Java Doc for AbstractProcessingFilter.java in  » Security » acegi-security » org » acegisecurity » ui » Java Source Code / Java DocumentationJava Source Code and Java Documentation

This filter is responsible for processing authentication requests. If authentication is successful, the resulting Authentication object will be placed into the SecurityContext, which is guaranteed to have already been created by an earlier filter.

If authentication fails, the AuthenticationException will be placed into the HttpSession with the attribute defined by AbstractProcessingFilter.ACEGI_SECURITY_LAST_EXCEPTION_KEY .

To use this filter, it is necessary to specify the following properties:

• defaultTargetUrl indicates the URL that should be used for redirection if the HttpSession attribute named AbstractProcessingFilter.ACEGI_SAVED_REQUEST_KEY does not indicate the target URL once authentication is completed successfully. eg: /. The defaultTargetUrl will be treated as relative to the web-app's context path, and should include the leading /. Alternatively, inclusion of a scheme name (eg http:// or https://) as the prefix will denote a fully-qualified URL and this is also supported.
• authenticationFailureUrl indicates the URL that should be used for redirection if the authentication request fails. eg: /login.jsp?login_error=1.
• filterProcessesUrl indicates the URL that this filter will respond to. This parameter varies by subclass.
• alwaysUseDefaultTargetUrl causes successful authentication to always redirect to the defaultTargetUrl, even if the HttpSession attribute named AbstractProcessingFilter.ACEGI_SAVED_REQUEST_KEY defines the intended target URL.

To configure this filter to redirect to specific pages as the result of specific AuthenticationException s you can do the following. Configure the exceptionMappings property in your application xml. This property is a java.util.Properties object that maps a fully-qualified exception class name to a redirection url target. For example:

 <property name="exceptionMappings">
 <props>
 <prop> key="org.acegisecurity.BadCredentialsException">/bad_credentials.jsp</prop>
 </props>
 </property>
 

Any AuthenticationException thrown that cannot be matched in the exceptionMappings will be redirected to the authenticationFailureUrl

If authentication is successful, an org.acegisecurity.event.authentication.InteractiveAuthenticationSuccessEvent will be published to the application context. No events will be published if authentication was unsuccessful, because this would generally be recorded via an AuthenticationManager-specific application event.

Indicates whether this filter should attempt to process a login request for the current invocation.

Indicates whether this filter should attempt to process a login request for the current invocation.

It strips any parameters from the "path" section of the request URL (such as the jsessionid parameter in http://host/myapp/index.html;jsessionid=blah) before matching against the filterProcessesUrl property.

Subclasses may override for special requirements, such as Tapestry integration.