Merge pull request #363 from totalscoccia/master

RestAPI Plugin - Provide the possibility to use Custom Auth Filter

Merge pull request #363 from totalscoccia/master
RestAPI Plugin - Provide the possibility to use Custom Auth Filter
9ee97728 · Roman S · 12f5bd54 · ce10f45a · 9ee97728 · 9ee97728
Commit 9ee97728 authored Nov 11, 2015 by Roman S
5 changed files
--- a/src/plugins/restAPI/src/java/org/jivesoftware/openfire/plugin/rest/AuthFilter.java
+++ b/src/plugins/restAPI/src/java/org/jivesoftware/openfire/plugin/rest/AuthFilter.java
@@ -77,7 +77,7 @@ public class AuthFilter implements ContainerRequestFilter {
 		}
 		// HTTP Basic Auth or Shared Secret key
-		if (plugin.isHttpBasicAuth()) {
+		if ("basic".equals(plugin.getHttpAuth())) {
 			String[] usernameAndPassword = BasicAuth.decode(auth);
 			// If username or password fail

--- a/src/plugins/restAPI/src/java/org/jivesoftware/openfire/plugin/rest/RESTServicePlugin.java
+++ b/src/plugins/restAPI/src/java/org/jivesoftware/openfire/plugin/rest/RESTServicePlugin.java
@@ -39,6 +39,8 @@ import org.jivesoftware.util.PropertyEventDispatcher;
 import org.jivesoftware.util.PropertyEventListener;
 import org.jivesoftware.util.StringUtils;
+import org.jivesoftware.openfire.plugin.rest.service.JerseyWrapper;
 /**
 * The Class RESTServicePlugin.
 */
@@ -47,6 +49,8 @@ public class RESTServicePlugin implements Plugin, PropertyEventListener {
 	/** The Constant INSTANCE. */
 	public static final RESTServicePlugin INSTANCE = new RESTServicePlugin();
+	private static final String CUSTOM_AUTH_FILTER_PROPERTY_NAME = "plugin.restapi.customAuthFilter";
 	/** The secret. */
 	private String secret;
@@ -56,8 +60,12 @@ public class RESTServicePlugin implements Plugin, PropertyEventListener {
 	/** The enabled. */
 	private boolean enabled;
-	/** The http basic auth. */
+	/** The http auth. */
-	private boolean httpBasicAuth;
+	private String httpAuth;
+	/** The custom authentication filter */
+	private String customAuthFilterClassName;
 	/**
 	 * Gets the single instance of RESTServicePlugin.
@@ -78,12 +86,15 @@ public class RESTServicePlugin implements Plugin, PropertyEventListener {
 			secret = StringUtils.randomString(16);
 			setSecret(secret);
 		}
+		// See if Custom authentication filter has been defined
+		customAuthFilterClassName = JiveGlobals.getProperty("plugin.restapi.customAuthFilter", "");
 		// See if the service is enabled or not.
 		enabled = JiveGlobals.getBooleanProperty("plugin.restapi.enabled", false);
 		// See if the HTTP Basic Auth is enabled or not.
-		httpBasicAuth = JiveGlobals.getBooleanProperty("plugin.restapi.httpAuth.enabled", false);
+		httpAuth = JiveGlobals.getProperty("plugin.restapi.httpAuth", "basic");
 		// Get the list of IP addresses that can use this service. An empty list
 		// means that this filter is disabled.
@@ -181,6 +192,23 @@ public class RESTServicePlugin implements Plugin, PropertyEventListener {
 		}
 	}
+	/**
+	 * Returns the loading status message.
+	 *
+	 * @return the loading status message.
+	 */
+	public String getLoadingStatusMessage() {
+		return JerseyWrapper.getLoadingStatusMessage();
+	}
+	/**
+	 * Reloads the Jersey wrapper.
+	 */
+	public String loadAuthenticationFilter(String customAuthFilterClassName) {
+		return JerseyWrapper.tryLoadingAuthenticationFilter(customAuthFilterClassName);
+	}
 	/**
 	 * Returns the secret key that only valid requests should know.
 	 *
@@ -201,6 +229,26 @@ public class RESTServicePlugin implements Plugin, PropertyEventListener {
 		this.secret = secret;
 	}
+	/**
+	 * Returns the custom authentication filter class name used in place of the basic ones to grant permission to use the Rest services.
+	 *
+	 * @return custom authentication filter class name .
