13-6 Developing Security Providers for Oracle WebLogic Server public void doFilterServletRequest request, ServletResponse response, FilterChain chain The doFilter method of the Filter is called by the container each time a requestresponse pair is passed through the chain due to a client request for a resource at the end of the chain. The FilterChain passed in to this method allows the Filter to pass on the request and response to the next entity in the chain. A typical implementation of this method would follow the following pattern: 1. Examine the request. 2. Optionally, wrap the request object with a custom implementation to filter content or headers for input filtering. 3. Optionally, wrap the response object with a custom implementation to filter content or headers for output filtering. 4. Either invoke the next entity in the chain using the FilterChain object chain.doFilter, or do not pass on the requestresponse pair to the next entity in the filter chain to block the request processing. 5. Directly set headers on the response after invocation of the next entity in the filter chain. ■ init public void initFilterConfig filterConfig The init method is called by the web container to indicate to a filter that it is being placed into service. The servlet container calls the init method exactly once after instantiating the filter. The init method must complete successfully before the filter is asked to do any filtering work.

13.4.4 Implementing Challenge Identity Assertion from a Filter

As described in Chapter 5, Identity Assertion Providers the Challenge Identity Assertion interface supports challenge response schemes in which multiple challenges, responses messages, and state are required. The Challenge Identity Asserter interface allows Identity Assertion providers to support authentication protocols such as Microsofts Windows NT ChallengeResponse NTLM, Simple and Protected GSS-API Negotiation Mechanism SPNEGO, and other challengeresponse authentication mechanisms. Servlet Authentication Filters allow you to implement a challengeresponse protocol without being limited to the authentication mechanisms compatible with the Servlet container. However, because Servlet Authentication Filters operate outside of the authentication environment provided by the Security Framework, they cannot depend on the Security Framework to determine provider context, and require an API to drive the multiple-challenge Identity Assertion process. The weblogic.security.services.Authentication class has been extended to allow multiple challengeresponse identity assertion from a Servlet Authentication Filter. The methods and interface provide a wrapper for the ChallengeIdentityAsserterV2 and ProviderChallengeContext SSPI interfaces so that you can invoke them from a Servlet Authentication Filter. There is no other documented way to perform a multiple challengeresponse dialog from a Servlet Authentication Filter within the context of the Security Framework. Your Servlet Authentication Filter cannot directly invoke the ChallengeIdentityAsserterV2 and ProviderChallengeContext interfaces. Servlet Authentication Filters 13-7 Therefore, if you plan to implement multiple challengeresponse identity assertion from a filter, you need to implement the ChallengeIdentityAsserterV2 and ProviderChallengeContext interfaces, and then use the weblogic.security.services.Authentication methods and AppChallengeContect interface to invoke them from a Servlet Authentication Filter. The steps to accomplish this process are described in Chapter 5, Identity Assertion Providers and are summarized here: ■ Section 5.4.1.1, Implement the AuthenticationProviderV2 SSPI or Section 5.4.1.2, Implement the IdentityAsserterV2 SSPI ■ Section 5.4.4.4, Implement the ChallengeIdentityAsserterV2 Interface ■ Section 5.4.4.5, Implement the ProviderChallengeContext Interface ■ Section 5.4.4.6, Invoke the weblogic.security.services Challenge Identity Methods ■ Section 5.4.4.7, Invoke the weblogic.security.services AppChallengeContext Methods

13.4.5 Generate an MBean Type Using the WebLogic MBeanMaker