AdminSecurityFilter (BroadleafCommerce Open Admin Platform 5.2.6-GA API)

java.lang.Object
- org.springframework.web.filter.GenericFilterBean
- - org.springframework.web.filter.OncePerRequestFilter
  - - org.broadleafcommerce.common.security.handler.SecurityFilter
    - - org.broadleafcommerce.openadmin.web.filter.AdminSecurityFilter

All Implemented Interfaces:

javax.servlet.Filter, org.springframework.beans.factory.Aware, org.springframework.beans.factory.BeanNameAware, org.springframework.beans.factory.DisposableBean, org.springframework.beans.factory.InitializingBean, org.springframework.context.EnvironmentAware, org.springframework.core.env.EnvironmentCapable, org.springframework.web.context.ServletContextAware
```
@Component(value="blAdminCsrfFilter")
public class AdminSecurityFilter
extends SecurityFilter
```
This class attempts the work flow of the CsrfFilter, but in the event of a Csrf token mismatch (Session reset for example) the User will be redirected to login, if not session reset User is sent to previous location. This class also handles stale state detection for the admin. This can occur when an admin page form is submitted and the system detects that key state has changed since the time the page was originally rendered. See StaleStateProtectionService for details.
applicationContext-admin-security should reference this class as follows:
... <sec:custom-filter ref="blPreSecurityFilterChain" before="CHANNEL_FILTER"/> <sec:custom-filter ref="blSecurityFilter" before="FORM_LOGIN_FILTER"/> <sec:custom-filter ref="blAdminFilterSecurityInterceptor" after="EXCEPTION_TRANSLATION_FILTER"/> <sec:custom-filter ref="blPostSecurityFilterChain" after="SWITCH_USER_FILTER"/> </sec:http> <bean id="blSecurityFilter" class="org.broadleafcommerce.openadmin.web.filter.AdminSecurityFilter" /> ...

Author:

trevorleffert, Jeff Fischer

Field Summary

Fields
Modifier and Type Field and Description

protected org.springframework.security.web.authentication.AuthenticationFailureHandler failureHandler
- Fields inherited from class org.broadleafcommerce.common.security.handler.SecurityFilter
  excludedRequestPatterns, exploitProtectionService, staleStateProtectionService
- Fields inherited from class org.springframework.web.filter.OncePerRequestFilter
  ALREADY_FILTERED_SUFFIX
- Fields inherited from class org.springframework.web.filter.GenericFilterBean
  logger

Fields
Modifier and Type	Field and Description
`protected org.springframework.security.web.authentication.AuthenticationFailureHandler`	`failureHandler`

Constructor Summary

Constructors
Constructor and Description

AdminSecurityFilter()

Constructors
Constructor and Description
`AdminSecurityFilter()`

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`void`	`doFilterInternal(javax.servlet.http.HttpServletRequest baseRequest, javax.servlet.http.HttpServletResponse baseResponse, javax.servlet.FilterChain chain)`

Methods inherited from class org.broadleafcommerce.common.security.handler.SecurityFilter
getExcludedRequestPatterns, setExcludedRequestPatterns

Methods inherited from class org.springframework.web.filter.OncePerRequestFilter
doFilter, getAlreadyFilteredAttributeName, isAsyncDispatch, isAsyncStarted, shouldNotFilter, shouldNotFilterAsyncDispatch, shouldNotFilterErrorDispatch

Methods inherited from class org.springframework.web.filter.GenericFilterBean
addRequiredProperty, afterPropertiesSet, createEnvironment, destroy, getEnvironment, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

failureHandler

@Autowired(required=false)
 @Qualifier(value="blAdminAuthenticationFailureHandler")
protected org.springframework.security.web.authentication.AuthenticationFailureHandler failureHandler

Constructor Detail
- AdminSecurityFilter
```
public AdminSecurityFilter()
```

Method Detail

doFilterInternal

public void doFilterInternal(javax.servlet.http.HttpServletRequest baseRequest,
                             javax.servlet.http.HttpServletResponse baseResponse,
                             javax.servlet.FilterChain chain)
                      throws IOException,
                             javax.servlet.ServletException

Overrides:: doFilterInternal in class SecurityFilter
Throws:: IOException; javax.servlet.ServletException

Class AdminSecurityFilter

Field Summary

Fields inherited from class org.broadleafcommerce.common.security.handler.SecurityFilter

Fields inherited from class org.springframework.web.filter.OncePerRequestFilter

Fields inherited from class org.springframework.web.filter.GenericFilterBean

Constructor Summary

Method Summary

Methods inherited from class org.broadleafcommerce.common.security.handler.SecurityFilter

Methods inherited from class org.springframework.web.filter.OncePerRequestFilter

Methods inherited from class org.springframework.web.filter.GenericFilterBean

Methods inherited from class java.lang.Object

Field Detail

failureHandler

Constructor Detail

AdminSecurityFilter

Method Detail

doFilterInternal