| java.lang.Object org.acegisecurity.ui.AbstractProcessingFilter
All known Subclasses: org.acegisecurity.ui.cas.CasProcessingFilter, org.acegisecurity.ui.openid.OpenIdAuthenticationProcessingFilter, org.acegisecurity.ui.openid.OpenIDResponseProcessingFilter, org.acegisecurity.ui.webapp.AuthenticationProcessingFilter,
AbstractProcessingFilter | abstract public class AbstractProcessingFilter implements Filter,InitializingBean,ApplicationEventPublisherAware,MessageSourceAware(Code) | | Abstract processor of browser-based HTTP-based authentication requests.
This filter is responsible for processing authentication requests. If
authentication is successful, the resulting
Authentication object
will be placed into the SecurityContext , which is guaranteed
to have already been created by an earlier filter.
If authentication fails, the AuthenticationException will be
placed into the HttpSession with the attribute defined by
AbstractProcessingFilter.ACEGI_SECURITY_LAST_EXCEPTION_KEY .
To use this filter, it is necessary to specify the following properties:
defaultTargetUrl indicates the URL that should be used
for redirection if the HttpSession attribute named
AbstractProcessingFilter.ACEGI_SAVED_REQUEST_KEY does not indicate the target URL once
authentication is completed successfully. eg: / . The
defaultTargetUrl will be treated as relative to the web-app's
context path, and should include the leading / .
Alternatively, inclusion of a scheme name (eg http:// or https://) as the
prefix will denote a fully-qualified URL and this is also supported.
authenticationFailureUrl indicates the URL that should be
used for redirection if the authentication request fails. eg:
/login.jsp?login_error=1 .
filterProcessesUrl indicates the URL that this filter
will respond to. This parameter varies by subclass.
alwaysUseDefaultTargetUrl causes successful
authentication to always redirect to the defaultTargetUrl ,
even if the HttpSession attribute named
AbstractProcessingFilter.ACEGI_SAVED_REQUEST_KEY defines the intended target URL.
To configure this filter to redirect to specific pages as the result of
specific
AuthenticationException s you can do the following.
Configure the exceptionMappings property in your application
xml. This property is a java.util.Properties object that maps a
fully-qualified exception class name to a redirection url target. For
example:
<property name="exceptionMappings">
<props>
<prop> key="org.acegisecurity.BadCredentialsException">/bad_credentials.jsp</prop>
</props>
</property>
The example above would redirect all
org.acegisecurity.BadCredentialsException s thrown, to a page in the
web-application called /bad_credentials.jsp.
Any
AuthenticationException thrown that cannot be matched in the
exceptionMappings will be redirected to the
authenticationFailureUrl
If authentication is successful, an
org.acegisecurity.event.authentication.InteractiveAuthenticationSuccessEvent will be published to the application context. No events will be published if
authentication was unsuccessful, because this would generally be recorded via
an AuthenticationManager -specific application event.
author: Ben Alex version: $Id: AbstractProcessingFilter.java 1909 2007-06-19 04:08:19Z version: vishalpuri $ |
Method Summary | |
public void | afterPropertiesSet() | abstract public Authentication | attemptAuthentication(HttpServletRequest request) Performs actual authentication. | public void | destroy() Does nothing. | protected String | determineFailureUrl(HttpServletRequest request, AuthenticationException failed) | protected String | determineTargetUrl(HttpServletRequest request) | public void | doFilter(ServletRequest request, ServletResponse response, FilterChain chain) | public AuthenticationDetailsSource | getAuthenticationDetailsSource() | public String | getAuthenticationFailureUrl() | public AuthenticationManager | getAuthenticationManager() | abstract public String | getDefaultFilterProcessesUrl() Specifies the default filterProcessesUrl for the
implementation. | public String | getDefaultTargetUrl() Supplies the default target Url that will be used if no saved request is
found or the alwaysUseDefaultTargetUrl propert is set to true. | public Properties | getExceptionMappings() | public String | getFilterProcessesUrl() | public RememberMeServices | getRememberMeServices() | public void | init(FilterConfig arg0) Does nothing. | public boolean | isAlwaysUseDefaultTargetUrl() | public boolean | isContinueChainBeforeSuccessfulAuthentication() | public static String | obtainFullRequestUrl(HttpServletRequest request) | protected void | onPreAuthentication(HttpServletRequest request, HttpServletResponse response) | protected void | onSuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response, Authentication authResult) | protected void | onUnsuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response, AuthenticationException failed) | protected boolean | requiresAuthentication(HttpServletRequest request, HttpServletResponse response)
