DigestProcessingFilter (Acegi Security System for Spring 1.0.0-RC1 API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.acegisecurity.ui.digestauth
Class DigestProcessingFilter

java.lang.Object
  org.acegisecurity.ui.digestauth.DigestProcessingFilter

All Implemented Interfaces:: javax.servlet.Filter, InitializingBean, MessageSourceAware

public class DigestProcessingFilter
extends Object
implements javax.servlet.Filter, InitializingBean, MessageSourceAware
extends Object
implements javax.servlet.Filter, InitializingBean, MessageSourceAware

Processes a HTTP request's Digest authorization headers, putting the result into the SecurityContextHolder.

For a detailed background on what this filter is designed to process, refer to RFC 2617 (which superseded RFC 2069, although this filter support clients that implement either RFC 2617 or RFC 2069).

This filter can be used to provide Digest authentication services to both remoting protocol clients (such as Hessian and SOAP) as well as standard user agents (such as Internet Explorer and FireFox).

This Digest implementation has been designed to avoid needing to store session state between invocations. All session management information is stored in the "nonce" that is sent to the client by the DigestProcessingFilterEntryPoint.

If authentication is successful, the resulting Authentication object will be placed into the SecurityContextHolder.

If authentication fails, an AuthenticationEntryPoint implementation is called. This must always be DigestProcessingFilterEntryPoint, which will prompt the user to authenticate again via Digest authentication.

Note there are limitations to Digest authentication, although it is a more comprehensive and secure solution than Basic authentication. Please see RFC 2617 section 4 for a full discussion on the advantages of Digest authentication over Basic authentication, including commentary on the limitations that it still imposes.

Do not use this class directly. Instead configure web.xml to use the FilterToBeanProxy.

Field Summary
`protected MessageSourceAccessor`	`messages`

Constructor Summary
`DigestProcessingFilter()`

Method Summary
`void`	`afterPropertiesSet()`
`void`	`destroy()`
`void`	`doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain)`
`static String`	`encodePasswordInA1Format(String username, String realm, String password)`
`static String`	`generateDigest(boolean passwordAlreadyEncoded, String username, String realm, String password, String httpMethod, String uri, String qop, String nonce, String nc, String cnonce)` Computes the `response` portion of a Digest authentication header.
`DigestProcessingFilterEntryPoint`	`getAuthenticationEntryPoint()`
`UserCache`	`getUserCache()`
`UserDetailsService`	`getUserDetailsService()`
`void`	`init(javax.servlet.FilterConfig ignored)`
`void`	`setAuthenticationEntryPoint(DigestProcessingFilterEntryPoint authenticationEntryPoint)`
`void`	`setMessageSource(MessageSource messageSource)`
`void`	`setPasswordAlreadyEncoded(boolean passwordAlreadyEncoded)`
`void`	`setUserCache(UserCache userCache)`
`void`	`setUserDetailsService(UserDetailsService authenticationDao)`

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Field Detail

messages

protected MessageSourceAccessor messages

Constructor Detail