Hi David,
> I'm looking for the good way to add authentication support in Grizzly 2.x
>
> I want to support Basic and Kerberos.
>
> I don't know if there is today an already build-in mechanism in
> Grizzly 2.x ?
>
Not at the moment.
> But as far as I understand, it seems to me that Grizzly Filters is the
> good way to implements that because :
>
> * I need to check the auth before going into the HttpHandler
>
> * I don't want that the various HttpHandler to known and implements
> anything about authentication
>
> * I want to be able to add new auth. system if needed, without
> modifying my HttpHandlers
>
> Does it make sense to use filter for authentication ?
>
Absolutely.
> I'm also very interesting in Grizzly filters for various reasons,
> mostly because it could allow me to add side features without putting
> these in the HttpHandler (auditing, logging, performance, reject
> request if not in a ip range, etc.). I've also see an AddOn interface
> that seems really nice for packaging all this filters.
>
> Does it make sense also to use filters for that ?
>
Yep.
> I'm right now didn't going deeper in the filter API (I will), but the
> interface org.glassfish.grizzly.filterchain.Filter is not so obvious,
> at least for me.
>
> So, is there some filters examples I could use somewhere that could
> help me ?
>
Sure :)
Here is the section from user guide which may help [1].
In general HttpServer FilterChain looks like:
TransportFilter <-> HttpCodecFilter <-> HttpServerFilter
Depending on features you might want to use, you can add Filters to the
chain. For example secured HttpServer's FilterChain will look like:
TransportFilter <-> SSLFilter <-> HttpCodecFilter <-> HttpServerFilter
If you want to add HTTP authentication feature, the best approach would
be to add YourAuthFilter like:
TransportFilter <-> HttpCodecFilter <-> YourAuthFilter <-> HttpServerFilter
so YourAuthFilter will be able to process HTTP request before it reaches
HttpServerFilter. You'll be able to pass control upstream to
HttpServerFilter, or write HTTP response directly from YourAuthFilter.
You may want to read about Grizzly low-level HTTP framework here [2].
IMO the first step you can do - implement YourAuthFilter like:
public class YourAuthFilter extends BaseFilter {
private final Logger logger = Grizzly.logger(YourAuthFilter.class);
@Override
public NextAction handleRead(FilterChainContext ctx) throws
IOException {
logger.log(level, "LogFilter handleRead. Connection={0}
message={1}",
new Object[] {ctx.getConnection(), ctx.getMessage()});
return ctx.getInvokeAction();
}
@Override
public NextAction handleWrite(FilterChainContext ctx) throws
IOException {
logger.log(level, "LogFilter handleWrite. Connection={0}
message={1}",
new Object[] {ctx.getConnection(), ctx.getMessage()});
return ctx.getInvokeAction();
}
}
Check the HTTP messages passing up/downstream.
Thanks.
WBR,
Alexey.
[1]
http://grizzly.java.net/nonav/docs/docbkx2.0/html/filterchain-filters.html
[2]
http://grizzly.java.net/nonav/docs/docbkx2.0/html/http.html