Package org.jivesoftware.admin

Class AuthCheckFilter

java.lang.Object
org.jivesoftware.admin.AuthCheckFilter
All Implemented Interfaces:
javax.servlet.Filter
public class AuthCheckFilter extends Object implements javax.servlet.Filter
A simple filter which checks for the auth token in the user's session. If it's not there the filter will redirect to the login page.

  • Field Details

    • SERVLET_REQUEST_AUTHENTICATOR

      public static final SystemProperty<Class> SERVLET_REQUEST_AUTHENTICATOR

    • IP_ACCESS_BLOCKLIST

      public static final SystemProperty<Set<String>> IP_ACCESS_BLOCKLIST
      List of IP addresses that are not allowed to access the admin console.

    • IP_ACCESS_ALLOWLIST

      public static final SystemProperty<Set<String>> IP_ACCESS_ALLOWLIST
      List of IP addresses that are allowed to access the admin console. When empty, this list is ignored.

    • IP_ACCESS_IGNORE_EXCLUDES

      public static final SystemProperty<Boolean> IP_ACCESS_IGNORE_EXCLUDES
      Controls if IP Access lists are applied to excluded URLs.

    • ALLOW_WILDCARDS_IN_EXCLUDES

      public static final SystemProperty<Boolean> ALLOW_WILDCARDS_IN_EXCLUDES
      Controls whether wildcards are allowed in URLs that are excluded from auth checks.

  • Constructor Details

    • AuthCheckFilter

      public AuthCheckFilter()

  • Method Details

    • getInstance

      public static AuthCheckFilter getInstance()
      Returns a singleton instance of the AuthCheckFilter.
      Returns:
      an instance.

    • isServletRequestAuthenticatorInstanceOf

      public static boolean isServletRequestAuthenticatorInstanceOf(Class<? extends ServletRequestAuthenticator> clazz)
      Indicates if the currently-installed ServletRequestAuthenticator is an instance of a specific class.
      Parameters:
      clazz - the class to check
      Returns:
      true if the currently-installed ServletRequestAuthenticator is an instance of clazz, otherwise false.

    • addExclude

      public static void addExclude(String exclude)
      Adds a new string that when present in the requested URL will skip the "is logged" checking.
      Parameters:
      exclude - the string to exclude.

    • removeExclude

      public static void removeExclude(String exclude)
      Removes a string that when present in the requested URL will skip the "is logged" checking.
      Parameters:
      exclude - the string that was being excluded.

    • excludesIncludeWildcards

      public static boolean excludesIncludeWildcards()
      Indicates to the caller whether any of the currently loaded exclusions contains a wildcard

    • testURLPassesExclude

      public static boolean testURLPassesExclude(String url, String exclude)
      Returns true if a URL passes an exclude rule.
      Parameters:
      url - the URL to test.
      exclude - the exclude rule.
      Returns:
      true if the URL passes the exclude test.

    • init

      public void init(javax.servlet.FilterConfig config) throws javax.servlet.ServletException
      Specified by:
      init in interface javax.servlet.Filter
      Throws:
      javax.servlet.ServletException

    • doFilter

      public void doFilter(javax.servlet.ServletRequest req, javax.servlet.ServletResponse res, javax.servlet.FilterChain chain) throws IOException, javax.servlet.ServletException
      Specified by:
      doFilter in interface javax.servlet.Filter
      Throws:
      IOException
      javax.servlet.ServletException

    • destroy

      public void destroy()
      Specified by:
      destroy in interface javax.servlet.Filter

    • passesBlocklist

      public static boolean passesBlocklist(@Nonnull javax.servlet.ServletRequest req)
      Verifies that the remote address of the request is not on the blocklist. If this method returns 'false', the request should not be allowed to be serviced.
      Parameters:
      req - The request for which the check the remote address.
      Returns:
      true if the remote address of the request is not on the blacklist.

    • passesAllowList

      public static boolean passesAllowList(@Nonnull javax.servlet.ServletRequest req)
      Verifies that the remote address of the request is either on the allowlist, or the allowlist is empty. If this method returns 'false', the request should not be allowed to be serviced.
      Parameters:
      req - The request for which the check the remote address.
      Returns:
      true if the remote address of the request is on the allowlist, or when the allowlist is empty.

    • loadSetupExcludes

      public static void loadSetupExcludes()