Skip to main content


Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Eclipse Projects » Eclipse Scout » AbstractChainableSecurityFilter
AbstractChainableSecurityFilter [message #960380] Sat, 27 October 2012 12:26 Go to next message
Adrian MoserFriend
Messages: 67
Registered: March 2011
Member
Is there any reason the method

doFilter(ServletRequest in, ServletResponse out, final FilterChain chain)


in AbstractChainableSecurityFilter is final? I would like to reuse existing functionality in my customized SecurityFilter.

If there is no specific reason, I would create a ticket to remove final from this method.

Report message to a moderator

Re: AbstractChainableSecurityFilter [message #962867 is a reply to message #960380] Mon, 29 October 2012 11:43 Go to previous messageGo to next message
Stephan Leicht Vogt is currently offline Stephan Leicht VogtFriend
Messages: 104
Registered: July 2015
Senior Member
Hi Adrian

Yes, there is a reason. doFilter should not be overridden. The implementing class has to implement 
negotiate(HttpServletRequest req, HttpServletResponse resp, PrincipalHolder holder)
where the logic is held. See org.eclipse.scout.http.servletfilter.security.LDAPSecurityFilter for an example.

If this doesn't help you please give an hint, what you want to customize in your SecurityFilter. Perhaps there is an other possibility how to do this.

Greetings Stephan

Report message to a moderator

Re: AbstractChainableSecurityFilter [message #963052 is a reply to message #962867] Mon, 29 October 2012 14:38 Go to previous message
Adrian MoserFriend
Messages: 67
Registered: March 2011
Member
Thanks Stephan. In my case, the negotiation should be called in specific cases even when there is an existing subject on the session. But as negotiate is only called when there is no subject (findSubjectOnSession(...)) on the session, there is no way to hook in as doFilter is final.

Consider the following login scenario:
- login either by request parameters that contain username and encrypted password
(e.g. for embedding my application into an existing webapp)
- or by traditional login using basic authentication (login box)
where both login box and parameter login would authenticate against data stored in the same database.

Actually I do not see the reason why doFilter must be final.

Kind regards
Adrian

Report message to a moderator

Previous Topic:Eclipse Scout Mobile / Browser Support
Next Topic:Customized Swing Login Dialog
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Fri Apr 19 00:47:03 GMT 2024

Powered by FUDForum. Page generated in 0.02408 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software

Back to the top

Sign up to our Newsletter

A fresh new issue delivered monthly