AuthenticationProcessingFilter (Acegi Security Core 1.0.7 API)

java.lang.Object
- org.acegisecurity.ui.AbstractProcessingFilter
- - org.acegisecurity.ui.webapp.AuthenticationProcessingFilter

All Implemented Interfaces:

javax.servlet.Filter, org.springframework.beans.factory.Aware, org.springframework.beans.factory.InitializingBean, org.springframework.context.ApplicationEventPublisherAware, org.springframework.context.MessageSourceAware

Direct Known Subclasses:

SiteminderAuthenticationProcessingFilter
```
public class AuthenticationProcessingFilter
extends AbstractProcessingFilter
```
Processes an authentication form.
Login forms must present two parameters to this filter: a username and password. The parameter names to use are contained in the static fields ACEGI_SECURITY_FORM_USERNAME_KEY and ACEGI_SECURITY_FORM_PASSWORD_KEY.

Do not use this class directly. Instead configure web.xml to use the FilterToBeanProxy.

Version:

$Id: AuthenticationProcessingFilter.java 2110 2007-09-14 14:32:19Z luke_t $

Author:

Ben Alex, Colin Sampaleanu

Field Summary

Fields
Modifier and Type	Field and Description
`static String`	`ACEGI_SECURITY_FORM_PASSWORD_KEY`
`static String`	`ACEGI_SECURITY_FORM_USERNAME_KEY`
`static String`	`ACEGI_SECURITY_LAST_USERNAME_KEY`

Fields inherited from class org.acegisecurity.ui.AbstractProcessingFilter
ACEGI_SAVED_REQUEST_KEY, ACEGI_SECURITY_LAST_EXCEPTION_KEY, authenticationDetailsSource, eventPublisher, logger, messages

Constructor Summary

Constructors
Constructor and Description

AuthenticationProcessingFilter()

Constructors
Constructor and Description
`AuthenticationProcessingFilter()`

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`Authentication`	`attemptAuthentication(javax.servlet.http.HttpServletRequest request)` Performs actual authentication.
`String`	`getDefaultFilterProcessesUrl()` This filter by default responds to `/j_acegi_security_check`.
`void`	`init(javax.servlet.FilterConfig filterConfig)` Does nothing.
`protected String`	`obtainPassword(javax.servlet.http.HttpServletRequest request)` Enables subclasses to override the composition of the password, such as by including additional values and a separator.
`protected String`	`obtainUsername(javax.servlet.http.HttpServletRequest request)` Enables subclasses to override the composition of the username, such as by including additional values and a separator.
`protected void`	`setDetails(javax.servlet.http.HttpServletRequest request, UsernamePasswordAuthenticationToken authRequest)` Provided so that subclasses may configure what is put into the authentication request's details property.

Methods inherited from class org.acegisecurity.ui.AbstractProcessingFilter
afterPropertiesSet, destroy, determineFailureUrl, determineTargetUrl, doFilter, getAuthenticationDetailsSource, getAuthenticationFailureUrl, getAuthenticationManager, getDefaultTargetUrl, getExceptionMappings, getFilterProcessesUrl, getRememberMeServices, isAlwaysUseDefaultTargetUrl, isContinueChainBeforeSuccessfulAuthentication, obtainFullRequestUrl, onPreAuthentication, onSuccessfulAuthentication, onUnsuccessfulAuthentication, requiresAuthentication, sendRedirect, setAlwaysUseDefaultTargetUrl, setApplicationEventPublisher, setAuthenticationDetailsSource, setAuthenticationFailureUrl, setAuthenticationManager, setBufferSize, setContinueChainBeforeSuccessfulAuthentication, setDefaultTargetUrl, setExceptionMappings, setFilterProcessesUrl, setMessageSource, setRememberMeServices, setUseRelativeContext, successfulAuthentication, unsuccessfulAuthentication

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Field Detail
  - ACEGI_SECURITY_FORM_USERNAME_KEY
```
public static final String ACEGI_SECURITY_FORM_USERNAME_KEY
```
    See Also:
    
    Constant Field Values
  - ACEGI_SECURITY_FORM_PASSWORD_KEY
```
public static final String ACEGI_SECURITY_FORM_PASSWORD_KEY
```
    See Also:
    
    Constant Field Values
  - ACEGI_SECURITY_LAST_USERNAME_KEY
```
public static final String ACEGI_SECURITY_LAST_USERNAME_KEY
```
    See Also:
    
    Constant Field Values
- Constructor Detail
  - AuthenticationProcessingFilter
```
public AuthenticationProcessingFilter()
```
- Method Detail
  - attemptAuthentication
```
public Authentication attemptAuthentication(javax.servlet.http.HttpServletRequest request)
                                     throws AuthenticationException
```
    Description copied from class: AbstractProcessingFilter
    
    Performs actual authentication.
    
    Specified by:
    
    attemptAuthentication in class AbstractProcessingFilter
    
    Parameters:
    
    request - from which to extract parameters and perform the authentication
    
    Returns:
    
    the authenticated user
    
    Throws:
    
    AuthenticationException - if authentication fails
  - getDefaultFilterProcessesUrl
```
public String getDefaultFilterProcessesUrl()
```
    This filter by default responds to /j_acegi_security_check.
    
    Specified by:
    
    getDefaultFilterProcessesUrl in class AbstractProcessingFilter
    
    Returns:
    
    the default
  - init
```
public void init(javax.servlet.FilterConfig filterConfig)
          throws javax.servlet.ServletException
```
    Description copied from class: AbstractProcessingFilter
    
    Does nothing. We use IoC container lifecycle services instead.
    
    Specified by:
    
    init in interface javax.servlet.Filter
    
    Overrides:
    
    init in class AbstractProcessingFilter
    
    Parameters:
    
    filterConfig - ignored
    
    Throws:
    
    javax.servlet.ServletException - ignored
  - obtainPassword
```
protected String obtainPassword(javax.servlet.http.HttpServletRequest request)
```
    Enables subclasses to override the composition of the password, such as by including additional values and a separator.
    This might be used for example if a postcode/zipcode was required in addition to the password. A delimiter such as a pipe (|) should be used to separate the password and extended value(s). The AuthenticationDao will need to generate the expected password in a corresponding manner.
    
    Parameters:
    
    request - so that request attributes can be retrieved
    
    Returns:
    
    the password that will be presented in the Authentication request token to the AuthenticationManager
  - obtainUsername
```
protected String obtainUsername(javax.servlet.http.HttpServletRequest request)
```
    Enables subclasses to override the composition of the username, such as by including additional values and a separator.
    
    Parameters:
    
    request - so that request attributes can be retrieved
    
    Returns:
    
    the username that will be presented in the Authentication request token to the AuthenticationManager
  - setDetails
```
protected void setDetails(javax.servlet.http.HttpServletRequest request,
                          UsernamePasswordAuthenticationToken authRequest)
```
    Provided so that subclasses may configure what is put into the authentication request's details property.
    
    Parameters:
    
    request - that an authentication request is being created for
    
    authRequest - the authentication request object that should have its details set

Class AuthenticationProcessingFilter

Field Summary

Fields inherited from class org.acegisecurity.ui.AbstractProcessingFilter

Constructor Summary

Method Summary

Methods inherited from class org.acegisecurity.ui.AbstractProcessingFilter

Methods inherited from class java.lang.Object

Field Detail

ACEGI_SECURITY_FORM_USERNAME_KEY

ACEGI_SECURITY_FORM_PASSWORD_KEY

ACEGI_SECURITY_LAST_USERNAME_KEY

Constructor Detail

AuthenticationProcessingFilter

Method Detail

attemptAuthentication

getDefaultFilterProcessesUrl

init

obtainPassword

obtainUsername

setDetails