public class BasicProcessingFilter extends SpringSecurityFilter implements org.springframework.beans.factory.InitializingBean
SecurityContextHolder.
For a detailed background on what this filter is designed to process, refer to RFC 1945, Section 11.1. Any realm name presented in the HTTP request is ignored.
In summary, this filter is responsible for processing any request that has a HTTP request header of
Authorization with an authentication scheme of Basic and a Base64-encoded
username:password token. For example, to authenticate user "Aladdin" with password "open sesame" the
following header would be presented:
Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
This filter can be used to provide BASIC authentication services to both remoting protocol clients (such as Hessian and SOAP) as well as standard user agents (such as Internet Explorer and Netscape).
If authentication is successful, the resulting Authentication object will be placed into the
SecurityContextHolder.
If authentication fails and ignoreFailure is false (the default), an AuthenticationEntryPoint implementation is called (unless the ignoreFailure property is set to
true). Usually this should be BasicProcessingFilterEntryPoint, which will prompt the user to
authenticate again via BASIC authentication.
Basic authentication is an attractive protocol because it is simple and widely deployed. However, it still
transmits a password in clear text and as such is undesirable in many situations. Digest authentication is also
provided by Spring Security and should be used instead of Basic authentication wherever possible. See DigestProcessingFilter.
Note that if a RememberMeServices is set, this filter will automatically send back remember-me
details to the client. Therefore, subsequent requests will not need to present a BASIC authentication header as
they will be authenticated using the remember-me mechanism.
logger| Constructor and Description |
|---|
BasicProcessingFilter() |
| Modifier and Type | Method and Description |
|---|---|
void |
afterPropertiesSet() |
void |
doFilterHttp(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
javax.servlet.FilterChain chain) |
protected AuthenticationEntryPoint |
getAuthenticationEntryPoint() |
protected AuthenticationManager |
getAuthenticationManager() |
protected java.lang.String |
getCredentialsCharset(javax.servlet.http.HttpServletRequest httpRequest) |
int |
getOrder() |
protected boolean |
isIgnoreFailure() |
protected void |
onSuccessfulAuthentication(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
Authentication authResult) |
protected void |
onUnsuccessfulAuthentication(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
AuthenticationException failed) |
void |
setAuthenticationDetailsSource(AuthenticationDetailsSource authenticationDetailsSource) |
void |
setAuthenticationEntryPoint(AuthenticationEntryPoint authenticationEntryPoint) |
void |
setAuthenticationManager(AuthenticationManager authenticationManager) |
void |
setCredentialsCharset(java.lang.String credentialsCharset) |
void |
setIgnoreFailure(boolean ignoreFailure) |
void |
setRememberMeServices(RememberMeServices rememberMeServices) |
destroy, doFilter, init, toStringpublic void afterPropertiesSet()
throws java.lang.Exception
afterPropertiesSet in interface org.springframework.beans.factory.InitializingBeanjava.lang.Exceptionpublic void doFilterHttp(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
javax.servlet.FilterChain chain)
throws java.io.IOException,
javax.servlet.ServletException
doFilterHttp in class SpringSecurityFilterjava.io.IOExceptionjavax.servlet.ServletExceptionprotected void onSuccessfulAuthentication(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
Authentication authResult)
throws java.io.IOException
java.io.IOExceptionprotected void onUnsuccessfulAuthentication(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
AuthenticationException failed)
throws java.io.IOException
java.io.IOExceptionprotected AuthenticationEntryPoint getAuthenticationEntryPoint()
public void setAuthenticationEntryPoint(AuthenticationEntryPoint authenticationEntryPoint)
protected AuthenticationManager getAuthenticationManager()
public void setAuthenticationManager(AuthenticationManager authenticationManager)
protected boolean isIgnoreFailure()
public void setIgnoreFailure(boolean ignoreFailure)
public void setAuthenticationDetailsSource(AuthenticationDetailsSource authenticationDetailsSource)
public void setRememberMeServices(RememberMeServices rememberMeServices)
public void setCredentialsCharset(java.lang.String credentialsCharset)
protected java.lang.String getCredentialsCharset(javax.servlet.http.HttpServletRequest httpRequest)
public int getOrder()
getOrder in interface org.springframework.core.Ordered