org.acegisecurity.ui.basicauth.BasicProcessingFilter
|
||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||
java.lang.Object
public class BasicProcessingFilter
Processes a HTTP request's BASIC authorization headers, putting the result
into the SecurityContextHolder.
For a detailed background on what this filter is designed to process, refer to RFC 1945, Section 11.1. Any realm name presented in the HTTP request is ignored.
In summary, this filter is responsible for processing any request that has a
HTTP request header of Authorization with an authentication
scheme of Basic and a Base64-encoded
username:password token. For example, to authenticate user
"Aladdin" with password "open sesame" the following header would be
presented:
Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==.
This filter can be used to provide BASIC authentication services to both remoting protocol clients (such as Hessian and SOAP) as well as standard user agents (such as Internet Explorer and Netscape).
If authentication is successful, the resulting Authentication object
will be placed into the SecurityContextHolder.
If authentication fails, an AuthenticationEntryPoint implementation
is called. Usually this should be BasicProcessingFilterEntryPoint,
which will prompt the user to authenticate again via BASIC authentication.
Basic authentication is an attractive protocol because it is simple and
widely deployed. However, it still transmits a password in clear text and
as such is undesirable in many situations. Digest authentication is also
provided by Acegi Security and should be used instead of Basic
authentication wherever possible. See DigestProcessingFilter.
Do not use this class directly. Instead configure
web.xml to use the FilterToBeanProxy.
| Constructor Summary | |
|---|---|
BasicProcessingFilter()
|
|
| Method Summary | |
|---|---|
void |
afterPropertiesSet()
|
void |
destroy()
|
void |
doFilter(javax.servlet.ServletRequest request,
javax.servlet.ServletResponse response,
javax.servlet.FilterChain chain)
|
AuthenticationEntryPoint |
getAuthenticationEntryPoint()
|
AuthenticationManager |
getAuthenticationManager()
|
void |
init(javax.servlet.FilterConfig arg0)
|
void |
setAuthenticationEntryPoint(AuthenticationEntryPoint authenticationEntryPoint)
|
void |
setAuthenticationManager(AuthenticationManager authenticationManager)
|
| Methods inherited from class java.lang.Object |
|---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
| Constructor Detail |
|---|
public BasicProcessingFilter()
| Method Detail |
|---|
public void setAuthenticationEntryPoint(AuthenticationEntryPoint authenticationEntryPoint)
public AuthenticationEntryPoint getAuthenticationEntryPoint()
public void setAuthenticationManager(AuthenticationManager authenticationManager)
public AuthenticationManager getAuthenticationManager()
public void afterPropertiesSet()
throws Exception
afterPropertiesSet in interface InitializingBeanExceptionpublic void destroy()
destroy in interface javax.servlet.Filter
public void doFilter(javax.servlet.ServletRequest request,
javax.servlet.ServletResponse response,
javax.servlet.FilterChain chain)
throws IOException,
javax.servlet.ServletException
doFilter in interface javax.servlet.FilterIOException
javax.servlet.ServletException
public void init(javax.servlet.FilterConfig arg0)
throws javax.servlet.ServletException
init in interface javax.servlet.Filterjavax.servlet.ServletException
|
||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||