Request Filter Example

A request filter is a server module that intercepts all requests made to a servlet. Below is a complete example of a request filter that performs a single sign-on into the Style Intelligence Report Servlet or its Proxy Servlet. To use the request filter, compile the class below and place it on the classpath.

Please note that the credential-passing mechanism in this example is intended for demonstration only, and should not be used in a production environment. A ticketing mechanism is typically used for this purpose, and the request filter should include logic to validate the ticket.

package com.inetsoft.demo;

 

import java.io.IOException;

import javax.servlet.*;

import javax.servlet.http.*;

import inetsoft.sree.RepletRepository;

import inetsoft.sree.security.SRPrincipal;

 

public final class InetSoftSSOFilter implements Filter {

  private FilterConfig filterConfig = null;

 

  public void init(FilterConfig filterConfig)

  throws ServletException {

    this.filterConfig = filterConfig;

  }

 

  public void destroy() {

this.filterConfig = null;

  }

 

  public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)

  throws IOException, ServletException {

    if(request instanceof HttpServletRequest) {

      HttpServletRequest hrequest = (HttpServletRequest) request;

      HttpSession session = hrequest.getSession();

      SRPrincipal prin = (SRPrincipal)session.getAttribute

(RepletRepository.PRINCIPAL_COOKIE);

 

      if (prin == null) {

 

This simplistic credential-passing mechanism is intended for demonstration only, and is not recommended for use in a production environment.

        // Extract user info based on your environment.

        // For demo purpose, we assume here that it is

        // passed as a URL parameter.

 

        String user = request.getParameter("SSO");

 

        if(user != null) {

          prin = new SRPrincipal(user);

          session.setAttribute(RepletRepository.PRINCIPAL_COOKIE, prin);

 

        }

      }

    }

 

    chain.doFilter(request, response);

  }

}

This example assumes that user information is passed via a request parameter called “SSO”. The code in bold text performs a partial SSO, logging in the user without group or role assignment. The distinction between partial SSO and complete SSO is explained below.

Partial SSO: Logging In the User without a Group or Role Assignment

Partial SSO logs a user into the Style Intelligence web application without any group or role assignment. Style Intelligence will invoke the getUser() method in the authentication module of the security provider, which is responsible for looking up the user's group and role assignment.

To implement partial SSO, use the code snippet in bold text in the example InetSoftSSOFilter above.

prin = new SRPrincipal(user);

session.setAttribute(RepletRepository.PRINCIPAL_COOKIE, prin);

Complete SSO - Logging In the User with a Group and Role Assignment

Complete SSO logs a user into the Style Intelligence web application with a specific group and role assignment. When you provide such group and/or role information within the SRPrincipal object, Style Intelligence uses the specified assignments and bypasses the authentication module of the security provider. In this case, the security provider is responsible only for providing a list of groups and roles to set security permissions.

To implement complete SSO, use the following code snippet in place of the bold text in the example InetSoftSSOFilter above.

prin = new SRPrincipal(user, new String[] {"role1", "role2"}, new String[]{"Group1"}, 1234);

session.setAttribute(RepletRepository.PRINCIPAL_COOKIE, prin);

Next Steps: Deploying the Request Filter.

<< Request Filter mapped to the Style Intelligence Report Servlet © 1996-2013 InetSoft Technology Corporation (v11.4) Deploying the Request Filter >>