IBM WebSphere Application ServerTM
Release 7

com.ibm.wsspi.security.spnego
Interface SpnegoTAIFilter


public interface SpnegoTAIFilter

A custom filter for determining when an HTTP request should be intercepted.

The interface is used by the SPNEGO Trust Association Interceptor. It enables application developers to implement a custom filter mechanism used to determine whether or not a particular HTTP request will be intercepted by the SPNEGO TAI. A default implementation of this interface is provided. It supports filtering rules that allow specification of coarse or fine-grained criteria for determining when to intercept a given HTTP request.

The default implementation is com.ibm.ws.security.spnego.IdentityMapper.

Version:
6.1.0

Method Summary
 boolean init(java.lang.String filter)
          Initializes the request filtering mechanism.
 boolean isAccepted(javax.servlet.http.HttpServletRequest request)
          Indicates whether or not the TAI should intercept the given request, according to the filtering rules defined in the init() operation.
 void setProcessAll(boolean all)
          Indicates that all HTTP requests processed by the filter will be intercepted.
 

Method Detail

init

boolean init(java.lang.String filter)
Initializes the request filtering mechanism. The operation is invoked when the interceptor is initialized if a custom filter is specified.

Parameters:
filter - describes arbitrary filtering rules used by the filter to determine when an HTTP request should be intercepted and the challenge-response SPNEGO authentication invoked.

The value of the filter argument is retrieved from the property named com.ibm.ws.security.spnego.<SPNid>.filter specified in the TAI configuration. <SPNid> identifies the specific Kerberos Service Principal Name (SPN) for which the filtering rules will be used.

Returns:
true if no errors were encountered while parsing the filter argument, false otherwise.

isAccepted

boolean isAccepted(javax.servlet.http.HttpServletRequest request)
Indicates whether or not the TAI should intercept the given request, according to the filtering rules defined in the init() operation.

Parameters:
request - the HTTP request currently being processed.
Returns:
true if the request matches the filtering criteria, otherwise false

setProcessAll

void setProcessAll(boolean all)
Indicates that all HTTP requests processed by the filter will be intercepted. Optionally, use this operation to force the challenge-response SPNEGO authentication on all HTTP requests.

Parameters:
all - true causes the operation isAccepted() to unconditionally return true, otherwise isAccepted() applies the filtering rules in the init() operation.

IBM WebSphere Application ServerTM
Release 7