com.hfg.webapp.filter.auth

Class LDAP_AuthenticationFilter

java.lang.Object

com.hfg.webapp.filter.auth.AuthenticationFilter

com.hfg.webapp.filter.auth.LDAP_AuthenticationFilter

All Implemented Interfaces:

javax.servlet.Filter

public class LDAP_AuthenticationFilter
extends AuthenticationFilter

Webapp filter for using LDAP authentication. Allows the user to use a LDAP account to log into a webapp. Optionally, if elliptical curve keys are specified a cookie lasting for the duration of the browser session can be employed to ensure continuous connectivity even if the webapp's session has expired.

Example web.xml configuration:

     <filter>
       <filter-name>LDAP_AuthenticationFilter</filter-name>
       <filter-class>com.hfg.webapp.filter.auth.LDAP_AuthenticationFilter</filter-class>

       <!-- Use LDAP_ConfigJSON for multi-domain configurations -->
       <init-param>
         <param-name>LDAP_ConfigJSON</param-name>
         <param-value> [ {'domainCommonName': 'Foo', ‘domain’: ‘foo.com’, ‘server’: ‘ldaps://ldap.foo.com’, ‘principalFieldName’: ‘sAMAccountName’, ‘userContext’: ‘OU=Users,DC=foo,DC=com’, 'activeDirectory': true }
               ]
         </param-value>
       </init-param>

       <init-param>
         <param-name>LDAP_ServerURL</param-name>
         <param-value>ldaps://ldap.foo.com</param-value>
       </init-param>

       <init-param>
         <param-name>LDAP_PrincipalFieldName</param-name>
         <param-value>uid</param-value>
       </init-param>

       <init-param>
         <param-name>LDAP_PrincipalSuffix</param-name>
         <param-value>@example.com</param-value>
       </init-param>

       <!-- Note: Acive Directory LDAP instances may not want a principal context or principal field name -->

       <init-param>
         <param-name>LDAP_PrincipalContext</param-name>
         <param-value>dc=example,dc=com</param-value>
       </init-param>
       <init-param>
         <param-name>LDAP_UserContext</param-name>
         <param-value>dc=example,dc=com</param-value>
       </init-param>
       <init-param>
         <param-name>ApplicationName</param-name>
         <param-value>My Webapp</param-value>
       </init-param>
       <!-- An optional hint to be displayed on the login form can be specified -->
       <init-param>
         <param-name>Hint</param-name>
         <param-value>Use your full email address as the username</param-value>
       </init-param>
       <init-param>
         <param-name>InitialUrl</param-name>
         <param-value>/MyWebapp/index.html</param-value>
       </init-param>
       <init-param>
         <param-name>PreserveRequestedUrl</param-name>
         <param-value>true</param-value>
       </init-param>
       <init-param>
         <param-name>UseHTTPS</param-name>
         <param-value>true</param-value>
       </init-param>
       <!-- Optionally, a signed browser session cookie can be used to facilitate access after the initial request -->
       <init-param>
         <param-name>UseSessionCookie</param-name>
         <param-value>true</param-value>
       </init-param>
       <!-- Optionally, a directory containing an elliptic curve key pair (ECPublic.key and ECPrivate.key) can be specified
               for signing a browser session cookie. Otherwise a new EC key pair will be created. -->
       <init-param>
         <param-name>ECKeyDir</param-name>
         <param-value>/home/user/me</param-value>
       </init-param>
       <!-- Requests matching this regexp will be allowed to bypass authentication -->
       <init-param>
         <param-name>BypassRegexp</param-name>
         <param-value>^/(images|css|js|rsrc)/</param-value>
       </init-param>
       <!-- Optionally, a domain restriction can be applied. (Value can be one or more space, comma, or semi-colon separated values) -->
       <init-param>
         <param-name>DomainRestriction</param-name>
         <param-value>foobar.com</param-value>
       </init-param>

       <!-- Optionally, styling can be applied. -->
       <init-param>
          <param-name>Login_Body_Styling</param-name>
          <param-value>margin:auto; background-color:white</param-value>
       </init-param>
       <init-param>
          <param-name>Login_Div_Styling</param-name>
          <param-value>padding:10px; background-color:#cccccc; border:2px solid #666666; border-radius:6px</param-value>
       </init-param>
       <init-param>
          <param-name>Login_Button_Styling</param-name>
          <param-value>padding:5px; background-color:#cccccc</param-value>
       </init-param>

       <init-param>
          <param-name>App_Logo_Path</param-name>
          <param-value>/lkh/images/icon_lkh.svg</param-value>
       </init-param>
       <init-param>
          <param-name>App_Logo_Styling</param-name>
          <param-value>height:100px; opacity:80%; left:0px; top:35px;</param-value>
       </init-param>

