org.acegisecurity.ui.AbstractProcessingFilter
|
||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||
java.lang.Object
public abstract class AbstractProcessingFilter
Abstract processor of browser-based HTTP-based authentication requests.
This filter is responsible for processing authentication requests. If
authentication is successful, the resulting Authentication object
will be placed into the SecurityContext, which is guaranteed
to have already been created by an earlier filter.
If authentication fails, the AuthenticationException will be
placed into the HttpSession with the attribute defined by
ACEGI_SECURITY_LAST_EXCEPTION_KEY.
To use this filter, it is necessary to specify the following properties:
defaultTargetUrl indicates the URL that should be used for
redirection if the HttpSession attribute named ACEGI_SECURITY_TARGET_URL_KEY does not indicate the target URL once
authentication is completed successfully. eg: /. This will be
treated as relative to the web-app's context path, and should include the
leading /.
authenticationFailureUrl indicates the URL that should be used
for redirection if the authentication request fails. eg:
/login.jsp?login_error=1.
filterProcessesUrl indicates the URL that this filter will
respond to. This parameter varies by subclass.
alwaysUseDefaultTargetUrl causes successful authentication to
always redirect to the defaultTargetUrl, even if the
HttpSession attribute named ACEGI_SECURITY_TARGET_URL_KEY defines the intended target URL.
To configure this filter to redirect to specific pages as the result of
specific AuthenticationExceptions you can do the following.
Configure the exceptionMappings property in your application
xml. This property is a java.util.Properties object that maps a
fully-qualified exception class name to a redirection url target.
For example:
<property name="exceptionMappings">
<props>
<prop> key="org.acegisecurity.BadCredentialsException">/bad_credentials.jsp</prop>
</props>
</property>
The example above would redirect all BadCredentialsExceptions thrown, to a page in the
web-application called /bad_credentials.jsp.
Any AuthenticationException thrown that cannot be matched in the
exceptionMappings will be redirected to the
authenticationFailureUrl
If authentication is successful, an InteractiveAuthenticationSuccessEvent
will be published to the application context. No events will be published
if authentication was unsuccessful, because this would generally be
recorded via an AuthenticationManager-specific application
event.
| Field Summary | |
|---|---|
static String |
ACEGI_SECURITY_LAST_EXCEPTION_KEY
|
static String |
ACEGI_SECURITY_TARGET_URL_KEY
|
protected static org.apache.commons.logging.Log |
logger
|
protected MessageSourceAccessor |
messages
|
| Constructor Summary | |
|---|---|
AbstractProcessingFilter()
|
|
| Method Summary | |
|---|---|
void |
afterPropertiesSet()
|
abstract Authentication |
attemptAuthentication(javax.servlet.http.HttpServletRequest request)
Performs actual authentication. |
void |
destroy()
Does nothing. |
void |
doFilter(javax.servlet.ServletRequest request,
javax.servlet.ServletResponse response,
javax.servlet.FilterChain chain)
|
String |
getAuthenticationFailureUrl()
|
AuthenticationManager |
getAuthenticationManager()
|
abstract String |
getDefaultFilterProcessesUrl()
Specifies the default filterProcessesUrl for the
implementation. |
String |
getDefaultTargetUrl()
|
Properties |
getExceptionMappings()
|
String |
getFilterProcessesUrl()
|
RememberMeServices |
getRememberMeServices()
|
void |
init(javax.servlet.FilterConfig arg0)
Does nothing. |
boolean |
isAlwaysUseDefaultTargetUrl()
|
boolean |
isContinueChainBeforeSuccessfulAuthentication()
|
protected void |
onPreAuthentication(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
|
protected void |
onSuccessfulAuthentication(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
Authentication authResult)
|
protected void |
onUnsuccessfulAuthentication(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
|
protected boolean |
requiresAuthentication(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
Indicates whether this filter should attempt to process a login request for the current invocation. |
void |
setAlwaysUseDefaultTargetUrl(boolean alwaysUseDefaultTargetUrl)
|
void |
setApplicationEventPublisher(ApplicationEventPublisher eventPublisher)
|
void |
setAuthenticationFailureUrl(String authenticationFailureUrl)
|
void |
setAuthenticationManager(AuthenticationManager authenticationManager)
|
void |
setContinueChainBeforeSuccessfulAuthentication(boolean continueChainBeforeSuccessfulAuthentication)
