Package org.springframework.security.web.access.intercept

Class FilterSecurityInterceptor

java.lang.Object

org.springframework.security.access.intercept.AbstractSecurityInterceptor

org.springframework.security.web.access.intercept.FilterSecurityInterceptor

All Implemented Interfaces:

jakarta.servlet.Filter, org.springframework.beans.factory.Aware, org.springframework.beans.factory.InitializingBean, org.springframework.context.ApplicationEventPublisherAware, org.springframework.context.MessageSourceAware

@Deprecated
public class FilterSecurityInterceptor
extends org.springframework.security.access.intercept.AbstractSecurityInterceptor
implements jakarta.servlet.Filter

Deprecated.

Use AuthorizationFilter instead

Performs security handling of HTTP resources via a filter implementation.

The SecurityMetadataSource required by this security interceptor is of type FilterInvocationSecurityMetadataSource.

Refer to AbstractSecurityInterceptor for details on the workflow.

Field Summary

Fields inherited from class org.springframework.security.access.intercept.AbstractSecurityInterceptor

logger, messages

Constructor Summary

Constructors

Constructor	Description
FilterSecurityInterceptor()	Deprecated.

Method Summary

Modifier and Type	Method	Description
void	destroy()	Deprecated. Not used (we rely on IoC container lifecycle services instead)
void	doFilter(jakarta.servlet.ServletRequest request, jakarta.servlet.ServletResponse response, jakarta.servlet.FilterChain chain)	Deprecated. Method that is actually called by the filter chain.
Class<?>	getSecureObjectClass()	Deprecated.
FilterInvocationSecurityMetadataSource	getSecurityMetadataSource()	Deprecated.
void	init(jakarta.servlet.FilterConfig arg0)	Deprecated. Not used (we rely on IoC container lifecycle services instead)
void	invoke(FilterInvocation filterInvocation)	Deprecated.
boolean	isObserveOncePerRequest()	Deprecated. Indicates whether once-per-request handling will be observed.
org.springframework.security.access.SecurityMetadataSource	obtainSecurityMetadataSource()	Deprecated.
void	setObserveOncePerRequest(boolean observeOncePerRequest)	Deprecated.
void	setSecurityMetadataSource(FilterInvocationSecurityMetadataSource newSource)	Deprecated.

Methods inherited from class org.springframework.security.access.intercept.AbstractSecurityInterceptor

afterInvocation, afterPropertiesSet, beforeInvocation, finallyInvocation, getAccessDecisionManager, getAfterInvocationManager, getAuthenticationManager, getRunAsManager, isAlwaysReauthenticate, isRejectPublicInvocations, isValidateConfigAttributes, setAccessDecisionManager, setAfterInvocationManager, setAlwaysReauthenticate, setApplicationEventPublisher, setAuthenticationManager, setMessageSource, setPublishAuthorizationSuccess, setRejectPublicInvocations, setRunAsManager, setSecurityContextHolderStrategy, setValidateConfigAttributes

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

FilterSecurityInterceptor

public FilterSecurityInterceptor()

Deprecated.

Method Details

init

public void init(jakarta.servlet.FilterConfig arg0)

Deprecated.

Not used (we rely on IoC container lifecycle services instead)

Specified by:

init in interface jakarta.servlet.Filter

Parameters:

arg0 - ignored

destroy

public void destroy()

Deprecated.

Not used (we rely on IoC container lifecycle services instead)

Specified by:

destroy in interface jakarta.servlet.Filter

doFilter

public void doFilter(jakarta.servlet.ServletRequest request,
 jakarta.servlet.ServletResponse response,
 jakarta.servlet.FilterChain chain)
              throws IOException,
jakarta.servlet.ServletException

Deprecated.

Method that is actually called by the filter chain. Simply delegates to the invoke(FilterInvocation) method.

Specified by:

doFilter in interface jakarta.servlet.Filter

Parameters:

request - the servlet request

response - the servlet response

chain - the filter chain

Throws:

IOException - if the filter chain fails

jakarta.servlet.ServletException - if the filter chain fails

getSecurityMetadataSource

public FilterInvocationSecurityMetadataSource getSecurityMetadataSource()

Deprecated.

obtainSecurityMetadataSource

public org.springframework.security.access.SecurityMetadataSource obtainSecurityMetadataSource()

Deprecated.

Specified by:

obtainSecurityMetadataSource in class org.springframework.security.access.intercept.AbstractSecurityInterceptor

setSecurityMetadataSource

public void setSecurityMetadataSource(FilterInvocationSecurityMetadataSource newSource)

Deprecated.

getSecureObjectClass

public Class<?> getSecureObjectClass()

Deprecated.

Specified by:

getSecureObjectClass in class org.springframework.security.access.intercept.AbstractSecurityInterceptor

invoke

public void invoke(FilterInvocation filterInvocation)
            throws IOException,
jakarta.servlet.ServletException

Deprecated.

Throws:

IOException

jakarta.servlet.ServletException

isObserveOncePerRequest

public boolean isObserveOncePerRequest()

Deprecated.

Indicates whether once-per-request handling will be observed. By default this is true, meaning the FilterSecurityInterceptor will only execute once-per-request. Sometimes users may wish it to execute more than once per request, such as when JSP forwards are being used and filter security is desired on each included fragment of the HTTP request.

Returns:

true (the default) if once-per-request is honoured, otherwise false if FilterSecurityInterceptor will enforce authorizations for each and every fragment of the HTTP request.

setObserveOncePerRequest

public void setObserveOncePerRequest(boolean observeOncePerRequest)

Deprecated.