AbstractProcessingFilter (Acegi Security System for Spring 1.0.3 API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.acegisecurity.ui
Class AbstractProcessingFilter

java.lang.Object
  org.acegisecurity.ui.AbstractProcessingFilter

All Implemented Interfaces:: Filter, InitializingBean, ApplicationEventPublisherAware, MessageSourceAware

Direct Known Subclasses:: AuthenticationProcessingFilter, CasProcessingFilter

public abstract class AbstractProcessingFilter
extends Object
implements Filter, InitializingBean, ApplicationEventPublisherAware, MessageSourceAware
extends Object
implements Filter, InitializingBean, ApplicationEventPublisherAware, MessageSourceAware

Abstract processor of browser-based HTTP-based authentication requests.

This filter is responsible for processing authentication requests. If authentication is successful, the resulting Authentication object will be placed into the SecurityContext, which is guaranteed to have already been created by an earlier filter.

If authentication fails, the AuthenticationException will be placed into the HttpSession with the attribute defined by ACEGI_SECURITY_LAST_EXCEPTION_KEY.

To use this filter, it is necessary to specify the following properties:

defaultTargetUrl indicates the URL that should be used for redirection if the HttpSession attribute named ACEGI_SAVED_REQUEST_KEY does not indicate the target URL once authentication is completed successfully. eg: /. The defaultTargetUrl will be treated as relative to the web-app's context path, and should include the leading /. Alternatively, inclusion of a scheme name (eg http:// or https://) as the prefix will denote a fully-qualified URL and this is also supported.
authenticationFailureUrl indicates the URL that should be used for redirection if the authentication request fails. eg: /login.jsp?login_error=1.
filterProcessesUrl indicates the URL that this filter will respond to. This parameter varies by subclass.
alwaysUseDefaultTargetUrl causes successful authentication to always redirect to the defaultTargetUrl, even if the HttpSession attribute named ACEGI_SAVED_REQUEST_KEY defines the intended target URL.

To configure this filter to redirect to specific pages as the result of specific AuthenticationExceptions you can do the following. Configure the exceptionMappings property in your application xml. This property is a java.util.Properties object that maps a fully-qualified exception class name to a redirection url target. For example:

  <property name="exceptionMappings">
    <props>
      <prop> key="org.acegisecurity.BadCredentialsException">/bad_credentials.jsp</prop>
    </props>
  </property>

The example above would redirect all BadCredentialsExceptions thrown, to a page in the web-application called /bad_credentials.jsp.

Any AuthenticationException thrown that cannot be matched in the exceptionMappings will be redirected to the authenticationFailureUrl

If authentication is successful, an InteractiveAuthenticationSuccessEvent will be published to the application context. No events will be published if authentication was unsuccessful, because this would generally be recorded via an AuthenticationManager-specific application event.

Version:: $Id: AbstractProcessingFilter.java 1743 2006-11-14 03:30:04Z benalex $
Author:: Ben Alex

Field Summary
`static String`	`ACEGI_SAVED_REQUEST_KEY`
`static String`	`ACEGI_SECURITY_LAST_EXCEPTION_KEY`
`protected AuthenticationDetailsSource`	`authenticationDetailsSource`
`protected ApplicationEventPublisher`	`eventPublisher`
`protected Log`	`logger`
`protected MessageSourceAccessor`	`messages`

