Class ChannelProcessingFilter
java.lang.Object
org.springframework.web.filter.GenericFilterBean
org.springframework.security.web.access.channel.ChannelProcessingFilter
- All Implemented Interfaces:
jakarta.servlet.Filter
,org.springframework.beans.factory.Aware
,org.springframework.beans.factory.BeanNameAware
,org.springframework.beans.factory.DisposableBean
,org.springframework.beans.factory.InitializingBean
,org.springframework.context.EnvironmentAware
,org.springframework.core.env.EnvironmentCapable
,org.springframework.web.context.ServletContextAware
public class ChannelProcessingFilter
extends org.springframework.web.filter.GenericFilterBean
Ensures a web request is delivered over the required channel.
Internally uses a FilterInvocation
to represent the request, allowing a
FilterInvocationSecurityMetadataSource
to be used to lookup the attributes
which apply.
Delegates the actual channel security decisions and necessary actions to the configured
ChannelDecisionManager
. If a response is committed by the
ChannelDecisionManager
, the filter chain will not proceed.
The most common usage is to ensure that a request takes place over HTTPS, where the
ChannelDecisionManagerImpl
is configured with a SecureChannelProcessor
and an InsecureChannelProcessor
. A typical configuration would be
<bean id="channelProcessingFilter" class="org.springframework.security.web.access.channel.ChannelProcessingFilter"> <property name="channelDecisionManager" ref="channelDecisionManager"/> <property name="securityMetadataSource"> <security:filter-security-metadata-source request-matcher="regex"> <security:intercept-url pattern="\A/secure/.*\Z" access="REQUIRES_SECURE_CHANNEL"/> <security:intercept-url pattern="\A/login.jsp.*\Z" access="REQUIRES_SECURE_CHANNEL"/> <security:intercept-url pattern="\A/.*\Z" access="ANY_CHANNEL"/> </security:filter-security-metadata-source> </property> </bean> <bean id="channelDecisionManager" class="org.springframework.security.web.access.channel.ChannelDecisionManagerImpl"> <property name="channelProcessors"> <list> <ref bean="secureChannelProcessor"/> <ref bean="insecureChannelProcessor"/> </list> </property> </bean> <bean id="secureChannelProcessor" class="org.springframework.security.web.access.channel.SecureChannelProcessor"/> <bean id="insecureChannelProcessor" class="org.springframework.security.web.access.channel.InsecureChannelProcessor"/>which would force the login form and any access to the
/secure
path to be made
over HTTPS.-
Field Summary
Fields inherited from class org.springframework.web.filter.GenericFilterBean
logger
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionvoid
void
doFilter
(jakarta.servlet.ServletRequest req, jakarta.servlet.ServletResponse res, jakarta.servlet.FilterChain chain) protected ChannelDecisionManager
protected FilterInvocationSecurityMetadataSource
void
setChannelDecisionManager
(ChannelDecisionManager channelDecisionManager) void
setSecurityMetadataSource
(FilterInvocationSecurityMetadataSource filterInvocationSecurityMetadataSource) Methods inherited from class org.springframework.web.filter.GenericFilterBean
addRequiredProperty, createEnvironment, destroy, getEnvironment, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext
-
Constructor Details
-
ChannelProcessingFilter
public ChannelProcessingFilter()
-
-
Method Details
-
afterPropertiesSet
public void afterPropertiesSet()- Specified by:
afterPropertiesSet
in interfaceorg.springframework.beans.factory.InitializingBean
- Overrides:
afterPropertiesSet
in classorg.springframework.web.filter.GenericFilterBean
-
doFilter
public void doFilter(jakarta.servlet.ServletRequest req, jakarta.servlet.ServletResponse res, jakarta.servlet.FilterChain chain) throws IOException, jakarta.servlet.ServletException - Throws:
IOException
jakarta.servlet.ServletException
-
getChannelDecisionManager
-
getSecurityMetadataSource
-
setChannelDecisionManager
-
setSecurityMetadataSource
public void setSecurityMetadataSource(FilterInvocationSecurityMetadataSource filterInvocationSecurityMetadataSource)
-