+	 */
+	public String getCustomAuthFilterClassName() {
+		return customAuthFilterClassName;
+	}
+	/**
+	 * Sets the customAuthFIlterClassName used to grant permission to use the Rest services.
+	 *
+	 * @param customAuthFilterClassName
+	 *            custom authentication filter class name.
+	 */
+	public void setCustomAuthFiIterClassName(String customAuthFilterClassName) {
+		JiveGlobals.setProperty(CUSTOM_AUTH_FILTER_PROPERTY_NAME, customAuthFilterClassName);
+		this.customAuthFilterClassName = customAuthFilterClassName;
+	}
 	/**
 	 * Gets the allowed i ps.
 	 *
@@ -243,22 +291,22 @@ public class RESTServicePlugin implements Plugin, PropertyEventListener {
 	}
 	/**
-	 * Checks if is http basic auth.
+	 * Gets the http authentication mechanism.
 	 *
-	 * @return true, if is http basic auth
+	 * @return the http authentication mechanism
 	 */
-	public boolean isHttpBasicAuth() {
+	public String getHttpAuth() {
-		return httpBasicAuth;
+		return httpAuth;
 	}
 	/**
-	 * Sets the http basic auth.
+	 * Sets the http auth.
 	 *
-	 * @param httpBasicAuth the new http basic auth
+	 * @param httpAuth the new http auth
 	 */
-	public void setHttpBasicAuth(boolean httpBasicAuth) {
+	public void setHttpAuth(String httpAuth) {
-		this.httpBasicAuth = httpBasicAuth;
+		this.httpAuth = httpAuth;
-		JiveGlobals.setProperty("plugin.restapi.httpAuth.enabled", httpBasicAuth ? "true" : "false");
+		JiveGlobals.setProperty("plugin.restapi.httpAuth", httpAuth);
 	}
 	/* (non-Javadoc)
@@ -271,8 +319,10 @@ public class RESTServicePlugin implements Plugin, PropertyEventListener {
 			this.enabled = Boolean.parseBoolean((String) params.get("value"));
 		} else if (property.equals("plugin.restapi.allowedIPs")) {
 			this.allowedIPs = StringUtils.stringToCollection((String) params.get("value"));
-		} else if (property.equals("plugin.restapi.httpAuth.enabled")) {
+		} else if (property.equals("plugin.restapi.httpAuth")) {
-			this.httpBasicAuth = Boolean.parseBoolean((String) params.get("value"));
+			this.httpAuth = (String) params.get("value");
+		} else if(property.equals(CUSTOM_AUTH_FILTER_PROPERTY_NAME)) {
+			this.customAuthFilterClassName = (String) params.get("value");
 		}
 	}
@@ -286,8 +336,10 @@ public class RESTServicePlugin implements Plugin, PropertyEventListener {
 			this.enabled = false;
 		} else if (property.equals("plugin.restapi.allowedIPs")) {
 			this.allowedIPs = Collections.emptyList();
-		} else if (property.equals("plugin.restapi.httpAuth.enabled")) {
+		} else if (property.equals("plugin.restapi.httpAuth")) {
-			this.httpBasicAuth = false;
+			this.httpAuth = "basic";
+		} else if(property.equals(CUSTOM_AUTH_FILTER_PROPERTY_NAME)) {
+			this.customAuthFilterClassName = null;
 		}
 	}

--- a/src/plugins/restAPI/src/java/org/jivesoftware/openfire/plugin/rest/service/JerseyWrapper.java
+++ b/src/plugins/restAPI/src/java/org/jivesoftware/openfire/plugin/rest/service/JerseyWrapper.java
 package org.jivesoftware.openfire.plugin.rest.service;
 import java.util.HashMap;
 import java.util.Map;
 import java.util.logging.Level;
 import java.util.logging.Logger;
-import javax.servlet.ServletConfig;
+import java.lang.ClassNotFoundException;
-import javax.servlet.ServletException;
+import java.lang.Class;
-import org.jivesoftware.admin.AuthCheckFilter;
+import javax.servlet.ServletConfig;
-import org.jivesoftware.openfire.plugin.rest.exceptions.RESTExceptionMapper;
+import javax.servlet.ServletException;
-import com.sun.jersey.api.core.PackagesResourceConfig;
+import org.jivesoftware.admin.AuthCheckFilter;
-import com.sun.jersey.spi.container.servlet.ServletContainer;
+import org.jivesoftware.openfire.plugin.rest.exceptions.RESTExceptionMapper;
+import org.jivesoftware.util.JiveGlobals;
-/**
- * The Class JerseyWrapper.
+import com.sun.jersey.api.core.PackagesResourceConfig;
- */
+import com.sun.jersey.spi.container.servlet.ServletContainer;
-public class JerseyWrapper extends ServletContainer {
+/**
-	/** The Constant AUTHFILTER. */
+ * The Class JerseyWrapper.
-	private static final String AUTHFILTER = "org.jivesoftware.openfire.plugin.rest.AuthFilter";
+ */
+public class JerseyWrapper extends ServletContainer {
-	/** The Constant CORSFILTER. */
-	private static final String CORSFILTER = "org.jivesoftware.openfire.plugin.rest.CORSFilter";
+	/** The Constant CUSTOM_AUTH_PROPERTY_NAME */
+	private static final String CUSTOM_AUTH_PROPERTY_NAME = "plugin.restapi.customAuthFilter";
-	/** The Constant CONTAINER_REQUEST_FILTERS. */
-	private static final String CONTAINER_REQUEST_FILTERS = "com.sun.jersey.spi.container.ContainerRequestFilters";
+	/** The Constant REST_AUTH_TYPE */
+	private static final String REST_AUTH_TYPE  = "plugin.restapi.httpAuth";
-	/** The Constant CONTAINER_RESPONSE_FILTERS. */
-	private static final String CONTAINER_RESPONSE_FILTERS = "com.sun.jersey.spi.container.ContainerResponseFilters";
+	/** The Constant AUTHFILTER. */
+	private static final String AUTHFILTER = "org.jivesoftware.openfire.plugin.rest.AuthFilter";
-	/** The Constant RESOURCE_CONFIG_CLASS_KEY. */
-	private static final String RESOURCE_CONFIG_CLASS_KEY = "com.sun.jersey.config.property.resourceConfigClass";
+	/** The Constant CORSFILTER. */
+	private static final String CORSFILTER = "org.jivesoftware.openfire.plugin.rest.CORSFilter";
-	/** The Constant RESOURCE_CONFIG_CLASS. */
-	private static final String RESOURCE_CONFIG_CLASS = "com.sun.jersey.api.core.PackagesResourceConfig";
+	/** The Constant CONTAINER_REQUEST_FILTERS. */
+	private static final String CONTAINER_REQUEST_FILTERS = "com.sun.jersey.spi.container.ContainerRequestFilters";
-	/** The Constant SCAN_PACKAGE_DEFAULT. */
-	private static final String SCAN_PACKAGE_DEFAULT = JerseyWrapper.class.getPackage().getName();
+	/** The Constant CONTAINER_RESPONSE_FILTERS. */
+	private static final String CONTAINER_RESPONSE_FILTERS = "com.sun.jersey.spi.container.ContainerResponseFilters";
-	/** The Constant serialVersionUID. */
-	private static final long serialVersionUID = 1L;
+	/** The Constant RESOURCE_CONFIG_CLASS_KEY. */
+	private static final String RESOURCE_CONFIG_CLASS_KEY = "com.sun.jersey.config.property.resourceConfigClass";
-	/** The Constant SERVLET_URL. */
-	private static final String SERVLET_URL = "restapi/*";
+	/** The Constant RESOURCE_CONFIG_CLASS. */
+	private static final String RESOURCE_CONFIG_CLASS = "com.sun.jersey.api.core.PackagesResourceConfig";
-	/** The config. */
-	private static Map<String, Object> config;
+	/** The Constant SCAN_PACKAGE_DEFAULT. */
+	private static final String SCAN_PACKAGE_DEFAULT = JerseyWrapper.class.getPackage().getName();
-	/** The prc. */
-	private static PackagesResourceConfig prc;
+	/** The Constant serialVersionUID. */
+	private static final long serialVersionUID = 1L;
-	/** The Constant JERSEY_LOGGER. */
-	private final static Logger JERSEY_LOGGER = Logger.getLogger("com.sun.jersey");
+	/** The Constant SERVLET_URL. */
+	private static final String SERVLET_URL = "restapi/*";
-	static {
-		JERSEY_LOGGER.setLevel(Level.SEVERE);
+	/** The config. */
-		config = new HashMap<String, Object>();
+	private static Map<String, Object> config;
-		config.put(RESOURCE_CONFIG_CLASS_KEY, RESOURCE_CONFIG_CLASS);
-		prc = new PackagesResourceConfig(SCAN_PACKAGE_DEFAULT);
+	/** The prc. */
-		prc.setPropertiesAndFeatures(config);
