org.apache.jetspeed.security.impl
Class AbstractSecurityValve

java.lang.Object
  extended by org.apache.jetspeed.pipeline.valve.AbstractValve
      extended by org.apache.jetspeed.security.impl.AbstractSecurityValve
All Implemented Interfaces:
SecurityValve, Valve
Direct Known Subclasses:
NtlmSecurityValve, SecurityValveImpl

public abstract class AbstractSecurityValve
extends AbstractValve
implements SecurityValve

AbstractSecurityValve

Version:
$Id: AbstractSecurityValve.java 544402 2007-06-05 06:20:00Z taylor $
Author:
Scott T. Weaver

Field Summary
protected  PortalAuthenticationConfiguration authenticationConfiguration
           
 
Fields inherited from interface org.apache.jetspeed.pipeline.valve.SecurityValve
IP_ADDRESS
 
Constructor Summary
AbstractSecurityValve()
           
 
Method Summary
protected abstract  javax.security.auth.Subject getSubject(RequestContext request)
           getSubject
protected  javax.security.auth.Subject getSubjectFromSession(RequestContext request)
           getSubjectFromSession
protected abstract  java.security.Principal getUserPrincipal(RequestContext request)
           getUserPrincipal
 void invoke(RequestContext request, ValveContext context)
           invoke
protected  boolean isSessionExpired(RequestContext request)
          Check for hard limit session expiration time out
 
Methods inherited from class org.apache.jetspeed.pipeline.valve.AbstractValve
initialize
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 
Methods inherited from interface org.apache.jetspeed.pipeline.valve.Valve
initialize
 

Field Detail

authenticationConfiguration

protected PortalAuthenticationConfiguration authenticationConfiguration
Constructor Detail

AbstractSecurityValve

public AbstractSecurityValve()
Method Detail

getSubject

protected abstract javax.security.auth.Subject getSubject(RequestContext request)
                                                   throws java.lang.Exception

getSubject

Should build and return a javax.security.Subject

Parameters:
request -
Returns:
Subject
Throws:
java.lang.Exception

getUserPrincipal

protected abstract java.security.Principal getUserPrincipal(RequestContext request)
                                                     throws java.lang.Exception

getUserPrincipal

Should build and return a java.security.Principal that represents the user name the Subject returned from getSubject()

Parameters:
request -
Returns:
Principal
Throws:
java.lang.Exception

getSubjectFromSession

protected final javax.security.auth.Subject getSubjectFromSession(RequestContext request)
                                                           throws java.lang.Exception

getSubjectFromSession

Parameters:
request -
Returns:
javax.security.Subject or null if there is no servlet session attribute defined for the key org.apache.jetspeed.PortalReservedParameters.SESSION_KEY_SUBJECT.
Throws:
java.lang.Exception

invoke

public void invoke(RequestContext request,
                   ValveContext context)
            throws PipelineException

invoke

Uses getSubject() to call ValveContext.invokeNext() via JSSubjectdoAsPrivileged(). This method also takes care of setting the value of the RequestContext.subject property and the session attribute org.apache.jetspeed.PortalReservedParameters.SESSION_KEY_SUBJECT

Specified by:
invoke in interface Valve
Specified by:
invoke in class AbstractValve
Parameters:
request -
context -
Throws:
PipelineException - if the is an error encountered during any security operations.
See Also:
Valve.invoke(org.apache.jetspeed.request.RequestContext, org.apache.jetspeed.pipeline.valve.ValveContext)

isSessionExpired

protected boolean isSessionExpired(RequestContext request)
                            throws PipelineException
Check for hard limit session expiration time out

Parameters:
request -
Returns:
Throws:
PipelineException


Copyright © 1999-2010 Apache Software Foundation. All Rights Reserved.