AbstractProcessingFilter (Acegi Security System for Spring 1.0.0 API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.acegisecurity.ui
Class AbstractProcessingFilter

java.lang.Object
  org.acegisecurity.ui.AbstractProcessingFilter

All Implemented Interfaces:: javax.servlet.Filter, org.springframework.beans.factory.InitializingBean, org.springframework.context.ApplicationEventPublisherAware, org.springframework.context.MessageSourceAware

Direct Known Subclasses:: AuthenticationProcessingFilter, CasProcessingFilter

public abstract class AbstractProcessingFilter
extends java.lang.Object
implements javax.servlet.Filter, org.springframework.beans.factory.InitializingBean, org.springframework.context.ApplicationEventPublisherAware, org.springframework.context.MessageSourceAware
extends java.lang.Object
implements javax.servlet.Filter, org.springframework.beans.factory.InitializingBean, org.springframework.context.ApplicationEventPublisherAware, org.springframework.context.MessageSourceAware

Abstract processor of browser-based HTTP-based authentication requests.

This filter is responsible for processing authentication requests. If authentication is successful, the resulting Authentication object will be placed into the SecurityContext, which is guaranteed to have already been created by an earlier filter.

If authentication fails, the AuthenticationException will be placed into the HttpSession with the attribute defined by ACEGI_SECURITY_LAST_EXCEPTION_KEY.

To use this filter, it is necessary to specify the following properties:

defaultTargetUrl indicates the URL that should be used for redirection if the HttpSession attribute named ACEGI_SAVED_REQUEST_KEY does not indicate the target URL once authentication is completed successfully. eg: /. The defaultTargetUrl will be treated as relative to the web-app's context path, and should include the leading /. Alternatively, inclusion of a scheme name (eg http:// or https://) as the prefix will denote a fully-qualified URL and this is also supported.
authenticationFailureUrl indicates the URL that should be used for redirection if the authentication request fails. eg: /login.jsp?login_error=1.
filterProcessesUrl indicates the URL that this filter will respond to. This parameter varies by subclass.
alwaysUseDefaultTargetUrl causes successful authentication to always redirect to the defaultTargetUrl, even if the HttpSession attribute named ACEGI_SAVED_REQUEST_KEY defines the intended target URL.

To configure this filter to redirect to specific pages as the result of specific AuthenticationExceptions you can do the following. Configure the exceptionMappings property in your application xml. This property is a java.util.Properties object that maps a fully-qualified exception class name to a redirection url target.
For example:
<property name="exceptionMappings"> * <props> * <prop> key="org.acegisecurity.BadCredentialsException">/bad_credentials.jsp</prop> * </props> * </property> *
The example above would redirect all BadCredentialsExceptions thrown, to a page in the web-application called /bad_credentials.jsp.

Any AuthenticationException thrown that cannot be matched in the exceptionMappings will be redirected to the authenticationFailureUrl

If authentication is successful, an InteractiveAuthenticationSuccessEvent will be published to the application context. No events will be published if authentication was unsuccessful, because this would generally be recorded via an AuthenticationManager-specific application event.

Version:: $Id: AbstractProcessingFilter.java 1496 2006-05-23 13:38:33Z benalex $
Author:: Ben Alex

Field Summary
`static java.lang.String`	`ACEGI_SAVED_REQUEST_KEY`
`static java.lang.String`	`ACEGI_SECURITY_LAST_EXCEPTION_KEY`
`protected AuthenticationDetailsSource`	`authenticationDetailsSource`
`protected org.springframework.context.ApplicationEventPublisher`	`eventPublisher`
`protected org.apache.commons.logging.Log`	`logger`
`protected org.springframework.context.support.MessageSourceAccessor`	`messages`

Constructor Summary
`AbstractProcessingFilter()`

Method Summary
`void`	`afterPropertiesSet()`
`abstract Authentication`	`attemptAuthentication(javax.servlet.http.HttpServletRequest request)` Performs actual authentication.
`void`	`destroy()` Does nothing.
`void`	`doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain)`
`java.lang.String`	`getAuthenticationFailureUrl()`
`AuthenticationManager`	`getAuthenticationManager()`
`abstract java.lang.String`	`getDefaultFilterProcessesUrl()` Specifies the default `filterProcessesUrl` for the implementation.
`java.lang.String`	`getDefaultTargetUrl()`
`java.util.Properties`	`getExceptionMappings()`
`java.lang.String`	`getFilterProcessesUrl()`
`RememberMeServices`	`getRememberMeServices()`
`void`	`init(javax.servlet.FilterConfig arg0)` Does nothing.
`boolean`	`isAlwaysUseDefaultTargetUrl()`
`boolean`	`isContinueChainBeforeSuccessfulAuthentication()`
`static java.lang.String`	`obtainFullRequestUrl(javax.servlet.http.HttpServletRequest request)`
`protected void`	`onPreAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)`
`protected void`	`onSuccessfulAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, Authentication authResult)`
`protected void`	`onUnsuccessfulAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, AuthenticationException failed)`
`protected boolean`	`requiresAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)` Indicates whether this filter should attempt to process a login request for the current invocation.
`protected void`	`sendRedirect(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, java.lang.String failureUrl)`
`void`	`setAlwaysUseDefaultTargetUrl(boolean alwaysUseDefaultTargetUrl)`
`void`	`setApplicationEventPublisher(org.springframework.context.ApplicationEventPublisher eventPublisher)`
`void`	`setAuthenticationDetailsSource(AuthenticationDetailsSource authenticationDetailsSource)`
`void`	`setAuthenticationFailureUrl(java.lang.String authenticationFailureUrl)`
`void`	`setAuthenticationManager(AuthenticationManager authenticationManager)`
`void`	`setContinueChainBeforeSuccessfulAuthentication(boolean continueChainBeforeSuccessfulAuthentication)`
`void`	`setDefaultTargetUrl(java.lang.String defaultTargetUrl)`
`void`	`setExceptionMappings(java.util.Properties exceptionMappings)`
`void`	`setFilterProcessesUrl(java.lang.String filterProcessesUrl)`
`void`	`setMessageSource(org.springframework.context.MessageSource messageSource)`
`void`	`setRememberMeServices(RememberMeServices rememberMeServices)`
`protected void`	`successfulAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, Authentication authResult)`
`protected void`	`unsuccessfulAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, AuthenticationException failed)`

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Field Detail

ACEGI_SAVED_REQUEST_KEY

public static final java.lang.String ACEGI_SAVED_REQUEST_KEY

See Also:: Constant Field Values

ACEGI_SECURITY_LAST_EXCEPTION_KEY

public static final java.lang.String ACEGI_SECURITY_LAST_EXCEPTION_KEY

See Also:: Constant Field Values

eventPublisher

protected org.springframework.context.ApplicationEventPublisher eventPublisher

authenticationDetailsSource

protected AuthenticationDetailsSource authenticationDetailsSource

logger

protected final org.apache.commons.logging.Log logger

messages

protected org.springframework.context.support.MessageSourceAccessor messages

Constructor Detail