public abstract class AbstractProcessingFilter extends Object implements javax.servlet.Filter, org.springframework.beans.factory.InitializingBean, org.springframework.context.ApplicationEventPublisherAware, org.springframework.context.MessageSourceAware
This filter is responsible for processing authentication requests. If
authentication is successful, the resulting Authentication object
will be placed into the SecurityContext, which is guaranteed
to have already been created by an earlier filter.
If authentication fails, the AuthenticationException will be
placed into the HttpSession with the attribute defined by
ACEGI_SECURITY_LAST_EXCEPTION_KEY.
To use this filter, it is necessary to specify the following properties:
defaultTargetUrl indicates the URL that should be used
for redirection if the HttpSession attribute named
ACEGI_SAVED_REQUEST_KEY does not indicate the target URL once
authentication is completed successfully. eg: /. The
defaultTargetUrl will be treated as relative to the web-app's
context path, and should include the leading /.
Alternatively, inclusion of a scheme name (eg http:// or https://) as the
prefix will denote a fully-qualified URL and this is also supported.authenticationFailureUrl indicates the URL that should be
used for redirection if the authentication request fails. eg:
/login.jsp?login_error=1.filterProcessesUrl indicates the URL that this filter
will respond to. This parameter varies by subclass.alwaysUseDefaultTargetUrl causes successful
authentication to always redirect to the defaultTargetUrl,
even if the HttpSession attribute named ACEGI_SAVED_REQUEST_KEY defines the intended target URL.
To configure this filter to redirect to specific pages as the result of
specific AuthenticationExceptions you can do the following.
Configure the exceptionMappings property in your application
xml. This property is a java.util.Properties object that maps a
fully-qualified exception class name to a redirection url target. For
example:
<property name="exceptionMappings">
<props>
<prop> key="org.acegisecurity.BadCredentialsException">/bad_credentials.jsp</prop>
</props>
</property>
The example above would redirect all
BadCredentialsExceptions thrown, to a page in the
web-application called /bad_credentials.jsp.
Any AuthenticationException thrown that cannot be matched in the
exceptionMappings will be redirected to the
authenticationFailureUrl
If authentication is successful, an InteractiveAuthenticationSuccessEvent
will be published to the application context. No events will be published if
authentication was unsuccessful, because this would generally be recorded via
an AuthenticationManager-specific application event.
| Modifier and Type | Field and Description |
|---|---|
static String |
ACEGI_SAVED_REQUEST_KEY |
static String |
ACEGI_SECURITY_LAST_EXCEPTION_KEY |
protected AuthenticationDetailsSource |
authenticationDetailsSource |
protected org.springframework.context.ApplicationEventPublisher |
eventPublisher |
protected org.apache.commons.logging.Log |
logger |
protected org.springframework.context.support.MessageSourceAccessor |
messages |
| Constructor and Description |
|---|
AbstractProcessingFilter() |
| Modifier and Type | Method and Description |
|---|---|
void |
afterPropertiesSet() |
abstract Authentication |
attemptAuthentication(javax.servlet.http.HttpServletRequest request)
Performs actual authentication.
|
void |
destroy()
Does nothing.
|
protected String |
determineFailureUrl(javax.servlet.http.HttpServletRequest request,
AuthenticationException failed) |
protected String |
determineTargetUrl(javax.servlet.http.HttpServletRequest request) |
void |
doFilter(javax.servlet.ServletRequest request,
javax.servlet.ServletResponse response,
javax.servlet.FilterChain chain) |
AuthenticationDetailsSource |
getAuthenticationDetailsSource() |
String |
getAuthenticationFailureUrl() |
AuthenticationManager |
getAuthenticationManager() |
abstract String |
getDefaultFilterProcessesUrl()
Specifies the default
filterProcessesUrl for the
implementation. |
String |
getDefaultTargetUrl()
Supplies the default target Url that will be used if no saved request is
found or the alwaysUseDefaultTargetUrl propert is set to true.
|
Properties |
getExceptionMappings() |
String |
getFilterProcessesUrl() |
RememberMeServices |
getRememberMeServices() |
void |
init(javax.servlet.FilterConfig arg0)
Does nothing.
|
boolean |
isAlwaysUseDefaultTargetUrl() |
boolean |
isContinueChainBeforeSuccessfulAuthentication() |
static String |
obtainFullRequestUrl(javax.servlet.http.HttpServletRequest request) |
protected void |
onPreAuthentication(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response) |
protected void |
onSuccessfulAuthentication(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
Authentication authResult) |
protected void |
onUnsuccessfulAuthentication(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
AuthenticationException failed) |
protected boolean |
requiresAuthentication(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
Indicates whether this filter should attempt to process a login request
for the current invocation.
|
protected void |
sendRedirect(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
String url) |
void |
setAlwaysUseDefaultTargetUrl(boolean alwaysUseDefaultTargetUrl) |
void |
setApplicationEventPublisher(org.springframework.context.ApplicationEventPublisher eventPublisher) |
void |
setAuthenticationDetailsSource(AuthenticationDetailsSource authenticationDetailsSource) |
void |
setAuthenticationFailureUrl(String authenticationFailureUrl) |
void |
setAuthenticationManager(AuthenticationManager authenticationManager) |
void |
setBufferSize(int bufferSize) |
void |
setContinueChainBeforeSuccessfulAuthentication(boolean continueChainBeforeSuccessfulAuthentication) |
void |
setDefaultTargetUrl(String defaultTargetUrl) |
void |
setExceptionMappings(Properties exceptionMappings) |
void |
setFilterProcessesUrl(String filterProcessesUrl) |
void |
setMessageSource(org.springframework.context.MessageSource messageSource) |
void |
setRememberMeServices(RememberMeServices rememberMeServices) |
void |
setUseRelativeContext(boolean useRelativeContext) |
protected void |
successfulAuthentication(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
Authentication authResult) |
protected void |
unsuccessfulAuthentication(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
AuthenticationException failed) |
public static final String ACEGI_SAVED_REQUEST_KEY
public static final String ACEGI_SECURITY_LAST_EXCEPTION_KEY
protected org.springframework.context.ApplicationEventPublisher eventPublisher
protected AuthenticationDetailsSource authenticationDetailsSource
protected final org.apache.commons.logging.Log logger
protected org.springframework.context.support.MessageSourceAccessor messages
public void afterPropertiesSet()
throws Exception
afterPropertiesSet in interface org.springframework.beans.factory.InitializingBeanExceptionpublic abstract Authentication attemptAuthentication(javax.servlet.http.HttpServletRequest request) throws AuthenticationException
request - from which to extract parameters and perform the
authenticationAuthenticationException - if authentication failspublic void destroy()
destroy in interface javax.servlet.Filterpublic void doFilter(javax.servlet.ServletRequest request,
javax.servlet.ServletResponse response,
javax.servlet.FilterChain chain)
throws IOException,
javax.servlet.ServletException
doFilter in interface javax.servlet.FilterIOExceptionjavax.servlet.ServletExceptionpublic String getAuthenticationFailureUrl()
public AuthenticationManager getAuthenticationManager()
public abstract String getDefaultFilterProcessesUrl()
filterProcessesUrl for the
implementation.filterProcessesUrlpublic String getDefaultTargetUrl()
public Properties getExceptionMappings()
public String getFilterProcessesUrl()
public RememberMeServices getRememberMeServices()
public void init(javax.servlet.FilterConfig arg0)
throws javax.servlet.ServletException
init in interface javax.servlet.Filterarg0 - ignoredjavax.servlet.ServletException - ignoredpublic boolean isAlwaysUseDefaultTargetUrl()
public boolean isContinueChainBeforeSuccessfulAuthentication()
public static String obtainFullRequestUrl(javax.servlet.http.HttpServletRequest request)
protected void onPreAuthentication(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
throws AuthenticationException,
IOException
AuthenticationExceptionIOExceptionprotected void onSuccessfulAuthentication(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
Authentication authResult)
throws IOException
IOExceptionprotected void onUnsuccessfulAuthentication(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
AuthenticationException failed)
throws IOException
IOExceptionprotected boolean requiresAuthentication(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
Indicates whether this filter should attempt to process a login request for the current invocation.
It strips any parameters from the "path" section of the request URL (such
as the jsessionid parameter in
http://host/myapp/index.html;jsessionid=blah) before matching
against the filterProcessesUrl property.
Subclasses may override for special requirements, such as Tapestry integration.
request - as received from the filter chainresponse - as received from the filter chaintrue if the filter should attempt authentication,
false otherwiseprotected void sendRedirect(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
String url)
throws IOException
IOExceptionpublic void setAlwaysUseDefaultTargetUrl(boolean alwaysUseDefaultTargetUrl)
public void setApplicationEventPublisher(org.springframework.context.ApplicationEventPublisher eventPublisher)
setApplicationEventPublisher in interface org.springframework.context.ApplicationEventPublisherAwarepublic void setAuthenticationDetailsSource(AuthenticationDetailsSource authenticationDetailsSource)
public void setAuthenticationFailureUrl(String authenticationFailureUrl)
public void setAuthenticationManager(AuthenticationManager authenticationManager)
public void setContinueChainBeforeSuccessfulAuthentication(boolean continueChainBeforeSuccessfulAuthentication)
public void setDefaultTargetUrl(String defaultTargetUrl)
public void setExceptionMappings(Properties exceptionMappings)
public void setFilterProcessesUrl(String filterProcessesUrl)
public void setMessageSource(org.springframework.context.MessageSource messageSource)
setMessageSource in interface org.springframework.context.MessageSourceAwarepublic void setRememberMeServices(RememberMeServices rememberMeServices)
protected void successfulAuthentication(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
Authentication authResult)
throws IOException
IOExceptionprotected String determineTargetUrl(javax.servlet.http.HttpServletRequest request)
protected void unsuccessfulAuthentication(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
AuthenticationException failed)
throws IOException
IOExceptionprotected String determineFailureUrl(javax.servlet.http.HttpServletRequest request, AuthenticationException failed)
public AuthenticationDetailsSource getAuthenticationDetailsSource()
public void setBufferSize(int bufferSize)
public void setUseRelativeContext(boolean useRelativeContext)
Copyright © 2021. All rights reserved.