GeneralSecurityFilter

From DOC

Jump to: navigation, search

When a user attempts to access a resource whose URL is matched by the GeneralSecurityFilter, the request is intercepted and the following checks made:

  1. Is the session valid?
  2. Does the user have a javax.security.auth.Subject?
  3. Does the Subject both have a java.security.Principal which is granted during login authentication?

If none of the above criteria is met, the user is refused access, otherwise:

  • Does the Subject both have a org.tolven.security.key.UserPrivateKey which is granted during login authentication?

They should have, but if not for any reason, they are not allowed to access the resource and are redirected to the org.tolven.web.security.VestibuleSecurityFilter for further processsing

  • Is the user associated with an Account, and has access rights to that Account?

If not, the user is denied access to the account, and is redirected to the VestibuleSecurityFilter where they can associate themselves with an account before proceeding If all above checks are passed, then the user is allowed past this filter.

Facts about GeneralSecurityFilterRDF feed
Retrieved from "http://wiki.tolven.org/doc/index.php/GeneralSecurityFilter"
Personal tools