|
|||||||||
| Home >> All >> net >> sf >> acegisecurity >> [ ui overview ] | PREV CLASS NEXT CLASS | ||||||||
SUMMARY:  JAVADOC |  SOURCE |  DOWNLOAD | NESTED | FIELD | CONSTR | METHOD |
DETAIL: FIELD | CONSTR | METHOD | ||||||||
net.sf.acegisecurity.ui
Class AbstractProcessingFilter
java.lang.Objectnet.sf.acegisecurity.ui.AbstractProcessingFilter
- All Implemented Interfaces:
- javax.servlet.Filter, org.springframework.beans.factory.InitializingBean
- public abstract class AbstractProcessingFilter
- extends java.lang.Object
- implements javax.servlet.Filter, org.springframework.beans.factory.InitializingBean
- extends java.lang.Object
Abstract processor of browser-based HTTP-based authentication requests.
This filter is responsible for processing authentication requests. If
authentication is successful, the resulting net.sf.acegisecurity.Authentication object
will be placed into the ContextHolder, which is guaranteed to
have already been created by an earlier filter.
If authentication fails, the AuthenticationException will be
placed into the HttpSession with the attribute defined by
ACEGI_SECURITY_LAST_EXCEPTION_KEY 55 .
To use this filter, it is necessary to specify the following properties:
-
defaultTargetUrlindicates the URL that should be used for redirection if theHttpSessionattribute namedACEGI_SECURITY_TARGET_URL_KEY55 does not indicate the target URL once authentication is completed successfully. eg:/. This will be treated as relative to the web-app's context path, and should include the leading/. -
authenticationFailureUrlindicates the URL that should be used for redirection if the authentication request fails. eg:/login.jsp?login_error=1. -
filterProcessesUrlindicates the URL that this filter will respond to. This parameter varies by subclass. -
alwaysUseDefaultTargetUrlcauses successful authentication to always redirect to thedefaultTargetUrl, even if theHttpSessionattribute namedACEGI_SECURITY_TARGET_URL_KEY55 defines the intended target URL.
To configure this filter to redirect to specific pages as the result of
specific net.sf.acegisecurity.AuthenticationExceptions you can do the following.
Configure the exceptionMappings property in your application
xml. This property is a java.util.Properties object that maps a
fully-qualified exception class name to a redirection url target.
For example:
<property name="exceptionMappings">
<props>
<prop> key="net.sf.acegisecurity.BadCredentialsException">/bad_credentials.jsp</prop>
</props>
</property>
The example above would redirect all net.sf.acegisecurity.BadCredentialsExceptions thrown, to a page in the
web-application called /bad_credentials.jsp.
Any net.sf.acegisecurity.AuthenticationException thrown that cannot be matched in the
exceptionMappings will be redirected to the
authenticationFailureUrl
- Version:
- $Id: AbstractProcessingFilter.java,v 1.17 2005/04/18 16:24:33 luke_t Exp $
| Field Summary | |
static java.lang.String |
ACEGI_SECURITY_LAST_EXCEPTION_KEY
|
static java.lang.String |
ACEGI_SECURITY_TARGET_URL_KEY
|
private boolean |
alwaysUseDefaultTargetUrl
If true, will always redirect to defaultTargetUrl 55
upon successful authentication, irrespective of the page that caused
the authentication request (defaults to false). |
private java.lang.String |
authenticationFailureUrl
Where to redirect the browser to if authentication fails |
private net.sf.acegisecurity.AuthenticationManager |
authenticationManager
|
private boolean |
continueChainBeforeSuccessfulAuthentication
Indicates if the filter chain should be continued prior to delegation to successfulAuthentication(HttpServletRequest,
HttpServletResponse, Authentication) 55 , which may be useful in certain
environment (eg Tapestry). |
private java.lang.String |
defaultTargetUrl
Where to redirect the browser to if authentication is successful but ACEGI_SECURITY_TARGET_URL_KEY is null |
private java.util.Properties |
exceptionMappings
|
private java.lang.String |
filterProcessesUrl
The URL destination that this filter intercepts and processes (usually something like /j_acegi_security_check) |
protected static org.apache.commons.logging.Log |
logger
|
private net.sf.acegisecurity.ui.rememberme.RememberMeServices |
rememberMeServices
|
| Constructor Summary | |
AbstractProcessingFilter()
|
|
| Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
| Field Detail |
ACEGI_SECURITY_TARGET_URL_KEY
public static final java.lang.String ACEGI_SECURITY_TARGET_URL_KEY
- See Also:
- Constant Field Values
ACEGI_SECURITY_LAST_EXCEPTION_KEY
public static final java.lang.String ACEGI_SECURITY_LAST_EXCEPTION_KEY
- See Also:
- Constant Field Values
logger
protected static final org.apache.commons.logging.Log logger
authenticationManager
private net.sf.acegisecurity.AuthenticationManager authenticationManager
exceptionMappings
private java.util.Properties exceptionMappings
rememberMeServices
private net.sf.acegisecurity.ui.rememberme.RememberMeServices rememberMeServices
authenticationFailureUrl
private java.lang.String authenticationFailureUrl
- Where to redirect the browser to if authentication fails
defaultTargetUrl
private java.lang.String defaultTargetUrl
- Where to redirect the browser to if authentication is successful but
ACEGI_SECURITY_TARGET_URL_KEY is
null
filterProcessesUrl
private java.lang.String filterProcessesUrl
- The URL destination that this filter intercepts and processes (usually
something like
/j_acegi_security_check)
alwaysUseDefaultTargetUrl
private boolean alwaysUseDefaultTargetUrl
- If
true, will always redirect todefaultTargetUrl55 upon successful authentication, irrespective of the page that caused the authentication request (defaults tofalse).
