|
|||||||||
| Home >> All >> org >> acegisecurity >> [ ui overview ] | PREV CLASS NEXT CLASS | ||||||||
SUMMARY:  JAVADOC |  SOURCE |  DOWNLOAD | NESTED | FIELD | CONSTR | METHOD |
DETAIL: FIELD | CONSTR | METHOD | ||||||||
org.acegisecurity.ui
Class AbstractProcessingFilter
java.lang.Objectorg.acegisecurity.ui.AbstractProcessingFilter
- All Implemented Interfaces:
- org.springframework.context.ApplicationEventPublisherAware, javax.servlet.Filter, org.springframework.beans.factory.InitializingBean, org.springframework.context.MessageSourceAware
- public abstract class AbstractProcessingFilter
- extends java.lang.Object
- implements javax.servlet.Filter, org.springframework.beans.factory.InitializingBean, org.springframework.context.ApplicationEventPublisherAware, org.springframework.context.MessageSourceAware
- extends java.lang.Object
Abstract processor of browser-based HTTP-based authentication requests.
This filter is responsible for processing authentication requests. If
authentication is successful, the resulting org.acegisecurity.Authentication object
will be placed into the SecurityContext, which is guaranteed
to have already been created by an earlier filter.
If authentication fails, the AuthenticationException will be
placed into the HttpSession with the attribute defined by
ACEGI_SECURITY_LAST_EXCEPTION_KEY 55 .
To use this filter, it is necessary to specify the following properties:
-
defaultTargetUrlindicates the URL that should be used for redirection if theHttpSessionattribute namedACEGI_SECURITY_TARGET_URL_KEY55 does not indicate the target URL once authentication is completed successfully. eg:/. This will be treated as relative to the web-app's context path, and should include the leading/. -
authenticationFailureUrlindicates the URL that should be used for redirection if the authentication request fails. eg:/login.jsp?login_error=1. -
filterProcessesUrlindicates the URL that this filter will respond to. This parameter varies by subclass. -
alwaysUseDefaultTargetUrlcauses successful authentication to always redirect to thedefaultTargetUrl, even if theHttpSessionattribute namedACEGI_SECURITY_TARGET_URL_KEY55 defines the intended target URL.
To configure this filter to redirect to specific pages as the result of
specific org.acegisecurity.AuthenticationExceptions you can do the following.
Configure the exceptionMappings property in your application
xml. This property is a java.util.Properties object that maps a
fully-qualified exception class name to a redirection url target.
For example:
<property name="exceptionMappings">
<props>
<prop> key="org.acegisecurity.BadCredentialsException">/bad_credentials.jsp</prop>
</props>
</property>
The example above would redirect all org.acegisecurity.BadCredentialsExceptions thrown, to a page in the
web-application called /bad_credentials.jsp.
Any org.acegisecurity.AuthenticationException thrown that cannot be matched in the
exceptionMappings will be redirected to the
authenticationFailureUrl
If authentication is successful, an org.acegisecurity.event.authentication.InteractiveAuthenticationSuccessEvent
will be published to the application context. No events will be published
if authentication was unsuccessful, because this would generally be
recorded via an AuthenticationManager-specific application
event.
| Field Summary | |
static java.lang.String |
ACEGI_SECURITY_LAST_EXCEPTION_KEY
|
static java.lang.String |
ACEGI_SECURITY_TARGET_URL_KEY
|
private boolean |
alwaysUseDefaultTargetUrl
If true, will always redirect to defaultTargetUrl 55
upon successful authentication, irrespective of the page that caused
the authentication request (defaults to false). |
private java.lang.String |
authenticationFailureUrl
Where to redirect the browser to if authentication fails |
private org.acegisecurity.AuthenticationManager |
authenticationManager
|
private boolean |
continueChainBeforeSuccessfulAuthentication
Indicates if the filter chain should be continued prior to delegation to successfulAuthentication(HttpServletRequest,
HttpServletResponse, Authentication) 55 , which may be useful in certain
environment (eg Tapestry). |
private java.lang.String |
defaultTargetUrl
Where to redirect the browser to if authentication is successful but ACEGI_SECURITY_TARGET_URL_KEY is null |
private org.springframework.context.ApplicationEventPublisher |
eventPublisher
|
private java.util.Properties |
exceptionMappings
|
private java.lang.String |
filterProcessesUrl
The URL destination that this filter intercepts and processes (usually something like /j_acegi_security_check) |
protected static org.apache.commons.logging.Log |
logger
|
protected org.springframework.context.support.MessageSourceAccessor |
messages
|
private org.acegisecurity.ui.rememberme.RememberMeServices |
rememberMeServices
|
| Constructor Summary | |
AbstractProcessingFilter()
|
|
| Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
| Field Detail |
ACEGI_SECURITY_TARGET_URL_KEY
public static final java.lang.String ACEGI_SECURITY_TARGET_URL_KEY
- See Also:
- Constant Field Values
ACEGI_SECURITY_LAST_EXCEPTION_KEY
public static final java.lang.String ACEGI_SECURITY_LAST_EXCEPTION_KEY
- See Also:
- Constant Field Values
logger
protected static final org.apache.commons.logging.Log logger
eventPublisher
private org.springframework.context.ApplicationEventPublisher eventPublisher
authenticationManager
private org.acegisecurity.AuthenticationManager authenticationManager
messages
protected org.springframework.context.support.MessageSourceAccessor messages
exceptionMappings
private java.util.Properties exceptionMappings
rememberMeServices
private org.acegisecurity.ui.rememberme.RememberMeServices rememberMeServices
authenticationFailureUrl
private java.lang.String authenticationFailureUrl
- Where to redirect the browser to if authentication fails
defaultTargetUrl
private java.lang.String defaultTargetUrl
- Where to redirect the browser to if authentication is successful but
ACEGI_SECURITY_TARGET_URL_KEY is
null
filterProcessesUrl
private java.lang.String filterProcessesUrl
- The URL destination that this filter intercepts and processes (usually
something like
/j_acegi_security_check)
alwaysUseDefaultTargetUrl
private boolean alwaysUseDefaultTargetUrl
- If
true, will always redirect todefaultTargetUrl55 upon successful authentication, irrespective of the page that caused the authentication request (defaults tofalse).
continueChainBeforeSuccessfulAuthentication
private boolean continueChainBeforeSuccessfulAuthentication
- Indicates if the filter chain should be continued prior to delegation to
successfulAuthentication(HttpServletRequest, HttpServletResponse, Authentication)55 , which may be useful in certain environment (eg Tapestry). Defaults tofalse.
| Constructor Detail |
AbstractProcessingFilter
public AbstractProcessingFilter()
| Method Detail |
afterPropertiesSet
public void afterPropertiesSet()
throws java.lang.Exception
- Description copied from interface:
org.springframework.beans.factory.InitializingBean - Invoked by a BeanFactory after it has set all bean properties supplied
(and satisfied BeanFactoryAware and ApplicationContextAware).
This method allows the bean instance to perform initialization only possible when all bean properties have been set and to throw an exception in the event of misconfiguration.
- Specified by:
afterPropertiesSetin interfaceorg.springframework.beans.factory.InitializingBean
attemptAuthentication
public abstract org.acegisecurity.Authentication attemptAuthentication(javax.servlet.http.HttpServletRequest request) throws org.acegisecurity.AuthenticationException
- Performs actual authentication.
destroy
public void destroy()
- Does nothing. We use IoC container lifecycle services instead.
- Specified by:
destroyin interfacejavax.servlet.Filter
doFilter
public void doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain) throws java.io.IOException, javax.servlet.ServletException
- Description copied from interface:
javax.servlet.Filter - The
doFiltermethod of the Filter is called by the container each time a request/response pair is passed through the chain due to a client request for a resource at the end of the chain. The FilterChain passed in to this method allows the Filter to pass on the request and response to the next entity in the chain.A typical implementation of this method would follow the following pattern:-
1. Examine the request
2. Optionally wrap the request object with a custom implementation to filter content or headers for input filtering
3. Optionally wrap the response object with a custom implementation to filter content or headers for output filtering
4. a) Either invoke the next entity in the chain using the FilterChain object (chain.doFilter()),
4. b) or not pass on the request/response pair to the next entity in the filter chain to block the request processing
5. Directly set headers on the response after invocation of the next entity in the filter chain.- Specified by:
doFilterin interfacejavax.servlet.Filter
getAuthenticationFailureUrl
public java.lang.String getAuthenticationFailureUrl()
getAuthenticationManager
public org.acegisecurity.AuthenticationManager getAuthenticationManager()
getDefaultFilterProcessesUrl
public abstract java.lang.String getDefaultFilterProcessesUrl()
- Specifies the default
filterProcessesUrlfor the implementation.
