AuthenticationProcessingFilterEntryPoint (Acegi Security Core 1.0.6 API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.acegisecurity.ui.webapp
Class AuthenticationProcessingFilterEntryPoint

java.lang.Object
  org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint

All Implemented Interfaces:: AuthenticationEntryPoint, org.springframework.beans.factory.InitializingBean

public class AuthenticationProcessingFilterEntryPoint
extends Object
implements AuthenticationEntryPoint, org.springframework.beans.factory.InitializingBean
extends Object
implements AuthenticationEntryPoint, org.springframework.beans.factory.InitializingBean

Used by the SecurityEnforcementFilter to commence authentication via the AuthenticationProcessingFilter. This object holds the location of the login form, relative to the web app context path, and is used to commence a redirect to that form.

By setting the forceHttps property to true, you may configure the class to force the protocol used for the login form to be HTTPS, even if the original intercepted request for a resource used the HTTP protocol. When this happens, after a successful login (via HTTPS), the original resource will still be accessed as HTTP, via the original request URL. For the forced HTTPS feature to work, the PortMapper is consulted to determine the HTTP:HTTPS pairs.

Version:: $Id: AuthenticationProcessingFilterEntryPoint.java 1873 2007-05-25 03:21:17Z benalex $
Author:: Ben Alex, colin sampaleanu, Omri Spector

Constructor Summary
`AuthenticationProcessingFilterEntryPoint()`

Method Summary
`void`	`afterPropertiesSet()`
`void`	`commence(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, AuthenticationException authException)` Commences an authentication scheme.
`protected String`	`determineUrlToUseForThisRequest(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, AuthenticationException exception)` Allows subclasses to modify the login form URL that should be applicable for a given request.
`boolean`	`getForceHttps()`
`String`	`getLoginFormUrl()`
`PortMapper`	`getPortMapper()`
`PortResolver`	`getPortResolver()`
`boolean`	`isServerSideRedirect()`
`void`	`setForceHttps(boolean forceHttps)` Set to true to force login form access to be via https.
`void`	`setLoginFormUrl(String loginFormUrl)` The URL where the `AuthenticationProcessingFilter` login page can be found.
`void`	`setPortMapper(PortMapper portMapper)`
`void`	`setPortResolver(PortResolver portResolver)`
`void`	`setServerSideRedirect(boolean serverSideRedirect)` Tells if we are to do a server side include of the `loginFormUrl` instead of a 302 redirect.

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Constructor Detail

AuthenticationProcessingFilterEntryPoint

public AuthenticationProcessingFilterEntryPoint()

Method Detail

afterPropertiesSet

public void afterPropertiesSet()
                        throws Exception

Specified by:: afterPropertiesSet in interface org.springframework.beans.factory.InitializingBean

Throws:: Exception

determineUrlToUseForThisRequest

protected String determineUrlToUseForThisRequest(javax.servlet.http.HttpServletRequest request,
                                                 javax.servlet.http.HttpServletResponse response,
                                                 AuthenticationException exception)

Allows subclasses to modify the login form URL that should be applicable for a given request.

Parameters:: request - the request; response - the response; exception - the exception
Returns:: the URL (cannot be null or empty; defaults to getLoginFormUrl())

commence

public void commence(javax.servlet.ServletRequest request,
                     javax.servlet.ServletResponse response,
                     AuthenticationException authException)
              throws IOException,
                     javax.servlet.ServletException

Description copied from interface: AuthenticationEntryPoint

Commences an authentication scheme.

SecurityEnforcementFilter will populate the HttpSession attribute named AuthenticationProcessingFilter.ACEGI_SECURITY_TARGET_URL_KEY with the requested target URL before calling this method.

Implementations should modify the headers on the ServletResponse as necessary to commence the authentication process.

Specified by:: commence in interface AuthenticationEntryPoint

Parameters:: request - that resulted in an AuthenticationException; response - so that the user agent can begin authentication; authException - that caused the invocation
Throws:: IOException - DOCUMENT ME!; javax.servlet.ServletException - DOCUMENT ME!

getForceHttps

public boolean getForceHttps()

getLoginFormUrl

public String getLoginFormUrl()

getPortMapper

public PortMapper getPortMapper()

getPortResolver

public PortResolver getPortResolver()

isServerSideRedirect

public boolean isServerSideRedirect()

setForceHttps

public void setForceHttps(boolean forceHttps)

Set to true to force login form access to be via https. If this value is ture (the default is false), and the incoming request for the protected resource which triggered the interceptor was not already https, then

Parameters:: forceHttps -

setLoginFormUrl

public void setLoginFormUrl(String loginFormUrl)

The URL where the AuthenticationProcessingFilter login page can be found. Should be relative to the web-app context path, and include a leading /

Parameters:: loginFormUrl -

setPortMapper

public void setPortMapper(PortMapper portMapper)

setPortResolver

public void setPortResolver(PortResolver portResolver)

setServerSideRedirect

public void setServerSideRedirect(boolean serverSideRedirect)

Tells if we are to do a server side include of the loginFormUrl instead of a 302 redirect.

Parameters:: serverSideRedirect -