+	private static PackagesResourceConfig prc;
-		prc.getProperties().put(CONTAINER_REQUEST_FILTERS, AUTHFILTER);
-		prc.getProperties().put(CONTAINER_RESPONSE_FILTERS, CORSFILTER);
+	/** The Constant JERSEY_LOGGER. */
+	private final static Logger JERSEY_LOGGER = Logger.getLogger("com.sun.jersey");
-		prc.getClasses().add(RestAPIService.class);
+	private static String loadingStatusMessage = null;
-		prc.getClasses().add(MUCRoomService.class);
-		prc.getClasses().add(MUCRoomOwnersService.class);
+	static {
-		prc.getClasses().add(MUCRoomAdminsService.class);
+		JERSEY_LOGGER.setLevel(Level.SEVERE);
-		prc.getClasses().add(MUCRoomMembersService.class);
+		config = new HashMap<String, Object>();
-		prc.getClasses().add(MUCRoomOutcastsService.class);
+		config.put(RESOURCE_CONFIG_CLASS_KEY, RESOURCE_CONFIG_CLASS);
+		prc = new PackagesResourceConfig(SCAN_PACKAGE_DEFAULT);
-		prc.getClasses().add(UserServiceLegacy.class);
+		prc.setPropertiesAndFeatures(config);		
-		prc.getClasses().add(UserService.class);
+		prc.getProperties().put(CONTAINER_RESPONSE_FILTERS, CORSFILTER);
-		prc.getClasses().add(UserRosterService.class);
+		loadAuthenticationFilter();
-		prc.getClasses().add(UserGroupService.class);
-		prc.getClasses().add(UserLockoutService.class);
+		prc.getClasses().add(RestAPIService.class);
-		prc.getClasses().add(GroupService.class);
+		prc.getClasses().add(MUCRoomService.class);
-		prc.getClasses().add(SessionService.class);
+		prc.getClasses().add(MUCRoomOwnersService.class);
-		prc.getClasses().add(MsgArchiveService.class);
+		prc.getClasses().add(MUCRoomAdminsService.class);
-		prc.getClasses().add(StatisticsService.class);
+		prc.getClasses().add(MUCRoomMembersService.class);
-		prc.getClasses().add(MessageService.class);
+		prc.getClasses().add(MUCRoomOutcastsService.class);
-		prc.getClasses().add(RESTExceptionMapper.class);
+		prc.getClasses().add(UserServiceLegacy.class);
-	}
+		prc.getClasses().add(UserService.class);
+		prc.getClasses().add(UserRosterService.class);
-	/**
+		prc.getClasses().add(UserGroupService.class);
-	 * Instantiates a new jersey wrapper.
+		prc.getClasses().add(UserLockoutService.class);
-	 */
-	public JerseyWrapper() {
+		prc.getClasses().add(GroupService.class);
-		super(prc);
+		prc.getClasses().add(SessionService.class);
-	}
+		prc.getClasses().add(MsgArchiveService.class);
+		prc.getClasses().add(StatisticsService.class);
-	/*
+		prc.getClasses().add(MessageService.class);
-	 * (non-Javadoc)
-	 * 
+		prc.getClasses().add(RESTExceptionMapper.class);
-	 * @see javax.servlet.GenericServlet#init(javax.servlet.ServletConfig)
+	}
-	 */
-	@Override
+	public static String tryLoadingAuthenticationFilter(String customAuthFilterClassName) {
-	public void init(ServletConfig servletConfig) throws ServletException {
-		super.init(servletConfig);
+		try {
-		// Exclude this servlet from requering the user to login
+			if(customAuthFilterClassName != null) {
-		AuthCheckFilter.addExclude(SERVLET_URL);
+				Class.forName(customAuthFilterClassName, false, JerseyWrapper.class.getClassLoader());
-	}
+				loadingStatusMessage = null;
+			}
-	/*
+		} catch (ClassNotFoundException e) {
-	 * (non-Javadoc)
+			loadingStatusMessage = "No custom auth filter found for restAPI plugin with name " + customAuthFilterClassName;
-	 * 
+        }
-	 * @see com.sun.jersey.spi.container.servlet.ServletContainer#destroy()
-	 */
+		if(customAuthFilterClassName == null || customAuthFilterClassName.isEmpty())
-	@Override
+			loadingStatusMessage = "Classname field can't be empty!";
-	public void destroy() {