Constructor Summary
`AbstractProcessingFilter()`

Method Summary
`void`	`afterPropertiesSet()`
`abstract Authentication`	`attemptAuthentication(HttpServletRequest request)` Performs actual authentication.
`void`	`destroy()` Does nothing.
`void`	`doFilter(ServletRequest request, ServletResponse response, FilterChain chain)`
`AuthenticationDetailsSource`	`getAuthenticationDetailsSource()`
`String`	`getAuthenticationFailureUrl()`
`AuthenticationManager`	`getAuthenticationManager()`
`abstract String`	`getDefaultFilterProcessesUrl()` Specifies the default `filterProcessesUrl` for the implementation.
`String`	`getDefaultTargetUrl()` Supplies the default target Url that will be used if no saved request is found or the `alwaysUseDefaultTargetUrl` propert is set to true.
`Properties`	`getExceptionMappings()`
`String`	`getFilterProcessesUrl()`
`RememberMeServices`	`getRememberMeServices()`
`void`	`init(FilterConfig arg0)` Does nothing.
`boolean`	`isAlwaysUseDefaultTargetUrl()`
`boolean`	`isContinueChainBeforeSuccessfulAuthentication()`
`static String`	`obtainFullRequestUrl(HttpServletRequest request)`
`protected void`	`onPreAuthentication(HttpServletRequest request, HttpServletResponse response)`
`protected void`	`onSuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response, Authentication authResult)`
`protected void`	`onUnsuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response, AuthenticationException failed)`
`protected boolean`	`requiresAuthentication(HttpServletRequest request, HttpServletResponse response)` Indicates whether this filter should attempt to process a login request for the current invocation.
`protected void`	`sendRedirect(HttpServletRequest request, HttpServletResponse response, String url)`
`void`	`setAlwaysUseDefaultTargetUrl(boolean alwaysUseDefaultTargetUrl)`
`void`	`setApplicationEventPublisher(ApplicationEventPublisher eventPublisher)`
`void`	`setAuthenticationDetailsSource(AuthenticationDetailsSource authenticationDetailsSource)`
`void`	`setAuthenticationFailureUrl(String authenticationFailureUrl)`
`void`	`setAuthenticationManager(AuthenticationManager authenticationManager)`
`void`	`setContinueChainBeforeSuccessfulAuthentication(boolean continueChainBeforeSuccessfulAuthentication)`
`void`	`setDefaultTargetUrl(String defaultTargetUrl)`
`void`	`setExceptionMappings(Properties exceptionMappings)`
`void`	`setFilterProcessesUrl(String filterProcessesUrl)`
`void`	`setMessageSource(MessageSource messageSource)`
`void`	`setRememberMeServices(RememberMeServices rememberMeServices)`
`protected void`	`successfulAuthentication(HttpServletRequest request, HttpServletResponse response, Authentication authResult)`
`protected void`	`unsuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response, AuthenticationException failed)`

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Field Detail

ACEGI_SAVED_REQUEST_KEY

public static final String ACEGI_SAVED_REQUEST_KEY

See Also:: Constant Field Values

ACEGI_SECURITY_LAST_EXCEPTION_KEY

public static final String ACEGI_SECURITY_LAST_EXCEPTION_KEY

See Also:: Constant Field Values

eventPublisher

protected ApplicationEventPublisher eventPublisher

authenticationDetailsSource

protected AuthenticationDetailsSource authenticationDetailsSource

logger

protected final Log logger

messages

protected MessageSourceAccessor messages

Constructor Detail

AbstractProcessingFilter

public AbstractProcessingFilter()

Method Detail

afterPropertiesSet

public void afterPropertiesSet()
                        throws Exception

Specified by:: afterPropertiesSet in interface InitializingBean

Throws:: Exception

attemptAuthentication

public abstract Authentication attemptAuthentication(HttpServletRequest request)
                                              throws AuthenticationException

Performs actual authentication.

Parameters:: request - from which to extract parameters and perform the authentication
Returns:: the authenticated user
Throws:: AuthenticationException - if authentication fails

destroy

public void destroy()

Does nothing. We use IoC container lifecycle services instead.

Specified by:: destroy in interface Filter

doFilter

public void doFilter(ServletRequest request,
                     ServletResponse response,
                     FilterChain chain)
              throws IOException,
                     ServletException

Specified by:: doFilter in interface Filter

Throws:: IOException; ServletException

getAuthenticationFailureUrl

public String getAuthenticationFailureUrl()

getAuthenticationManager

public AuthenticationManager getAuthenticationManager()

getDefaultFilterProcessesUrl

public abstract String getDefaultFilterProcessesUrl()

Specifies the default filterProcessesUrl for the implementation.

Returns:: the default filterProcessesUrl

getDefaultTargetUrl

public String getDefaultTargetUrl()

Supplies the default target Url that will be used if no saved request is found or the alwaysUseDefaultTargetUrl propert is set to true. Override this method of you want to provide a customized default Url (for example if you want different Urls depending on the authorities of the user who has just logged in).

