Package io.antmedia.console.rest

Class AuthenticationFilter

java.lang.Object

io.antmedia.filter.AbstractFilter

io.antmedia.console.rest.AuthenticationFilter

All Implemented Interfaces:

jakarta.servlet.Filter

public class AuthenticationFilter
extends AbstractFilter

Field Summary

Fields

Modifier and Type	Field	Description
static final String	DISPATCH_PATH_URL
static final String	FORBIDDEN_ERROR
static final String	PROXY_AUTHORIZATION_HEADER_JWT_TOKEN

Fields inherited from class io.antmedia.filter.AbstractFilter

BROADCAST_OBJECT, config, logger

Constructor Summary

Constructors

Constructor	Description
AuthenticationFilter()

Method Summary

Modifier and Type	Method	Description
private boolean	checkJWT(String jwtString)
private boolean	checkScopeAccessForAppName(Map appNameUserType, String dispatchUrl)
void	doFilter(jakarta.servlet.ServletRequest request, jakarta.servlet.ServletResponse response, jakarta.servlet.FilterChain chain)	Check authentication and authorization There are 3 types of user ADMIN can do anything in its scope.
AbstractConsoleDataStore	getAbstractConsoleDataStore()
private boolean	isRequestingOneOfAppSettingsOfUsersApps(Map appNameUserType, String userScope, String path)
private boolean	scopeAccessGranted(String userScope, String dispatchUrl)

Methods inherited from class io.antmedia.filter.AbstractFilter

checkCIDRList, destroy, getAntMediaApplicationAdapter, getAppContext, getAppSettings, getBroadcast, getConfig, getDataStore, getServerSettings, getStreamStats, getTokenService, getWebApplicationContext, init, setConfig, setTokenService

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

DISPATCH_PATH_URL

public static final String DISPATCH_PATH_URL

See Also:

• Constant Field Values

PROXY_AUTHORIZATION_HEADER_JWT_TOKEN

public static final String PROXY_AUTHORIZATION_HEADER_JWT_TOKEN

See Also:

• Constant Field Values

FORBIDDEN_ERROR

public static final String FORBIDDEN_ERROR

See Also:

• Constant Field Values

Constructor Details

AuthenticationFilter

public AuthenticationFilter()

Method Details

getAbstractConsoleDataStore

public AbstractConsoleDataStore getAbstractConsoleDataStore()

doFilter

public void doFilter(jakarta.servlet.ServletRequest request,
 jakarta.servlet.ServletResponse response,
 jakarta.servlet.FilterChain chain)
              throws IOException,
jakarta.servlet.ServletException

Check authentication and authorization There are 3 types of user ADMIN can do anything in its scope. If it's scope is system, it can CRUD anything If it's scope is an application, it can CRUD anything in the application. it cannot access the web panel services READ_ONLY can read anything in its scope. If it's scope is system, it can READ anything If it's scope is an application, it can only READ anything in the application it cannot access the web panel services USER can do anything but cannot change the settings in its scope. If it's scope is system, it can CRUD content but cannot change system settings If it's scope is an application, it can CRUD content but cannot change system settings/server settings, cannot add/remove users or applications Scope: - System - Specific Application

Throws:

IOException

jakarta.servlet.ServletException

isRequestingOneOfAppSettingsOfUsersApps

private boolean isRequestingOneOfAppSettingsOfUsersApps(Map appNameUserType,
 String userScope,
 String path)

scopeAccessGranted

private boolean scopeAccessGranted(String userScope,
 String dispatchUrl)

checkScopeAccessForAppName

private boolean checkScopeAccessForAppName(Map appNameUserType,
 String dispatchUrl)

checkJWT

private boolean checkJWT(String jwtString)