getDefaultTargetUrl
public java.lang.String getDefaultTargetUrl()
getExceptionMappings
public java.util.Properties getExceptionMappings()
getFilterProcessesUrl
public java.lang.String getFilterProcessesUrl()
getRememberMeServices
public org.acegisecurity.ui.rememberme.RememberMeServices getRememberMeServices()
init
public void init(javax.servlet.FilterConfig arg0) throws javax.servlet.ServletException
- Does nothing. We use IoC container lifecycle services instead.
- Specified by:
initin interfacejavax.servlet.Filter
isAlwaysUseDefaultTargetUrl
public boolean isAlwaysUseDefaultTargetUrl()
isContinueChainBeforeSuccessfulAuthentication
public boolean isContinueChainBeforeSuccessfulAuthentication()
onPreAuthentication
protected void onPreAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws java.io.IOException
onSuccessfulAuthentication
protected void onSuccessfulAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, org.acegisecurity.Authentication authResult) throws java.io.IOException
onUnsuccessfulAuthentication
protected void onUnsuccessfulAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws java.io.IOException
requiresAuthentication
protected boolean requiresAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
Indicates whether this filter should attempt to process a login request for the current invocation.
It strips any parameters from the "path" section of the request URL (such as the jsessionid parameter in http://host/myapp/index.html;jsessionid=blah) before matching against the
filterProcessesUrlproperty.Subclasses may override for special requirements, such as Tapestry integration.
setAlwaysUseDefaultTargetUrl
public void setAlwaysUseDefaultTargetUrl(boolean alwaysUseDefaultTargetUrl)
setApplicationEventPublisher
public void setApplicationEventPublisher(org.springframework.context.ApplicationEventPublisher eventPublisher)
- Description copied from interface:
org.springframework.context.ApplicationEventPublisherAware - Set the ApplicationEventPublisher that this object runs in.
Invoked after population of normal bean properties but before an init callback like InitializingBean's afterPropertiesSet or a custom init-method. Invoked before ApplicationContextAware's setApplicationContext.
- Specified by:
setApplicationEventPublisherin interfaceorg.springframework.context.ApplicationEventPublisherAware
setAuthenticationFailureUrl
public void setAuthenticationFailureUrl(java.lang.String authenticationFailureUrl)
setAuthenticationManager
public void setAuthenticationManager(org.acegisecurity.AuthenticationManager authenticationManager)
setContinueChainBeforeSuccessfulAuthentication
public void setContinueChainBeforeSuccessfulAuthentication(boolean continueChainBeforeSuccessfulAuthentication)
setDefaultTargetUrl
public void setDefaultTargetUrl(java.lang.String defaultTargetUrl)
setExceptionMappings
public void setExceptionMappings(java.util.Properties exceptionMappings)
setFilterProcessesUrl
public void setFilterProcessesUrl(java.lang.String filterProcessesUrl)
setMessageSource
public void setMessageSource(org.springframework.context.MessageSource messageSource)
- Description copied from interface:
org.springframework.context.MessageSourceAware - Set the MessageSource that this object runs in.
Invoked after population of normal bean properties but before an init callback like InitializingBean's afterPropertiesSet or a custom init-method. Invoked before ApplicationContextAware's setApplicationContext.
- Specified by:
setMessageSourcein interfaceorg.springframework.context.MessageSourceAware
setRememberMeServices
public void setRememberMeServices(org.acegisecurity.ui.rememberme.RememberMeServices rememberMeServices)
successfulAuthentication
protected void successfulAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, org.acegisecurity.Authentication authResult) throws java.io.IOException
unsuccessfulAuthentication
protected void unsuccessfulAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, org.acegisecurity.AuthenticationException failed) throws java.io.IOException
|
|||||||||
| Home >> All >> org >> acegisecurity >> [ ui overview ] | PREV CLASS NEXT CLASS | ||||||||
|
SUMMARY: JAVADOC | SOURCE | DOWNLOAD | NESTED | FIELD | CONSTR | METHOD |
DETAIL: FIELD | CONSTR | METHOD | ||||||||