+		return loadingStatusMessage;
-		super.destroy();
+	}
-		// Release the excluded URL
-		AuthCheckFilter.removeExclude(SERVLET_URL);
+	public static String loadAuthenticationFilter() {
-	}
-}
+		// Check if custom AuthFilter is available
+		String customAuthFilterClassName = JiveGlobals.getProperty(CUSTOM_AUTH_PROPERTY_NAME);
+		String restAuthType = JiveGlobals.getProperty(REST_AUTH_TYPE);
+		String pickedAuthFilter = AUTHFILTER;
+		try {
+			if(customAuthFilterClassName != null && "custom".equals(restAuthType)) {
+				Class.forName(customAuthFilterClassName, false, JerseyWrapper.class.getClassLoader());
+				pickedAuthFilter = customAuthFilterClassName;
+				loadingStatusMessage = null;
+			}
+		} catch (ClassNotFoundException e) {
+			loadingStatusMessage = "No custom auth filter found for restAPI plugin! " + customAuthFilterClassName + " " + restAuthType;
+        }
+		prc.getProperties().put(CONTAINER_REQUEST_FILTERS, pickedAuthFilter);	
+		return loadingStatusMessage;
+	}
+	/**
+	 * Instantiates a new jersey wrapper.
+	 */
+	public JerseyWrapper() {
+		super(prc);
+	}
+	/*
+	 * (non-Javadoc)
+	 * 
+	 * @see javax.servlet.GenericServlet#init(javax.servlet.ServletConfig)
+	 */
+	@Override
+	public void init(ServletConfig servletConfig) throws ServletException {
+		loadAuthenticationFilter();
+		super.init(servletConfig);
+		// Exclude this servlet from requering the user to login
+		AuthCheckFilter.addExclude(SERVLET_URL);
+	}
+	/*
+	 * (non-Javadoc)
+	 * 
+	 * @see com.sun.jersey.spi.container.servlet.ServletContainer#destroy()
+	 */
+	@Override
+	public void destroy() {
+		super.destroy();
+		// Release the excluded URL
+		AuthCheckFilter.removeExclude(SERVLET_URL);
+	}
+	/*
+	 * Returns the loading status message.
+	 *
+	 * @return the loading status message.
+	 */
+	public static String getLoadingStatusMessage() {
+		return loadingStatusMessage;
+	}
+}
--- a/src/plugins/restAPI/src/web/images/error-16x16.gif
+++ b/src/plugins/restAPI/src/web/images/error-16x16.gif
--- a/src/plugins/restAPI/src/web/rest-api.jsp
+++ b/src/plugins/restAPI/src/web/rest-api.jsp
 <%@ page
 	import="java.util.*,
-                 org.jivesoftware.openfire.XMPPServer,
+                org.jivesoftware.openfire.XMPPServer,
-                 org.jivesoftware.util.*,org.jivesoftware.openfire.plugin.rest.RESTServicePlugin"
+                org.jivesoftware.util.*,org.jivesoftware.openfire.plugin.rest.RESTServicePlugin,
+				org.jivesoftware.openfire.container.Plugin,
+                org.jivesoftware.openfire.container.PluginManager"
 	errorPage="error.jsp"%>
 <%@ taglib uri="http://java.sun.com/jstl/core_rt" prefix="c"%>
@@ -20,20 +22,45 @@
 	boolean success = request.getParameter("success") != null;
 	String secret = ParamUtils.getParameter(request, "secret");
 	boolean enabled = ParamUtils.getBooleanParameter(request, "enabled");
-	boolean httpBasicAuth = ParamUtils.getBooleanParameter(request, "authtype");
+	String httpAuth = ParamUtils.getParameter(request, "authtype");
 	String allowedIPs = ParamUtils.getParameter(request, "allowedIPs");
+	String customAuthFilterClassName = ParamUtils.getParameter(request, "customAuthFilterClassName");
+	String loadingStatus = null;
+	final PluginManager pluginManager = admin.getXMPPServer().getPluginManager();
 	RESTServicePlugin plugin = (RESTServicePlugin) XMPPServer.getInstance().getPluginManager()
 			.getPlugin("restapi");
 	// Handle a save
 	Map errors = new HashMap();
 	if (save) {
+		if("custom".equals(httpAuth)) {
+			loadingStatus = plugin.loadAuthenticationFilter(customAuthFilterClassName);
