|
Oracle Fusion Middleware Java API for Oracle WebLogic Portal 10g Release 3 (10.3.4) E14255-03 |
||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object com.bea.netuix.servlets.filters.IncludeSecurityFilter
public class IncludeSecurityFilter
Filter to check security constraints on resources that get included via wlp. J2EE spec does not perform security checks to included or forwarded resources by default. To lock down resources, add a security constraint to web.xml, which protects direct access to these resources. Entitlements can be added to lock down access to portal resources (desktops, books, pages, portlets, etc). Since portlets could include content that is protected, using this filter will make sure we check access to all resources prior to including them. To disable this feature a no-op filter can be added in each webApps web.xml, see com.bea.p13n.servlets.NullFilter
For example, the filter is enabled by this include filter being enabled:<filter> <filter-name>IncludeSecurityFilter</filter-name> <filter-class>com.bea.netuix.servlets.filters.IncludeSecurityFilterr</filter-class> </filter>You can override this in your application's web.xml using the same filter-name, like this:
<filter> <filter-name>IncludeSecurityFilter</filter-name> <filter-class>com.bea.p13n.servlets.NullFilter</filter-class> </filter>
Field Summary | |
---|---|
protected static Debug |
debug
|
Constructor Summary | |
---|---|
IncludeSecurityFilter()
|
Method Summary | |
---|---|
void |
destroy()
No implementation. |
void |
doFilter(javax.servlet.ServletRequest servletRequest,
javax.servlet.ServletResponse servletResponse,
javax.servlet.FilterChain filterChain)
Checks the included resource for possible security constraints |
void |
init(javax.servlet.FilterConfig filterConfig)
No implementation. |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
protected static Debug debug
Constructor Detail |
---|
public IncludeSecurityFilter()
Method Detail |
---|
public void init(javax.servlet.FilterConfig filterConfig) throws javax.servlet.ServletException
init
in interface javax.servlet.Filter
filterConfig
-
javax.servlet.ServletException
public void doFilter(javax.servlet.ServletRequest servletRequest, javax.servlet.ServletResponse servletResponse, javax.servlet.FilterChain filterChain) throws IOException, javax.servlet.ServletException
doFilter
in interface javax.servlet.Filter
IOException
javax.servlet.ServletException
public void destroy()
destroy
in interface javax.servlet.Filter
|
Oracle Fusion Middleware Java API for Oracle WebLogic Portal 10g Release 3 (10.3.4) E14255-03 |
||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |