Docjar: A Java Source and Docuemnt Enginecom.*    java.*    javax.*    org.*    all    new    plug-in

Quick Search    Search Deep
Overview  Package   Class  Use  Deprecated  Index 
Home >> All >> org >> acegisecurity >> ui >> [ digestauth overview ]  PREV CLASS  NEXT CLASS
SUMMARY: JavaDoc of org.acegisecurity.ui.digestauth.DigestProcessingFilter JAVADOC | Sourc code of org.acegisecurity.ui.digestauth.DigestProcessingFilter SOURCE | Download org.acegisecurity.ui.digestauth.DigestProcessingFilter DOWNLOAD | NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.acegisecurity.ui.digestauth
Class DigestProcessingFilter  view DigestProcessingFilter download DigestProcessingFilter.java

java.lang.Object
  extended byorg.acegisecurity.ui.digestauth.DigestProcessingFilter
All Implemented Interfaces:
javax.servlet.Filter, org.springframework.beans.factory.InitializingBean, org.springframework.context.MessageSourceAware
public class DigestProcessingFilter
extends java.lang.Object
implements javax.servlet.Filter, org.springframework.beans.factory.InitializingBean, org.springframework.context.MessageSourceAware

Processes a HTTP request's Digest authorization headers, putting the result into the SecurityContextHolder.

For a detailed background on what this filter is designed to process, refer to RFC 2617 (which superseded RFC 2069, although this filter support clients that implement either RFC 2617 or RFC 2069).

This filter can be used to provide Digest authentication services to both remoting protocol clients (such as Hessian and SOAP) as well as standard user agents (such as Internet Explorer and FireFox).

This Digest implementation has been designed to avoid needing to store session state between invocations. All session management information is stored in the "nonce" that is sent to the client by the DigestProcessingFilterEntryPoint.

If authentication is successful, the resulting Authentication object will be placed into the SecurityContextHolder.

If authentication fails, an AuthenticationEntryPoint implementation is called. This must always be DigestProcessingFilterEntryPoint, which will prompt the user to authenticate again via Digest authentication.

Note there are limitations to Digest authentication, although it is a more comprehensive and secure solution than Basic authentication. Please see RFC 2617 section 4 for a full discussion on the advantages of Digest authentication over Basic authentication, including commentary on the limitations that it still imposes.

Do not use this class directly. Instead configure web.xml to use the org.acegisecurity.util.FilterToBeanProxy.

Field Summary
private  DigestProcessingFilterEntryPoint authenticationEntryPoint
           
private static org.apache.commons.logging.Log logger
           
protected  org.springframework.context.support.MessageSourceAccessor messages
           
private  boolean passwordAlreadyEncoded
           
private  org.acegisecurity.providers.dao.UserCache userCache
           
private  org.acegisecurity.userdetails.UserDetailsService userDetailsService
           
 
Constructor Summary
DigestProcessingFilter()
           
 
Method Summary
 void afterPropertiesSet()
          Invoked by a BeanFactory after it has set all bean properties supplied (and satisfied BeanFactoryAware and ApplicationContextAware).
 void destroy()
          Called by the web container to indicate to a filter that it is being taken out of service.
 void doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain)
          The doFilter method of the Filter is called by the container each time a request/response pair is passed through the chain due to a client request for a resource at the end of the chain.
static java.lang.String encodePasswordInA1Format(java.lang.String username, java.lang.String realm, java.lang.String password)
           
private  void fail(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, org.acegisecurity.AuthenticationException failed)
           
static java.lang.String generateDigest(boolean passwordAlreadyEncoded, java.lang.String username, java.lang.String realm, java.lang.String password, java.lang.String httpMethod, java.lang.String uri, java.lang.String qop, java.lang.String nonce, java.lang.String nc, java.lang.String cnonce)
          Computes the response portion of a Digest authentication header.
 DigestProcessingFilterEntryPoint getAuthenticationEntryPoint()
           
 org.acegisecurity.providers.dao.UserCache getUserCache()
           
 org.acegisecurity.userdetails.UserDetailsService getUserDetailsService()
           
 void init(javax.servlet.FilterConfig ignored)
          Called by the web container to indicate to a filter that it is being placed into service.
 void setAuthenticationEntryPoint(DigestProcessingFilterEntryPoint authenticationEntryPoint)
           
 void setMessageSource(org.springframework.context.MessageSource messageSource)
          Set the MessageSource that this object runs in.
 void setPasswordAlreadyEncoded(boolean passwordAlreadyEncoded)
           
 void setUserCache(org.acegisecurity.providers.dao.UserCache userCache)
           
 void setUserDetailsService(org.acegisecurity.userdetails.UserDetailsService authenticationDao)
           
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

logger

private static final org.apache.commons.logging.Log logger

userDetailsService

private org.acegisecurity.userdetails.UserDetailsService userDetailsService

authenticationEntryPoint

private DigestProcessingFilterEntryPoint authenticationEntryPoint

messages

protected org.springframework.context.support.MessageSourceAccessor messages

userCache

private org.acegisecurity.providers.dao.UserCache userCache

passwordAlreadyEncoded

private boolean passwordAlreadyEncoded
Constructor Detail

DigestProcessingFilter

public DigestProcessingFilter()
Method Detail

afterPropertiesSet

public void afterPropertiesSet()
                        throws java.lang.Exception
Description copied from interface: org.springframework.beans.factory.InitializingBean
Invoked by a BeanFactory after it has set all bean properties supplied (and satisfied BeanFactoryAware and ApplicationContextAware).

This method allows the bean instance to perform initialization only possible when all bean properties have been set and to throw an exception in the event of misconfiguration.

Specified by:
afterPropertiesSet in interface org.springframework.beans.factory.InitializingBean

destroy

public void destroy()
Description copied from interface: javax.servlet.Filter
Called by the web container to indicate to a filter that it is being taken out of service. This method is only called once all threads within the filter's doFilter method have exited or after a timeout period has passed. After the web container calls this method, it will not call the doFilter method again on this instance of the filter.

This method gives the filter an opportunity to clean up any resources that are being held (for example, memory, file handles, threads) and make sure that any persistent state is synchronized with the filter's current state in memory.

Specified by:
destroy in interface javax.servlet.Filter

doFilter

public void doFilter(javax.servlet.ServletRequest request,
                     javax.servlet.ServletResponse response,
                     javax.servlet.FilterChain chain)
              throws java.io.IOException,
                     javax.servlet.ServletException
Description copied from interface: javax.servlet.Filter
The doFilter method of the Filter is called by the container each time a request/response pair is passed through the chain due to a client request for a resource at the end of the chain. The FilterChain passed in to this method allows the Filter to pass on the request and response to the next entity in the chain.

A typical implementation of this method would follow the following pattern:-
1. Examine the request
2. Optionally wrap the request object with a custom implementation to filter content or headers for input filtering
3. Optionally wrap the response object with a custom implementation to filter content or headers for output filtering
4. a) Either invoke the next entity in the chain using the FilterChain object (chain.doFilter()),
4. b) or not pass on the request/response pair to the next entity in the filter chain to block the request processing
5. Directly set headers on the response after invocation of the next entity in the filter chain.

Specified by:
doFilter in interface javax.servlet.Filter

encodePasswordInA1Format

public static java.lang.String encodePasswordInA1Format(java.lang.String username,
                                                        java.lang.String realm,
                                                        java.lang.String password)

fail

private void fail(javax.servlet.ServletRequest request,
                  javax.servlet.ServletResponse response,
                  org.acegisecurity.AuthenticationException failed)
           throws java.io.IOException,
                  javax.servlet.ServletException

generateDigest

public static java.lang.String generateDigest(boolean passwordAlreadyEncoded,
                                              java.lang.String username,
                                              java.lang.String realm,
                                              java.lang.String password,
                                              java.lang.String httpMethod,
                                              java.lang.String uri,
                                              java.lang.String qop,
                                              java.lang.String nonce,
                                              java.lang.String nc,
                                              java.lang.String cnonce)
                                       throws java.lang.IllegalArgumentException
Computes the response portion of a Digest authentication header. Both the server and user agent should compute the response independently. Provided as a static method to simplify the coding of user agents.

getUserDetailsService

public org.acegisecurity.userdetails.UserDetailsService getUserDetailsService()

getAuthenticationEntryPoint

public DigestProcessingFilterEntryPoint getAuthenticationEntryPoint()

getUserCache

public org.acegisecurity.providers.dao.UserCache getUserCache()

init

public void init(javax.servlet.FilterConfig ignored)
          throws javax.servlet.ServletException
Description copied from interface: javax.servlet.Filter
Called by the web container to indicate to a filter that it is being placed into service. The servlet container calls the init method exactly once after instantiating the filter. The init method must complete successfully before the filter is asked to do any filtering work.

The web container cannot place the filter into service if the init method either
1.Throws a ServletException
2.Does not return within a time period defined by the web container

Specified by:
init in interface javax.servlet.Filter

setUserDetailsService

public void setUserDetailsService(org.acegisecurity.userdetails.UserDetailsService authenticationDao)

setAuthenticationEntryPoint

public void setAuthenticationEntryPoint(DigestProcessingFilterEntryPoint authenticationEntryPoint)

setMessageSource

public void setMessageSource(org.springframework.context.MessageSource messageSource)
Description copied from interface: org.springframework.context.MessageSourceAware
Set the MessageSource that this object runs in.

Invoked after population of normal bean properties but before an init callback like InitializingBean's afterPropertiesSet or a custom init-method. Invoked before ApplicationContextAware's setApplicationContext.

Specified by:
setMessageSource in interface org.springframework.context.MessageSourceAware

setPasswordAlreadyEncoded

public void setPasswordAlreadyEncoded(boolean passwordAlreadyEncoded)

setUserCache

public void setUserCache(org.acegisecurity.providers.dao.UserCache userCache)
Overview  Package   Class  Use  Deprecated  Index 
Home >> All >> org >> acegisecurity >> ui >> [ digestauth overview ]  PREV CLASS  NEXT CLASS
SUMMARY: JavaDoc of org.acegisecurity.ui.digestauth.DigestProcessingFilter JAVADOC | Sourc code of org.acegisecurity.ui.digestauth.DigestProcessingFilter SOURCE | Download org.acegisecurity.ui.digestauth.DigestProcessingFilter DOWNLOAD | NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD