|
|||||||||
| Home >> All >> net >> sf >> acegisecurity >> ui >> [ basicauth overview ] | PREV CLASS NEXT CLASS | ||||||||
SUMMARY:  JAVADOC |  SOURCE |  DOWNLOAD | NESTED | FIELD | CONSTR | METHOD |
DETAIL: FIELD | CONSTR | METHOD | ||||||||
net.sf.acegisecurity.ui.basicauth
Class BasicProcessingFilter
java.lang.Objectnet.sf.acegisecurity.ui.basicauth.BasicProcessingFilter
- All Implemented Interfaces:
- javax.servlet.Filter, org.springframework.beans.factory.InitializingBean
- public class BasicProcessingFilter
- extends java.lang.Object
- implements javax.servlet.Filter, org.springframework.beans.factory.InitializingBean
- extends java.lang.Object
Processes a HTTP request's BASIC authorization headers, putting the result
into the ContextHolder.
For a detailed background on what this filter is designed to process, refer to RFC 1945, Section 11.1. Any realm name presented in the HTTP request is ignored.
In summary, this filter is responsible for processing any request that has a
HTTP request header of Authorization with an authentication
scheme of Basic and a Base64-encoded
username:password token. For example, to authenticate user
"Aladdin" with password "open sesame" the following header would be
presented:
Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==.
This filter can be used to provide BASIC authentication services to both remoting protocol clients (such as Hessian and SOAP) as well as standard user agents (such as Internet Explorer and Netscape).
If authentication is successful, the resulting net.sf.acegisecurity.Authentication object
will be placed into the ContextHolder.
If authentication fails, an net.sf.acegisecurity.intercept.web.AuthenticationEntryPoint implementation is called. Usually this should be BasicProcessingFilterEntryPoint, which will prompt the user to authenticate again via BASIC authentication.
Basic authentication is an attractive protocol because it is simple and
widely deployed. However, it still transmits a password in clear text and
as such is undesirable in many situations. Digest authentication is also
provided by Acegi Security and should be used instead of Basic
authentication wherever possible. See net.sf.acegisecurity.ui.digestauth.DigestProcessingFilter.
Do not use this class directly. Instead configure
web.xml to use the net.sf.acegisecurity.util.FilterToBeanProxy.
- Version:
- $Id: BasicProcessingFilter.java,v 1.9 2005/04/15 01:21:40 luke_t Exp $
| Field Summary | |
private net.sf.acegisecurity.intercept.web.AuthenticationEntryPoint |
authenticationEntryPoint
|
private net.sf.acegisecurity.AuthenticationManager |
authenticationManager
|
private static org.apache.commons.logging.Log |
logger
|
| Constructor Summary | |
BasicProcessingFilter()
|
|
| Method Summary | |
void |
afterPropertiesSet()
Invoked by a BeanFactory after it has set all bean properties supplied (and satisfied BeanFactoryAware and ApplicationContextAware). |
void |
destroy()
Called by the web container to indicate to a filter that it is being taken out of service. |
void |
doFilter(javax.servlet.ServletRequest request,
javax.servlet.ServletResponse response,
javax.servlet.FilterChain chain)
The doFilter method of the Filter is called by the container
each time a request/response pair is passed through the chain due
to a client request for a resource at the end of the chain. |
net.sf.acegisecurity.intercept.web.AuthenticationEntryPoint |
getAuthenticationEntryPoint()
|
net.sf.acegisecurity.AuthenticationManager |
getAuthenticationManager()
|
void |
init(javax.servlet.FilterConfig arg0)
Called by the web container to indicate to a filter that it is being placed into service. |
void |
setAuthenticationEntryPoint(net.sf.acegisecurity.intercept.web.AuthenticationEntryPoint authenticationEntryPoint)
|
void |
setAuthenticationManager(net.sf.acegisecurity.AuthenticationManager authenticationManager)
|
| Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
| Field Detail |
logger
private static final org.apache.commons.logging.Log logger
authenticationEntryPoint
private net.sf.acegisecurity.intercept.web.AuthenticationEntryPoint authenticationEntryPoint
authenticationManager
private net.sf.acegisecurity.AuthenticationManager authenticationManager
| Constructor Detail |
BasicProcessingFilter
public BasicProcessingFilter()
| Method Detail |
setAuthenticationEntryPoint
public void setAuthenticationEntryPoint(net.sf.acegisecurity.intercept.web.AuthenticationEntryPoint authenticationEntryPoint)
getAuthenticationEntryPoint
public net.sf.acegisecurity.intercept.web.AuthenticationEntryPoint getAuthenticationEntryPoint()
setAuthenticationManager
public void setAuthenticationManager(net.sf.acegisecurity.AuthenticationManager authenticationManager)
getAuthenticationManager
public net.sf.acegisecurity.AuthenticationManager getAuthenticationManager()
afterPropertiesSet
public void afterPropertiesSet()
throws java.lang.Exception
- Description copied from interface:
org.springframework.beans.factory.InitializingBean - Invoked by a BeanFactory after it has set all bean properties supplied
(and satisfied BeanFactoryAware and ApplicationContextAware).
This method allows the bean instance to perform initialization only possible when all bean properties have been set and to throw an exception in the event of misconfiguration.
- Specified by:
afterPropertiesSetin interfaceorg.springframework.beans.factory.InitializingBean
destroy
public void destroy()
- Description copied from interface:
javax.servlet.Filter - Called by the web container to indicate to a filter that it is being taken out of service. This
method is only called once all threads within the filter's doFilter method have exited or after
a timeout period has passed. After the web container calls this method, it will not call the
doFilter method again on this instance of the filter.
This method gives the filter an opportunity to clean up any resources that are being held (for example, memory, file handles, threads) and make sure that any persistent state is synchronized with the filter's current state in memory.- Specified by:
destroyin interfacejavax.servlet.Filter
doFilter
public void doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain) throws java.io.IOException, javax.servlet.ServletException
- Description copied from interface:
javax.servlet.Filter - The
doFiltermethod of the Filter is called by the container each time a request/response pair is passed through the chain due to a client request for a resource at the end of the chain. The FilterChain passed in to this method allows the Filter to pass on the request and response to the next entity in the chain.A typical implementation of this method would follow the following pattern:-
1. Examine the request
2. Optionally wrap the request object with a custom implementation to filter content or headers for input filtering
3. Optionally wrap the response object with a custom implementation to filter content or headers for output filtering
4. a) Either invoke the next entity in the chain using the FilterChain object (chain.doFilter()),
4. b) or not pass on the request/response pair to the next entity in the filter chain to block the request processing
5. Directly set headers on the response after invocation of the next entity in the filter chain.- Specified by:
doFilterin interfacejavax.servlet.Filter
init
public void init(javax.servlet.FilterConfig arg0) throws javax.servlet.ServletException
- Description copied from interface:
javax.servlet.Filter - Called by the web container to indicate to a filter that it is being placed into
service. The servlet container calls the init method exactly once after instantiating the
filter. The init method must complete successfully before the filter is asked to do any
filtering work.
The web container cannot place the filter into service if the init method either
1.Throws a ServletException
2.Does not return within a time period defined by the web container- Specified by:
initin interfacejavax.servlet.Filter
|
|||||||||
| Home >> All >> net >> sf >> acegisecurity >> ui >> [ basicauth overview ] | PREV CLASS NEXT CLASS | ||||||||
|
SUMMARY: JAVADOC | SOURCE | DOWNLOAD | NESTED | FIELD | CONSTR | METHOD |
DETAIL: FIELD | CONSTR | METHOD | ||||||||