Indicates whether this filter should attempt to process a login request
for the current invocation. | protected void | sendRedirect(HttpServletRequest request, HttpServletResponse response, String url) | public void | setAlwaysUseDefaultTargetUrl(boolean alwaysUseDefaultTargetUrl) | public void | setApplicationEventPublisher(ApplicationEventPublisher eventPublisher) | public void | setAuthenticationDetailsSource(AuthenticationDetailsSource authenticationDetailsSource) | public void | setAuthenticationFailureUrl(String authenticationFailureUrl) | public void | setAuthenticationManager(AuthenticationManager authenticationManager) | public void | setBufferSize(int bufferSize) | public void | setContinueChainBeforeSuccessfulAuthentication(boolean continueChainBeforeSuccessfulAuthentication) | public void | setDefaultTargetUrl(String defaultTargetUrl) | public void | setExceptionMappings(Properties exceptionMappings) | public void | setFilterProcessesUrl(String filterProcessesUrl) | public void | setMessageSource(MessageSource messageSource) | public void | setRememberMeServices(RememberMeServices rememberMeServices) | public void | setUseRelativeContext(boolean useRelativeContext) | protected void | successfulAuthentication(HttpServletRequest request, HttpServletResponse response, Authentication authResult) | protected void | unsuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response, AuthenticationException failed) |
ACEGI_SAVED_REQUEST_KEY | final public static String ACEGI_SAVED_REQUEST_KEY(Code) | | |
ACEGI_SECURITY_LAST_EXCEPTION_KEY | final public static String ACEGI_SECURITY_LAST_EXCEPTION_KEY(Code) | | |
eventPublisher | protected ApplicationEventPublisher eventPublisher(Code) | | |
logger | final protected Log logger(Code) | | |
messages | protected MessageSourceAccessor messages(Code) | | |
destroy | public void destroy()(Code) | | Does nothing. We use IoC container lifecycle services instead.
|
getAuthenticationFailureUrl | public String getAuthenticationFailureUrl()(Code) | | |
getDefaultFilterProcessesUrl | abstract public String getDefaultFilterProcessesUrl()(Code) | | Specifies the default filterProcessesUrl for the
implementation.
the default filterProcessesUrl |
getDefaultTargetUrl | public String getDefaultTargetUrl()(Code) | | Supplies the default target Url that will be used if no saved request is
found or the alwaysUseDefaultTargetUrl propert is set to true.
Override this method of you want to provide a customized default Url (for
example if you want different Urls depending on the authorities of the
user who has just logged in).
the defaultTargetUrl property |
getFilterProcessesUrl | public String getFilterProcessesUrl()(Code) | | |
isAlwaysUseDefaultTargetUrl | public boolean isAlwaysUseDefaultTargetUrl()(Code) | | |
isContinueChainBeforeSuccessfulAuthentication | public boolean isContinueChainBeforeSuccessfulAuthentication()(Code) | | |
requiresAuthentication | protected boolean requiresAuthentication(HttpServletRequest request, HttpServletResponse response)(Code) | |
Indicates whether this filter should attempt to process a login request
for the current invocation.
It strips any parameters from the "path" section of the request URL (such
as the jsessionid parameter in
http://host/myapp/index.html;jsessionid=blah) before matching
against the filterProcessesUrl property.
Subclasses may override for special requirements, such as Tapestry
integration.
Parameters: request - as received from the filter chain Parameters: response - as received from the filter chain true if the filter should attempt authentication,false otherwise |
setAlwaysUseDefaultTargetUrl | public void setAlwaysUseDefaultTargetUrl(boolean alwaysUseDefaultTargetUrl)(Code) | | |
setApplicationEventPublisher | public void setApplicationEventPublisher(ApplicationEventPublisher eventPublisher)(Code) | | |
setAuthenticationFailureUrl | public void setAuthenticationFailureUrl(String authenticationFailureUrl)(Code) | | |
setBufferSize | public void setBufferSize(int bufferSize)(Code) | | |
setContinueChainBeforeSuccessfulAuthentication | public void setContinueChainBeforeSuccessfulAuthentication(boolean continueChainBeforeSuccessfulAuthentication)(Code) | | |
setDefaultTargetUrl | public void setDefaultTargetUrl(String defaultTargetUrl)(Code) | | |
setExceptionMappings | public void setExceptionMappings(Properties exceptionMappings)(Code) | | |
setFilterProcessesUrl | public void setFilterProcessesUrl(String filterProcessesUrl)(Code) | | |
setMessageSource | public void setMessageSource(MessageSource messageSource)(Code) | | |
setUseRelativeContext | public void setUseRelativeContext(boolean useRelativeContext)(Code) | | |
|
|