Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

com.bea.netuix.servlets.filters
Class IncludeSecurityFilter

java.lang.Object
  extended by com.bea.netuix.servlets.filters.IncludeSecurityFilter
All Implemented Interfaces
javax.servlet.Filter
public class IncludeSecurityFilter
extends Object
implements javax.servlet.Filter

Filter to check security constraints on resources that get included via wlp. J2EE spec does not perform security checks to included or forwarded resources by default. To lock down resources, add a security constraint to web.xml, which protects direct access to these resources. Entitlements can be added to lock down access to portal resources (desktops, books, pages, portlets, etc). Since portlets could include content that is protected, using this filter will make sure we check access to all resources prior to including them. To disable this feature a no-op filter can be added in each webApps web.xml, see com.bea.p13n.servlets.NullFilter

For example, the filter is enabled by this include filter being enabled: 

    <filter>
      <filter-name>IncludeSecurityFilter</filter-name>
      <filter-class>com.bea.netuix.servlets.filters.IncludeSecurityFilterr</filter-class>
    </filter>
You can override this in your application's web.xml using the same filter-name, like this: 
    <filter>
      <filter-name>IncludeSecurityFilter</filter-name>
      <filter-class>com.bea.p13n.servlets.NullFilter</filter-class>
    </filter>

Field Summary
protected static Debug debug
           
 
Constructor Summary
IncludeSecurityFilter()
           
 
Method Summary
 void destroy()
          No implementation.
 void doFilter(javax.servlet.ServletRequest servletRequest, javax.servlet.ServletResponse servletResponse, javax.servlet.FilterChain filterChain)
          Checks the included resource for possible security constraints
 void init(javax.servlet.FilterConfig filterConfig)
          No implementation.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

debug

protected static Debug debug
Constructor Detail

IncludeSecurityFilter

public IncludeSecurityFilter()
Method Detail

init

public void init(javax.servlet.FilterConfig filterConfig)
          throws javax.servlet.ServletException
No implementation.

Specified by:
init in interface javax.servlet.Filter
Parameters
filterConfig -
Throws
javax.servlet.ServletException

doFilter

public void doFilter(javax.servlet.ServletRequest servletRequest,
                     javax.servlet.ServletResponse servletResponse,
                     javax.servlet.FilterChain filterChain)
              throws IOException,
                     javax.servlet.ServletException
Checks the included resource for possible security constraints

Specified by:
doFilter in interface javax.servlet.Filter
Throws
IOException
javax.servlet.ServletException

destroy

public void destroy()
No implementation.

Specified by:
destroy in interface javax.servlet.Filter
Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2011, Oracle. All rights reserved.