Package jetbrains.buildServer.controllers.filters

Class ClearSecurityContextFilter

java.lang.Object

jetbrains.buildServer.controllers.filters.ClearSecurityContextFilter

All Implemented Interfaces:

javax.servlet.Filter

public class ClearSecurityContextFilter
extends Object
implements javax.servlet.Filter

This interceptor clears security context of any authority holders. AuthorityHolder is populated by authentication scheme, after successful authentication, permissions are checked and other interceptors are executed. After completion of request processing, security context is cleared, see HandlerInterceptor.afterCompletion(HttpServletRequest, HttpServletResponse, Object, Exception) and SkippableInterceptor.afterCompletion(HttpServletRequest, HttpServletResponse, Object, Exception)) However, if one of the interceptors prevents interceptor chain to proceed (returns false in HandlerInterceptor.preHandle(HttpServletRequest, HttpServletResponse, Object)) security context of current thread is not cleared and can affect other requests (see AgentsLoadBalancer and ArtifactUploadController) resulting in unavailability of running builds in RunningBuildsManager Requests that represent includes or forwards should not be processed, as such requests will not be re-authenticated It is important for this interceptor to be first in chain

Constructor Summary

Constructors

Constructor	Description
ClearSecurityContextFilter(SecurityContextEx securityContext)

Method Summary

Modifier and Type	Method	Description
void	destroy()
void	doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain)
void	init(javax.servlet.FilterConfig filterConfig)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

ClearSecurityContextFilter

public ClearSecurityContextFilter(@NotNull
                                  SecurityContextEx securityContext)

Method Detail

doFilter

public void doFilter(javax.servlet.ServletRequest request,
                     javax.servlet.ServletResponse response,
                     javax.servlet.FilterChain chain)
              throws IOException,
                     javax.servlet.ServletException

Specified by:

doFilter in interface javax.servlet.Filter

Throws:

IOException

javax.servlet.ServletException

init

public void init(javax.servlet.FilterConfig filterConfig)

Specified by:

init in interface javax.servlet.Filter

destroy

public void destroy()

Specified by:

destroy in interface javax.servlet.Filter