+		}
+		if (loadingStatus != null) {
+            errors.put("loadingStatus", loadingStatus);
+		}
 		if (errors.size() == 0) {
+			boolean is2Reload = "custom".equals(httpAuth) || "custom".equals(plugin.getHttpAuth());
 			plugin.setEnabled(enabled);
 			plugin.setSecret(secret);
-			plugin.setHttpBasicAuth(httpBasicAuth);
+			plugin.setHttpAuth(httpAuth);
 			plugin.setAllowedIPs(StringUtils.stringToCollection(allowedIPs));
+			plugin.setCustomAuthFiIterClassName(customAuthFilterClassName);
+			if(is2Reload) {
+				String pluginName  = pluginManager.getName(plugin);
+				String pluginDir = pluginManager.getPluginDirectory(plugin).getName();
+				pluginManager.unloadPlugin(pluginDir);
+				// Log the event
+				admin.logEvent("reloaded plugin "+ pluginName, null);
+				response.sendRedirect("/plugin-admin.jsp?reloadsuccess=true");
+            }
 			response.sendRedirect("rest-api.jsp?success=true");
 			return;
 		}
@@ -41,8 +68,9 @@
 	secret = plugin.getSecret();
 	enabled = plugin.isEnabled();
-	httpBasicAuth = plugin.isHttpBasicAuth();
+	httpAuth = plugin.getHttpAuth();
 	allowedIPs = StringUtils.collectionToString(plugin.getAllowedIPs());
+	customAuthFilterClassName = plugin.getCustomAuthFilterClassName();
 %>
 <html>
@@ -75,7 +103,25 @@
 	<%
 		}
 	%>
+	<%  
+		if (errors.get("loadingStatus") != null) { 
+	%>
+	<div class="jive-error">
+		<table cellpadding="0" cellspacing="0" border="0">
+			<tbody>
+				<tr>
+					<td class="jive-icon"><img src="images/error-16x16.gif"
+						width="16" height="16" border="0"></td>
+					<td class="jive-icon-label"><%= loadingStatus %></td>
+				</tr>
+			</tbody>
+		</table>
+	</div>
+	<br>
+	<%
+		}
+	%>
 	<form action="rest-api.jsp?save" method="post">
 		<fieldset>
@@ -101,13 +147,13 @@
 					<br>
 					<br>
-					<input type="radio" name="authtype" value="true"
+					<input type="radio" name="authtype" value="basic"
-						id="http_basic_auth" <%=((httpBasicAuth) ? "checked" : "")%>>
+						id="http_basic_auth" <%=("basic".equals(httpAuth) ? "checked" : "")%>>
 					<label for="http_basic_auth">HTTP basic auth - REST API
 						authentication with Openfire admin account.</label>
 					<br>
-					<input type="radio" name="authtype" value="false"
+					<input type="radio" name="authtype" value="secret"
-						id="secretKeyAuth" <%=((!httpBasicAuth) ? "checked" : "")%>>
+						id="secretKeyAuth" <%=("secret".equals(httpAuth) ? "checked" : "")%>>
 					<label for="secretKeyAuth">Secret key auth - REST API
 						authentication over specified secret key.</label>
 					<br>
@@ -116,6 +162,17 @@
 					<input type="text" name="secret" value="<%=secret%>"
 						id="text_secret">
 					<br>
+					<input type="radio" name="authtype" value="custom"
+						id="customFilterAuth" <%=("custom".equals(httpAuth) ? "checked" : "")%>>
+					<label for="secretKeyAuth">Custom authentication filter classname - REST API
+						authentication delegates to a custom filter implemented in some other plugin.
+					</label>
+					<div style="margin-left: 20px; margin-top: 5px;"><strong>Note: changing back and forth from custom authentication filter forces the REST API plugin reloading</strong></div>
+					<label style="padding-left: 25px" for="text_secret">Filter 
+						classname:</label>
+					<input type="text" name="customAuthFilterClassName" value="<%= customAuthFilterClassName %>"
+						id="custom_auth_filter_class_name" style="width:70%;padding:4px;">
+					<br>
 					<br>
 					<label for="allowedIPs">Allowed IP Addresses:</label>