continueChainBeforeSuccessfulAuthentication
private boolean continueChainBeforeSuccessfulAuthentication
- Indicates if the filter chain should be continued prior to delegation to
successfulAuthentication(HttpServletRequest, HttpServletResponse, Authentication)55 , which may be useful in certain environment (eg Tapestry). Defaults tofalse.
| Constructor Detail |
AbstractProcessingFilter
public AbstractProcessingFilter()
| Method Detail |
setAlwaysUseDefaultTargetUrl
public void setAlwaysUseDefaultTargetUrl(boolean alwaysUseDefaultTargetUrl)
isAlwaysUseDefaultTargetUrl
public boolean isAlwaysUseDefaultTargetUrl()
setContinueChainBeforeSuccessfulAuthentication
public void setContinueChainBeforeSuccessfulAuthentication(boolean continueChainBeforeSuccessfulAuthentication)
isContinueChainBeforeSuccessfulAuthentication
public boolean isContinueChainBeforeSuccessfulAuthentication()
getDefaultFilterProcessesUrl
public abstract java.lang.String getDefaultFilterProcessesUrl()
- Specifies the default
filterProcessesUrlfor the implementation.
setExceptionMappings
public void setExceptionMappings(java.util.Properties exceptionMappings)
getExceptionMappings
public java.util.Properties getExceptionMappings()
setRememberMeServices
public void setRememberMeServices(net.sf.acegisecurity.ui.rememberme.RememberMeServices rememberMeServices)
getRememberMeServices
public net.sf.acegisecurity.ui.rememberme.RememberMeServices getRememberMeServices()
attemptAuthentication
public abstract net.sf.acegisecurity.Authentication attemptAuthentication(javax.servlet.http.HttpServletRequest request) throws net.sf.acegisecurity.AuthenticationException
- Performs actual authentication.
setAuthenticationFailureUrl
public void setAuthenticationFailureUrl(java.lang.String authenticationFailureUrl)
getAuthenticationFailureUrl
public java.lang.String getAuthenticationFailureUrl()
setAuthenticationManager
public void setAuthenticationManager(net.sf.acegisecurity.AuthenticationManager authenticationManager)
getAuthenticationManager
public net.sf.acegisecurity.AuthenticationManager getAuthenticationManager()
setDefaultTargetUrl
public void setDefaultTargetUrl(java.lang.String defaultTargetUrl)
getDefaultTargetUrl
public java.lang.String getDefaultTargetUrl()
setFilterProcessesUrl
public void setFilterProcessesUrl(java.lang.String filterProcessesUrl)
getFilterProcessesUrl
public java.lang.String getFilterProcessesUrl()
afterPropertiesSet
public void afterPropertiesSet()
throws java.lang.Exception
- Description copied from interface:
org.springframework.beans.factory.InitializingBean - Invoked by a BeanFactory after it has set all bean properties supplied
(and satisfied BeanFactoryAware and ApplicationContextAware).
This method allows the bean instance to perform initialization only possible when all bean properties have been set and to throw an exception in the event of misconfiguration.
- Specified by:
afterPropertiesSetin interfaceorg.springframework.beans.factory.InitializingBean
destroy
public void destroy()
- Does nothing. We use IoC container lifecycle services instead.
- Specified by:
destroyin interfacejavax.servlet.Filter
doFilter
public void doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain) throws java.io.IOException, javax.servlet.ServletException
- Description copied from interface:
javax.servlet.Filter - The
doFiltermethod of the Filter is called by the container each time a request/response pair is passed through the chain due to a client request for a resource at the end of the chain. The FilterChain passed in to this method allows the Filter to pass on the request and response to the next entity in the chain.A typical implementation of this method would follow the following pattern:-
1. Examine the request
2. Optionally wrap the request object with a custom implementation to filter content or headers for input filtering
3. Optionally wrap the response object with a custom implementation to filter content or headers for output filtering
4. a) Either invoke the next entity in the chain using the FilterChain object (chain.doFilter()),
4. b) or not pass on the request/response pair to the next entity in the filter chain to block the request processing
5. Directly set headers on the response after invocation of the next entity in the filter chain.- Specified by:
doFilterin interfacejavax.servlet.Filter
init
public void init(javax.servlet.FilterConfig arg0) throws javax.servlet.ServletException
- Does nothing. We use IoC container lifecycle services instead.
- Specified by:
initin interfacejavax.servlet.Filter
onPreAuthentication
protected void onPreAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws java.io.IOException
onSuccessfulAuthentication
protected void onSuccessfulAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, net.sf.acegisecurity.Authentication authResult) throws java.io.IOException
onUnsuccessfulAuthentication
protected void onUnsuccessfulAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws java.io.IOException
requiresAuthentication
protected boolean requiresAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
Indicates whether this filter should attempt to process a login request for the current invocation.
It strips any parameters from the "path" section of the request URL (such as the jsessionid parameter in http://host/myapp/index.html;jsessionid=blah) before matching against the
filterProcessesUrlproperty.Subclasses may override for special requirements, such as Tapestry integration.
successfulAuthentication
protected void successfulAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, net.sf.acegisecurity.Authentication authResult) throws java.io.IOException
unsuccessfulAuthentication
protected void unsuccessfulAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, net.sf.acegisecurity.AuthenticationException failed) throws java.io.IOException
|
|||||||||
| Home >> All >> net >> sf >> acegisecurity >> [ ui overview ] | PREV CLASS NEXT CLASS | ||||||||
|
SUMMARY: JAVADOC | SOURCE | DOWNLOAD | NESTED | FIELD | CONSTR | METHOD |
DETAIL: FIELD | CONSTR | METHOD | ||||||||