uk.ac.cam.ucs.webauth
Class RavenFilter

java.lang.Object
  extended by uk.ac.cam.ucs.webauth.RavenFilter
All Implemented Interfaces:
javax.servlet.Filter

public class RavenFilter
extends java.lang.Object
implements javax.servlet.Filter

A Servlet Filter which ensures a user is Raven authenticated.

Quick Configuration

Install Webauth package

Ensure you have the Raven Java Toolkit classes installed.

Install the Raven public key certificate

Download the Raven public key certificate from the Raven Project page. Install into your web application at /WEB-INF/raven/pubkey2.crt.

Configure web.xml

Add a filter definition:
  <filter>
      <filter-name>ravenFilter</filter-name>
      <filter-class>uk.ac.cam.ucs.webauth.RavenFilter</filter-class>
  </filter> 
 
Add one or more filter-mapping's for your application. Eg:
  <filter-mapping>
      <filter-name>ravenFilter</filter-name>
      <url-pattern>/private</url-pattern>
  </filter-mapping> 
 

Retrieve authenticated user name

Get the value of session or request attribute "RavenRemoteUser".

String userId = request.getAttribute("RavenRemoteUser");

Further Configuration

Filter init params

Name Default Value Notes
authenticateUrl https://raven.cam.ac.uk/auth/authenticate.html Optional
certificatePath /WEB-INF/raven/pubkey2.crt Optional

Error Codes

Use the following example entries for your web.xml if you wish to provide your own error pages. The codes below are those given by WebauthResponse and passed on by RavenFilter to the servlet container.
  <!-- 
  Raven related Error pages 
  -->

<!-- Authentication cancelled at user's request -->
  <error-page><error-code>410</error-code><location>/ravenError.jsp</location></error-page> 

<!-- No mutually acceptable types of authentication available -->
  <error-page><error-code>510</error-code><location>/ravenError.jsp</location></error-page> 

<!-- Unsupported authentication protocol version -->
  <error-page><error-code>520</error-code><location>/ravenError.jsp</location></error-page> 

<!-- Parameter error in authentication request -->
  <error-page><error-code>530</error-code><location>/ravenError.jsp</location></error-page>

<!-- Interaction with the user would be required -->
  <error-page><error-code>540</error-code><location>/ravenError.jsp</location></error-page>

<!--  Web server not authorised to use the authentication service -->
  <error-page><error-code>560</error-code><location>/ravenError.jsp</location></error-page> 

<!-- Operation declined by the authentication service -->
  <error-page><error-code>570</error-code><location>/ravenError.jsp</location></error-page> 
 

Version:
1
Author:
whb21 William Billingsley (whb21 at cam.ac.uk), pms52 Philip Shore
See Also:
The Cambridge Web Authentication System: WAA->WLS communication protocol

Field Summary
static java.lang.String ATTR_REMOTE_USER
          The name of the request and session attribute containing the authenticated user.
static java.lang.String DEFAULT_KEYNAME
          This is the default name for the raven public key
static java.lang.String INIT_PARAM_AUTHENTICATE_URL
          The filter init-param param-name of the url to authenticate against.
static java.lang.String INIT_PARAM_CERTIFICATE_PATH
          The filter init-param param-name path to the certificate.
static java.lang.String WLS_RESPONSE_PARAM
          The request parameter name, if present, indicates a WLS Reponse that should be validated.
 
Constructor Summary
RavenFilter()
           
 
Method Summary
 void destroy()
           
 void doFilter(javax.servlet.ServletRequest servletReq, javax.servlet.ServletResponse servletResp, javax.servlet.FilterChain chain)
           
 void init(javax.servlet.FilterConfig config)
           
 
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

WLS_RESPONSE_PARAM

public static final java.lang.String WLS_RESPONSE_PARAM
The request parameter name, if present, indicates a WLS Reponse that should be validated.

See Also:
Constant Field Values

ATTR_REMOTE_USER

public static java.lang.String ATTR_REMOTE_USER
The name of the request and session attribute containing the authenticated user.


DEFAULT_KEYNAME

public static final java.lang.String DEFAULT_KEYNAME
This is the default name for the raven public key

See Also:
Constant Field Values

INIT_PARAM_AUTHENTICATE_URL

public static java.lang.String INIT_PARAM_AUTHENTICATE_URL
The filter init-param param-name of the url to authenticate against. Optional. Defaults to https://raven.cam.ac.uk/auth/authenticate.html


INIT_PARAM_CERTIFICATE_PATH

public static java.lang.String INIT_PARAM_CERTIFICATE_PATH
The filter init-param param-name path to the certificate. Optional. Defaults to /WEB-INF/raven/pubkey2.crt

Constructor Detail

RavenFilter

public RavenFilter()
Method Detail

init

public void init(javax.servlet.FilterConfig config)
          throws javax.servlet.ServletException
Specified by:
init in interface javax.servlet.Filter
Throws:
javax.servlet.ServletException

destroy

public void destroy()
Specified by:
destroy in interface javax.servlet.Filter

doFilter

public void doFilter(javax.servlet.ServletRequest servletReq,
                     javax.servlet.ServletResponse servletResp,
                     javax.servlet.FilterChain chain)
              throws java.io.IOException,
                     javax.servlet.ServletException
Specified by:
doFilter in interface javax.servlet.Filter
Throws:
java.io.IOException
javax.servlet.ServletException