     </filter>

     <filter-mapping>
       <filter-name>LDAP_AuthenticationFilter</filter-name>
       <url-pattern>/*</url-pattern>
     </filter-mapping>

   

Field Summary

Fields

Modifier and Type	Field and Description
static String	App_Logo_Path
static String	App_Logo_Styling
static String	Hint
static String	LDAP_ConfigJSON
static String	LDAP_PrincipalContext
static String	LDAP_PrincipalFieldName
static String	LDAP_PrincipalSuffix
static String	LDAP_ServerURL
static String	LDAP_UserContext
static String	Login_Body_Styling
static String	Login_Button_Styling
static String	Login_Div_Styling
static String	UseHTTPS

Fields inherited from class com.hfg.webapp.filter.auth.AuthenticationFilter

AUTH_FILTER, AUTH_USERNAME_COOKIE_NAME, BROWSER_SESSION_AUTH_COOKIE_NAME, DOMAIN, PASSWORD, REDIRECT_URL, REMEMBER_USERNAME, SESSION_USER, STATE, TIMEZONE_OFFSET, USERNAME

Constructor Summary

Constructors

Constructor and Description
LDAP_AuthenticationFilter()

Method Summary

Modifier and Type	Method and Description
void	destroy()
static Map<String,LDAP_Config>	extractLDAP_Config(javax.servlet.FilterRegistration inFilterRegistration) Function which can be used by the Servlet to access the LDAP configuration.
static Logger	getLogger()
void	init(javax.servlet.FilterConfig inFilterConfig)
protected void	innerDoFilter(javax.servlet.ServletRequest inRequest, javax.servlet.ServletResponse inResponse, javax.servlet.FilterChain inFilterChain)

Methods inherited from class com.hfg.webapp.filter.auth.AuthenticationFilter

browserSessionCookieIsValid, createUserObjFromBrowserSessionCookie, doFilter, generateAuthUsernameCookie, generateBrowserSessionCookie, getAllowedUserDomains, getAppName, getAuthUsernameCookie, getAuthUsernameCookieValue, getBrowserSessionCookie, getBypassPattern, getECKeyPair, getECKeyPair, getFilterConfig, getInitialURL, getPreserveRequestedURL, getUser, getUser, getUseSessionCookie, isAllowedUserDomain, logout

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

LDAP_ConfigJSON

public static final String LDAP_ConfigJSON

See Also:

Constant Field Values

LDAP_ServerURL

public static final String LDAP_ServerURL

See Also:

Constant Field Values

LDAP_UserContext

public static final String LDAP_UserContext

See Also:

Constant Field Values

LDAP_PrincipalContext

public static final String LDAP_PrincipalContext

See Also:

Constant Field Values

LDAP_PrincipalSuffix

public static final String LDAP_PrincipalSuffix

See Also:

Constant Field Values

LDAP_PrincipalFieldName

public static final String LDAP_PrincipalFieldName

See Also:

Constant Field Values

UseHTTPS

public static final String UseHTTPS

See Also:

Constant Field Values

Hint

public static final String Hint

See Also:

Constant Field Values

Login_Body_Styling

public static final String Login_Body_Styling

See Also:

Constant Field Values

Login_Div_Styling

public static final String Login_Div_Styling

See Also:

Constant Field Values

Login_Button_Styling

public static final String Login_Button_Styling

See Also:

Constant Field Values

App_Logo_Path

public static final String App_Logo_Path

See Also:

Constant Field Values

App_Logo_Styling

public static final String App_Logo_Styling

See Also:

Constant Field Values

Constructor Detail

LDAP_AuthenticationFilter

public LDAP_AuthenticationFilter()

Method Detail

init

public void init(javax.servlet.FilterConfig inFilterConfig)
          throws javax.servlet.ServletException

Specified by:

init in interface javax.servlet.Filter

Overrides:

init in class AuthenticationFilter

Throws:

javax.servlet.ServletException

extractLDAP_Config

public static Map<String,LDAP_Config> extractLDAP_Config(javax.servlet.FilterRegistration inFilterRegistration)

Function which can be used by the Servlet to access the LDAP configuration.

Parameters:

inFilterRegistration - the FilterRegistration object

Returns:

a Map containing the LDAP configurations

getLogger

public static Logger getLogger()

destroy

public void destroy()

innerDoFilter

protected void innerDoFilter(javax.servlet.ServletRequest inRequest,
                             javax.servlet.ServletResponse inResponse,
                             javax.servlet.FilterChain inFilterChain)
                      throws Exception

Specified by:

innerDoFilter in class AuthenticationFilter

Throws:

Exception