Returns:: the defaultTargetUrl property

getExceptionMappings

public Properties getExceptionMappings()

getFilterProcessesUrl

public String getFilterProcessesUrl()

getRememberMeServices

public RememberMeServices getRememberMeServices()

init

public void init(FilterConfig arg0)
          throws ServletException

Does nothing. We use IoC container lifecycle services instead.

Specified by:: init in interface Filter

Parameters:: arg0 - ignored
Throws:: ServletException - ignored

isAlwaysUseDefaultTargetUrl

public boolean isAlwaysUseDefaultTargetUrl()

isContinueChainBeforeSuccessfulAuthentication

public boolean isContinueChainBeforeSuccessfulAuthentication()

obtainFullRequestUrl

public static String obtainFullRequestUrl(HttpServletRequest request)

onPreAuthentication

protected void onPreAuthentication(HttpServletRequest request,
                                   HttpServletResponse response)
                            throws AuthenticationException,
                                   IOException

Throws:: AuthenticationException; IOException

onSuccessfulAuthentication

protected void onSuccessfulAuthentication(HttpServletRequest request,
                                          HttpServletResponse response,
                                          Authentication authResult)
                                   throws IOException

Throws:: IOException

onUnsuccessfulAuthentication

protected void onUnsuccessfulAuthentication(HttpServletRequest request,
                                            HttpServletResponse response,
                                            AuthenticationException failed)
                                     throws IOException

Throws:: IOException

requiresAuthentication

protected boolean requiresAuthentication(HttpServletRequest request,
                                         HttpServletResponse response)

Indicates whether this filter should attempt to process a login request for the current invocation.

It strips any parameters from the "path" section of the request URL (such as the jsessionid parameter in http://host/myapp/index.html;jsessionid=blah) before matching against the filterProcessesUrl property.

Subclasses may override for special requirements, such as Tapestry integration.

Parameters:: request - as received from the filter chain; response - as received from the filter chain
Returns:: true if the filter should attempt authentication, false otherwise

sendRedirect

protected void sendRedirect(HttpServletRequest request,
                            HttpServletResponse response,
                            String url)
                     throws IOException

Throws:: IOException

setAlwaysUseDefaultTargetUrl

public void setAlwaysUseDefaultTargetUrl(boolean alwaysUseDefaultTargetUrl)

setApplicationEventPublisher

public void setApplicationEventPublisher(ApplicationEventPublisher eventPublisher)

Specified by:: setApplicationEventPublisher in interface ApplicationEventPublisherAware

setAuthenticationDetailsSource

public void setAuthenticationDetailsSource(AuthenticationDetailsSource authenticationDetailsSource)

setAuthenticationFailureUrl

public void setAuthenticationFailureUrl(String authenticationFailureUrl)

setAuthenticationManager

public void setAuthenticationManager(AuthenticationManager authenticationManager)

setContinueChainBeforeSuccessfulAuthentication

public void setContinueChainBeforeSuccessfulAuthentication(boolean continueChainBeforeSuccessfulAuthentication)

setDefaultTargetUrl

public void setDefaultTargetUrl(String defaultTargetUrl)

setExceptionMappings

public void setExceptionMappings(Properties exceptionMappings)

setFilterProcessesUrl

public void setFilterProcessesUrl(String filterProcessesUrl)

setMessageSource

public void setMessageSource(MessageSource messageSource)

Specified by:: setMessageSource in interface MessageSourceAware

setRememberMeServices

public void setRememberMeServices(RememberMeServices rememberMeServices)

successfulAuthentication

protected void successfulAuthentication(HttpServletRequest request,
                                        HttpServletResponse response,
                                        Authentication authResult)
                                 throws IOException

Throws:: IOException

unsuccessfulAuthentication

protected void unsuccessfulAuthentication(HttpServletRequest request,
                                          HttpServletResponse response,
                                          AuthenticationException failed)
                                   throws IOException

Throws:: IOException

getAuthenticationDetailsSource

public AuthenticationDetailsSource getAuthenticationDetailsSource()