|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectorg.acegisecurity.ui.AbstractProcessingFilter
public abstract class AbstractProcessingFilter
Abstract processor of browser-based HTTP-based authentication requests.
This filter is responsible for processing authentication requests. If
authentication is successful, the resulting Authentication
object
will be placed into the SecurityContext
, which is guaranteed
to have already been created by an earlier filter.
If authentication fails, the AuthenticationException
will be
placed into the HttpSession
with the attribute defined by
ACEGI_SECURITY_LAST_EXCEPTION_KEY
.
To use this filter, it is necessary to specify the following properties:
defaultTargetUrl
indicates the URL that should be used
for redirection if the HttpSession
attribute named
ACEGI_SAVED_REQUEST_KEY
does not indicate the target URL once
authentication is completed successfully. eg: /
. The
defaultTargetUrl
will be treated as relative to the web-app's
context path, and should include the leading /
.
Alternatively, inclusion of a scheme name (eg http:// or https://) as the
prefix will denote a fully-qualified URL and this is also supported.authenticationFailureUrl
indicates the URL that should be
used for redirection if the authentication request fails. eg:
/login.jsp?login_error=1
.filterProcessesUrl
indicates the URL that this filter
will respond to. This parameter varies by subclass.alwaysUseDefaultTargetUrl
causes successful
authentication to always redirect to the defaultTargetUrl
,
even if the HttpSession
attribute named ACEGI_SAVED_REQUEST_KEY
defines the intended target URL.
To configure this filter to redirect to specific pages as the result of
specific AuthenticationException
s you can do the following.
Configure the exceptionMappings
property in your application
xml. This property is a java.util.Properties object that maps a
fully-qualified exception class name to a redirection url target. For
example:
<property name="exceptionMappings"> <props> <prop> key="org.acegisecurity.BadCredentialsException">/bad_credentials.jsp</prop> </props> </property>The example above would redirect all
BadCredentialsException
s thrown, to a page in the
web-application called /bad_credentials.jsp.
Any AuthenticationException
thrown that cannot be matched in the
exceptionMappings
will be redirected to the
authenticationFailureUrl
If authentication is successful, an InteractiveAuthenticationSuccessEvent
will be published to the application context. No events will be published if
authentication was unsuccessful, because this would generally be recorded via
an AuthenticationManager
-specific application event.
Field Summary | |
---|---|
static String |
ACEGI_SAVED_REQUEST_KEY
|
static String |
ACEGI_SECURITY_LAST_EXCEPTION_KEY
|
protected AuthenticationDetailsSource |
authenticationDetailsSource
|
protected org.springframework.context.ApplicationEventPublisher |
eventPublisher
|
protected org.apache.commons.logging.Log |
logger
|
protected org.springframework.context.support.MessageSourceAccessor |
messages
|
Constructor Summary | |
---|---|
AbstractProcessingFilter()
|
Method Summary | |
---|---|
void |
afterPropertiesSet()
|
abstract Authentication |
attemptAuthentication(javax.servlet.http.HttpServletRequest request)
Performs actual authentication. |
void |
destroy()
Does nothing. |
protected String |
determineFailureUrl(javax.servlet.http.HttpServletRequest request,
AuthenticationException failed)
|
protected String |
determineTargetUrl(javax.servlet.http.HttpServletRequest request)
|
void |
doFilter(javax.servlet.ServletRequest request,
javax.servlet.ServletResponse response,
javax.servlet.FilterChain chain)
|
AuthenticationDetailsSource |
getAuthenticationDetailsSource()
|
String |
getAuthenticationFailureUrl()
|
AuthenticationManager |
getAuthenticationManager()
|
abstract String |
getDefaultFilterProcessesUrl()
Specifies the default filterProcessesUrl for the
implementation. |
String |
getDefaultTargetUrl()
Supplies the default target Url that will be used if no saved request is found or the alwaysUseDefaultTargetUrl propert is set to true. |
Properties |
getExceptionMappings()
|
String |
getFilterProcessesUrl()
|
RememberMeServices |
getRememberMeServices()
|
void |
init(javax.servlet.FilterConfig arg0)
Does nothing. |
boolean |
isAlwaysUseDefaultTargetUrl()
|
boolean |
isContinueChainBeforeSuccessfulAuthentication()
|
static String |
obtainFullRequestUrl(javax.servlet.http.HttpServletRequest request)
|
protected void |
onPreAuthentication(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
|
protected void |
onSuccessfulAuthentication(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
Authentication authResult)
|
protected void |
onUnsuccessfulAuthentication(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
AuthenticationException failed)
|
protected boolean |
requiresAuthentication(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
Indicates whether this filter should attempt to process a login request for the current invocation. |
protected void |
sendRedirect(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
String url)
|
void |
setAlwaysUseDefaultTargetUrl(boolean alwaysUseDefaultTargetUrl)
|
void |
setApplicationEventPublisher(org.springframework.context.ApplicationEventPublisher eventPublisher)
|
void |
setAuthenticationDetailsSource(AuthenticationDetailsSource authenticationDetailsSource)
|
void |
setAuthenticationFailureUrl(String authenticationFailureUrl)
|
void |
setAuthenticationManager(AuthenticationManager authenticationManager)
|
void |
setBufferSize(int bufferSize)
|
void |
setContinueChainBeforeSuccessfulAuthentication(boolean continueChainBeforeSuccessfulAuthentication)
|
void |
setDefaultTargetUrl(String defaultTargetUrl)
|
void |
setExceptionMappings(Properties exceptionMappings)
|
void |
setFilterProcessesUrl(String filterProcessesUrl)
|
void |
setMessageSource(org.springframework.context.MessageSource messageSource)
|
void |
setRememberMeServices(RememberMeServices rememberMeServices)
|
void |
setUseRelativeContext(boolean useRelativeContext)
|
protected void |
successfulAuthentication(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
Authentication authResult)
|
protected void |
unsuccessfulAuthentication(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
AuthenticationException failed)
|
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
public static final String ACEGI_SAVED_REQUEST_KEY
public static final String ACEGI_SECURITY_LAST_EXCEPTION_KEY
protected org.springframework.context.ApplicationEventPublisher eventPublisher
protected AuthenticationDetailsSource authenticationDetailsSource
protected final org.apache.commons.logging.Log logger
protected org.springframework.context.support.MessageSourceAccessor messages
Constructor Detail |
---|
public AbstractProcessingFilter()
Method Detail |
---|
public void afterPropertiesSet() throws Exception
afterPropertiesSet
in interface org.springframework.beans.factory.InitializingBean
Exception
public abstract Authentication attemptAuthentication(javax.servlet.http.HttpServletRequest request) throws AuthenticationException
request
- from which to extract parameters and perform the
authentication
AuthenticationException
- if authentication failspublic void destroy()
destroy
in interface javax.servlet.Filter
public void doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain) throws IOException, javax.servlet.ServletException
doFilter
in interface javax.servlet.Filter
IOException
javax.servlet.ServletException
public String getAuthenticationFailureUrl()
public AuthenticationManager getAuthenticationManager()
public abstract String getDefaultFilterProcessesUrl()
filterProcessesUrl
for the
implementation.
filterProcessesUrl
public String getDefaultTargetUrl()
public Properties getExceptionMappings()
public String getFilterProcessesUrl()
public RememberMeServices getRememberMeServices()
public void init(javax.servlet.FilterConfig arg0) throws javax.servlet.ServletException
init
in interface javax.servlet.Filter
arg0
- ignored
javax.servlet.ServletException
- ignoredpublic boolean isAlwaysUseDefaultTargetUrl()
public boolean isContinueChainBeforeSuccessfulAuthentication()
public static String obtainFullRequestUrl(javax.servlet.http.HttpServletRequest request)
protected void onPreAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws AuthenticationException, IOException
AuthenticationException
IOException
protected void onSuccessfulAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, Authentication authResult) throws IOException
IOException
protected void onUnsuccessfulAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, AuthenticationException failed) throws IOException
IOException
protected boolean requiresAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
Indicates whether this filter should attempt to process a login request for the current invocation.
It strips any parameters from the "path" section of the request URL (such
as the jsessionid parameter in
http://host/myapp/index.html;jsessionid=blah) before matching
against the filterProcessesUrl
property.
Subclasses may override for special requirements, such as Tapestry integration.
request
- as received from the filter chainresponse
- as received from the filter chain
true
if the filter should attempt authentication,
false
otherwiseprotected void sendRedirect(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, String url) throws IOException
IOException
public void setAlwaysUseDefaultTargetUrl(boolean alwaysUseDefaultTargetUrl)
public void setApplicationEventPublisher(org.springframework.context.ApplicationEventPublisher eventPublisher)
setApplicationEventPublisher
in interface org.springframework.context.ApplicationEventPublisherAware
public void setAuthenticationDetailsSource(AuthenticationDetailsSource authenticationDetailsSource)
public void setAuthenticationFailureUrl(String authenticationFailureUrl)
public void setAuthenticationManager(AuthenticationManager authenticationManager)
public void setContinueChainBeforeSuccessfulAuthentication(boolean continueChainBeforeSuccessfulAuthentication)
public void setDefaultTargetUrl(String defaultTargetUrl)
public void setExceptionMappings(Properties exceptionMappings)
public void setFilterProcessesUrl(String filterProcessesUrl)
public void setMessageSource(org.springframework.context.MessageSource messageSource)
setMessageSource
in interface org.springframework.context.MessageSourceAware
public void setRememberMeServices(RememberMeServices rememberMeServices)
protected void successfulAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, Authentication authResult) throws IOException
IOException
protected String determineTargetUrl(javax.servlet.http.HttpServletRequest request)
protected void unsuccessfulAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, AuthenticationException failed) throws IOException
IOException
protected String determineFailureUrl(javax.servlet.http.HttpServletRequest request, AuthenticationException failed)
public AuthenticationDetailsSource getAuthenticationDetailsSource()
public void setBufferSize(int bufferSize)
public void setUseRelativeContext(boolean useRelativeContext)
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |