public class HttpSecurityFilter extends HttpSecurityService implements javax.servlet.Filter
HttpSecurityService.
To configure the HttpSecurityFilter, specify HttpSecurityService properties using init-params or indirectly using the properties.path property to load properties from a properties file.
The following web.xml fragment illustrates how to use the properties.path property to indirectly load all HttpSecurityService properties:
<filter>
<filter-name>HttpSecurityFilter</filter-name>
<filter-class>jespa.http.HttpSecurityFilter</filter-class>
<init-param>
<param-name>properties.path</param-name>
<param-value><b>WEB-INF/ntlm.prp</b></param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>HttpSecurityFilter</filter-name>
<url-pattern><b>/*</b></url-pattern>
</filter-mapping>
<session-config>
<session-timeout><b>600</b></session-timeout>
</session-config>
The above web.xml references the WEB-INF/ntlm.prp file which might contain properties such as the following:
provider.classname = jespa.ntlm.NtlmSecurityProvider jespa.bindstr = dc100.busicorp.local jespa.dns.servers = 192.168.44.110,192.168.22.115 jespa.dns.site = Paris jespa.service.acctname = jespa5$@busicorp.local jespa.service.password = iuy.98sap.29
Most of the above property values may be generated using the Jespa Setup Wizard as described in the Installation section of the Jespa Operator's Manual (although most property names must be prefixed with "jespa." as described in the HttpSecurityService documentation).
Because the HttpSecurityFilter is a wrapper around the HttpSecurityService, see the HttpSecurityService API documentation for instructions and descriptions of properties supported by the HttpSecurityService.
Also see the API documentation of the SecurityProvider being used.
See also the src/jespa/examples/MyHttpSecurityFilter.java source code for an example of how to create a custom HTTP security Filter.
package jespa.http;
import java.util.Map;
import java.util.HashMap;
import java.util.Enumeration;
import javax.servlet.Filter;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import jespa.security.SecurityProviderException;
public class HttpSecurityFilter extends HttpSecurityService implements Filter
{
public void init(FilterConfig config) throws ServletException
{
Map properties = new HashMap();
Enumeration e = config.getInitParameterNames();
while (e.hasMoreElements()) {
String name = (String)e.nextElement();
properties.put(name, config.getInitParameter(name));
}
try {
super.init(config.getFilterName(), config.getServletContext(), properties);
} catch (SecurityProviderException spe) {
throw new ServletException(spe);
}
}
}
The above code listing shows that this class simply converts all init-params into a Map of properties which it then passes to the HttpSecurityService.init(Map) method. After the Filter is initialized, HttpSecurityService.doFilter will be invoked directly by the Servlet container for each request.
| Constructor and Description |
|---|
HttpSecurityFilter() |
| Modifier and Type | Method and Description |
|---|---|
void |
init(javax.servlet.FilterConfig config) |
destroy, doFilter, getBindingsCertHashPolicy, getBindingsTargetSpnsPolicy, getConnectionId, getRequestCredential, getRequestPath, getServletContext, init, init, isAllowedAccess, isAnonymous, isLogout, isProtected, matchWildcard, onException, onPropertiesUpdate, toString