VestibuleSecurityFilter

From DOC

When a user attempts to access a resource whose URL is matched by the VestibuleSecurityFilter, the request is intercepted and the following checks made: 1. Is the session valid? 2. Does the user have a javax.security.auth.Subject? 3. Does the Subject have a java.security.Principal which is granted during login authentication? If none of the above criteria is met, the user is refused access, otherwise:

The simplest passage through the vestibule is if the user has not logged in for the first time, has a valid org.tolven.core.entity.TolvenUser in the database associated with the Principal, and is associated with a valid org.tolven.core.entity.Account.

If the above criteria is met, then the user is allowed past this filter at this point, and can access the originally requested page which brought them through this filter.

If the above criteria are not met, then the user has to pass through two phases of authentication, at which point they will be associated with a valid TolvenUser and Account.

Phase One User Authentication

Does the java.security.Principal have a corresponding TolvenUser in the database?

If not, an attempt is made to create the user if they have a valid org.tolven.doc.entity.Invitation in the database. If this fails, then the user is denied access.

If successful, the user's database Id is stored in the javax.servlet.http.HttpSession.

If the user has just logged into the application for the first time, they are given a vestibule pass and allowed to go onto the next phase of authentication. However, if they already have a vestibule pass from a previous visit, then they are disassociated with any previous Account, and immediately redirected to a password verification page, before being allowed to move onto the next phase of authentication.

The password check that is made when re-entering the vestibule is necessary to prevent a co-worker in, say, a clinical account, from backing up to the vestibule and entering the user's personal account.

Phase Two Account Authentication

If the user is not associated with an Account, but has a default Account set up, there is no need to require them to select an Account, so they are associated with their default Account, and allowed to proceed to their default home page. Note that this is not necessarily the page they originally requested, but a consequence of being in the vestibule. If the user is not associated with an Account, they are directed to a page where they can either create an Account or select one from previously created Accounts.

The only way out of the vestibule is to select an Account, which will then be placed in the HttpSession. Or, the user can logout.

If the user makes it through the two phases of the VestibuleSecurityFilter, then they will end up on the home page of the Account which they have selected.