kerberossso.KerberosSSOFilter
All Implemented Interfaces:
jakarta.servlet.Filter
public class KerberosSSOFilter extends Object implements jakarta.servlet.Filter
Filter that authenticates users using Kerberos SSO.
Author:
Joakim Ahle <joakim.ahle@sonymobile.com>, Fredrik Persson <fredrik6.persson@sonymobile.com>

  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    static final String
    BYPASS_HEADER
    Header name that can be passed in a request in order to make this filter ignore the request and just pass it on in the filter chain.

  • Method Summary

    Modifier and Type
    Method
    Description
    void
    destroy()
    Called if the filter needs to be destroyed.
    void
    doFilter(jakarta.servlet.ServletRequest request, jakarta.servlet.ServletResponse response, jakarta.servlet.FilterChain chain)
    Filters every request made to the server to determine and set authentication of the user.
    void
    init(jakarta.servlet.FilterConfig filterConfig)
    Creates the spnego authenticator to be used in doFilter.

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Field Details

    • BYPASS_HEADER

      public static final String BYPASS_HEADER
      Header name that can be passed in a request in order to make this filter ignore the request and just pass it on in the filter chain.
      See Also:

  • Method Details

    • init

      public void init(jakarta.servlet.FilterConfig filterConfig) throws jakarta.servlet.ServletException
      Creates the spnego authenticator to be used in doFilter.
      Specified by:
      init in interface jakarta.servlet.Filter
      Parameters:
      filterConfig - ignored.
      Throws:
      jakarta.servlet.ServletException - if the SpnegoAuthenticator can't be created. (Something is wrong in the config)

    • doFilter

      public void doFilter(jakarta.servlet.ServletRequest request, jakarta.servlet.ServletResponse response, jakarta.servlet.FilterChain chain) throws IOException, jakarta.servlet.ServletException
      Filters every request made to the server to determine and set authentication of the user. 1. Find out if the user is already authenticated (by checking the securityContext). 2. Otherwise, authenticate the user from his Kerberos ticket and, 3. Set him as authenticated by setting a new securityContext. During the negotiation process used by Spnego, none of the filters after this one in the chain will be allowed to execute.
      Specified by:
      doFilter in interface jakarta.servlet.Filter
      Parameters:
      request - the Servlet request to serve
      response - the Servlet response to serve
      chain - the filter chain determining which filter will execute after ours.
      Throws:
      IOException - if redirection goes wrong or if another filter in the chain fails.
      jakarta.servlet.ServletException - if the authentication fails.

    • destroy

      public void destroy()
      Called if the filter needs to be destroyed.
      Specified by:
      destroy in interface jakarta.servlet.Filter