Class FilterSecurityInterceptor
- java.lang.Object
-
- org.springframework.security.access.intercept.AbstractSecurityInterceptor
-
- org.springframework.security.web.access.intercept.FilterSecurityInterceptor
-
- All Implemented Interfaces:
javax.servlet.Filter
,org.springframework.beans.factory.Aware
,org.springframework.beans.factory.InitializingBean
,org.springframework.context.ApplicationEventPublisherAware
,org.springframework.context.MessageSourceAware
public class FilterSecurityInterceptor extends org.springframework.security.access.intercept.AbstractSecurityInterceptor implements javax.servlet.Filter
Performs security handling of HTTP resources via a filter implementation.The
SecurityMetadataSource
required by this security interceptor is of typeFilterInvocationSecurityMetadataSource
.Refer to
AbstractSecurityInterceptor
for details on the workflow.
-
-
Constructor Summary
Constructors Constructor Description FilterSecurityInterceptor()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
destroy()
Not used (we rely on IoC container lifecycle services instead)void
doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain)
Method that is actually called by the filter chain.java.lang.Class<?>
getSecureObjectClass()
FilterInvocationSecurityMetadataSource
getSecurityMetadataSource()
void
init(javax.servlet.FilterConfig arg0)
Not used (we rely on IoC container lifecycle services instead)void
invoke(FilterInvocation filterInvocation)
boolean
isObserveOncePerRequest()
Indicates whether once-per-request handling will be observed.org.springframework.security.access.SecurityMetadataSource
obtainSecurityMetadataSource()
void
setObserveOncePerRequest(boolean observeOncePerRequest)
void
setSecurityMetadataSource(FilterInvocationSecurityMetadataSource newSource)
-
Methods inherited from class org.springframework.security.access.intercept.AbstractSecurityInterceptor
afterInvocation, afterPropertiesSet, beforeInvocation, finallyInvocation, getAccessDecisionManager, getAfterInvocationManager, getAuthenticationManager, getRunAsManager, isAlwaysReauthenticate, isRejectPublicInvocations, isValidateConfigAttributes, setAccessDecisionManager, setAfterInvocationManager, setAlwaysReauthenticate, setApplicationEventPublisher, setAuthenticationManager, setMessageSource, setPublishAuthorizationSuccess, setRejectPublicInvocations, setRunAsManager, setValidateConfigAttributes
-
-
-
-
Method Detail
-
init
public void init(javax.servlet.FilterConfig arg0)
Not used (we rely on IoC container lifecycle services instead)- Specified by:
init
in interfacejavax.servlet.Filter
- Parameters:
arg0
- ignored
-
destroy
public void destroy()
Not used (we rely on IoC container lifecycle services instead)- Specified by:
destroy
in interfacejavax.servlet.Filter
-
doFilter
public void doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain) throws java.io.IOException, javax.servlet.ServletException
Method that is actually called by the filter chain. Simply delegates to theinvoke(FilterInvocation)
method.- Specified by:
doFilter
in interfacejavax.servlet.Filter
- Parameters:
request
- the servlet requestresponse
- the servlet responsechain
- the filter chain- Throws:
java.io.IOException
- if the filter chain failsjavax.servlet.ServletException
- if the filter chain fails
-
getSecurityMetadataSource
public FilterInvocationSecurityMetadataSource getSecurityMetadataSource()
-
obtainSecurityMetadataSource
public org.springframework.security.access.SecurityMetadataSource obtainSecurityMetadataSource()
- Specified by:
obtainSecurityMetadataSource
in classorg.springframework.security.access.intercept.AbstractSecurityInterceptor
-
setSecurityMetadataSource
public void setSecurityMetadataSource(FilterInvocationSecurityMetadataSource newSource)
-
getSecureObjectClass
public java.lang.Class<?> getSecureObjectClass()
- Specified by:
getSecureObjectClass
in classorg.springframework.security.access.intercept.AbstractSecurityInterceptor
-
invoke
public void invoke(FilterInvocation filterInvocation) throws java.io.IOException, javax.servlet.ServletException
- Throws:
java.io.IOException
javax.servlet.ServletException
-
isObserveOncePerRequest
public boolean isObserveOncePerRequest()
Indicates whether once-per-request handling will be observed. By default this istrue
, meaning theFilterSecurityInterceptor
will only execute once-per-request. Sometimes users may wish it to execute more than once per request, such as when JSP forwards are being used and filter security is desired on each included fragment of the HTTP request.- Returns:
true
(the default) if once-per-request is honoured, otherwisefalse
ifFilterSecurityInterceptor
will enforce authorizations for each and every fragment of the HTTP request.
-
setObserveOncePerRequest
public void setObserveOncePerRequest(boolean observeOncePerRequest)
-
-