|
void |
setDefaultTargetUrl(String defaultTargetUrl)
|
void |
setExceptionMappings(Properties exceptionMappings)
|
void |
setFilterProcessesUrl(String filterProcessesUrl)
|
void |
setMessageSource(MessageSource messageSource)
|
void |
setRememberMeServices(RememberMeServices rememberMeServices)
|
protected void |
successfulAuthentication(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
Authentication authResult)
|
protected void |
unsuccessfulAuthentication(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
AuthenticationException failed)
|
| Methods inherited from class java.lang.Object |
|---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
| Field Detail |
|---|
public static final String ACEGI_SECURITY_TARGET_URL_KEY
public static final String ACEGI_SECURITY_LAST_EXCEPTION_KEY
protected static final org.apache.commons.logging.Log logger
protected MessageSourceAccessor messages
| Constructor Detail |
|---|
public AbstractProcessingFilter()
| Method Detail |
|---|
public void afterPropertiesSet()
throws Exception
afterPropertiesSet in interface InitializingBeanException
public abstract Authentication attemptAuthentication(javax.servlet.http.HttpServletRequest request)
throws AuthenticationException
request - from which to extract parameters and perform the
authentication
AuthenticationException - if authentication failspublic void destroy()
destroy in interface javax.servlet.Filter
public void doFilter(javax.servlet.ServletRequest request,
javax.servlet.ServletResponse response,
javax.servlet.FilterChain chain)
throws IOException,
javax.servlet.ServletException
doFilter in interface javax.servlet.FilterIOException
javax.servlet.ServletExceptionpublic String getAuthenticationFailureUrl()
public AuthenticationManager getAuthenticationManager()
public abstract String getDefaultFilterProcessesUrl()
filterProcessesUrl for the
implementation.
filterProcessesUrlpublic String getDefaultTargetUrl()
public Properties getExceptionMappings()
public String getFilterProcessesUrl()
public RememberMeServices getRememberMeServices()
public void init(javax.servlet.FilterConfig arg0)
throws javax.servlet.ServletException
init in interface javax.servlet.Filterarg0 - ignored
javax.servlet.ServletException - ignoredpublic boolean isAlwaysUseDefaultTargetUrl()
public boolean isContinueChainBeforeSuccessfulAuthentication()
protected void onPreAuthentication(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
throws IOException
IOException
protected void onSuccessfulAuthentication(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
Authentication authResult)
throws IOException
IOException
protected void onUnsuccessfulAuthentication(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
throws IOException
IOException
protected boolean requiresAuthentication(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
Indicates whether this filter should attempt to process a login request for the current invocation.
It strips any parameters from the "path" section of the request URL
(such as the jsessionid parameter in
http://host/myapp/index.html;jsessionid=blah) before matching
against the filterProcessesUrl property.
Subclasses may override for special requirements, such as Tapestry integration.
request - as received from the filter chainresponse - as received from the filter chain
true if the filter should attempt authentication,
false otherwisepublic void setAlwaysUseDefaultTargetUrl(boolean alwaysUseDefaultTargetUrl)
public void setApplicationEventPublisher(ApplicationEventPublisher eventPublisher)
setApplicationEventPublisher in interface ApplicationEventPublisherAwarepublic void setAuthenticationFailureUrl(String authenticationFailureUrl)
public void setAuthenticationManager(AuthenticationManager authenticationManager)
public void setContinueChainBeforeSuccessfulAuthentication(boolean continueChainBeforeSuccessfulAuthentication)
public void setDefaultTargetUrl(String defaultTargetUrl)
public void setExceptionMappings(Properties exceptionMappings)
public void setFilterProcessesUrl(String filterProcessesUrl)
public void setMessageSource(MessageSource messageSource)
setMessageSource in interface MessageSourceAwarepublic void setRememberMeServices(RememberMeServices rememberMeServices)
protected void successfulAuthentication(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
Authentication authResult)
throws IOException
IOException
protected void unsuccessfulAuthentication(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
AuthenticationException failed)
throws IOException
IOException
|
||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||