org.springframework.security.ui.webapp

Class AuthenticationProcessingFilter

java.lang.Object

org.springframework.security.ui.SpringSecurityFilter

org.springframework.security.ui.AbstractProcessingFilter

org.springframework.security.ui.webapp.AuthenticationProcessingFilter

All Implemented Interfaces:

javax.servlet.Filter, org.springframework.beans.factory.InitializingBean, org.springframework.context.ApplicationEventPublisherAware, org.springframework.context.MessageSourceAware, org.springframework.core.Ordered

public class AuthenticationProcessingFilter
extends AbstractProcessingFilter

Processes an authentication form.

Login forms must present two parameters to this filter: a username and password. The default parameter names to use are contained in the static fields SPRING_SECURITY_FORM_USERNAME_KEY and SPRING_SECURITY_FORM_PASSWORD_KEY. The parameter names can also be changed by setting the usernameParameter and passwordParameter properties.

Version:

$Id$

Author:

Ben Alex, Colin Sampaleanu

Field Summary

Fields

Modifier and Type	Field and Description
static java.lang.String	SPRING_SECURITY_FORM_PASSWORD_KEY
static java.lang.String	SPRING_SECURITY_FORM_USERNAME_KEY
static java.lang.String	SPRING_SECURITY_LAST_USERNAME_KEY

Fields inherited from class org.springframework.security.ui.AbstractProcessingFilter

authenticationDetailsSource, eventPublisher, messages, SPRING_SECURITY_LAST_EXCEPTION_KEY, SPRING_SECURITY_SAVED_REQUEST_KEY

Fields inherited from class org.springframework.security.ui.SpringSecurityFilter

logger

Fields inherited from interface org.springframework.core.Ordered

HIGHEST_PRECEDENCE, LOWEST_PRECEDENCE

Constructor Summary

Constructors

Constructor and Description
AuthenticationProcessingFilter()

Method Summary

Methods

Modifier and Type	Method and Description
Authentication	attemptAuthentication(javax.servlet.http.HttpServletRequest request) Performs actual authentication.
java.lang.String	getDefaultFilterProcessesUrl() This filter by default responds to /j_spring_security_check.
int	getOrder()
protected java.lang.String	obtainPassword(javax.servlet.http.HttpServletRequest request) Enables subclasses to override the composition of the password, such as by including additional values and a separator.
protected java.lang.String	obtainUsername(javax.servlet.http.HttpServletRequest request) Enables subclasses to override the composition of the username, such as by including additional values and a separator.
protected void	setDetails(javax.servlet.http.HttpServletRequest request, UsernamePasswordAuthenticationToken authRequest) Provided so that subclasses may configure what is put into the authentication request's details property.
void	setPasswordParameter(java.lang.String passwordParameter) Sets the parameter name which will be used to obtain the password from the login request..
void	setUsernameParameter(java.lang.String usernameParameter) Sets the parameter name which will be used to obtain the username from the login request.

Methods inherited from class org.springframework.security.ui.AbstractProcessingFilter

afterPropertiesSet, determineFailureUrl, determineTargetUrl, doFilterHttp, getAllowSessionCreation, getAuthenticationDetailsSource, getAuthenticationFailureUrl, getAuthenticationManager, getDefaultTargetUrl, getExceptionMappings, getFilterProcessesUrl, getRememberMeServices, getTargetUrlResolver, obtainFullSavedRequestUrl, onPreAuthentication, onSuccessfulAuthentication, onUnsuccessfulAuthentication, requiresAuthentication, sendRedirect, setAllowSessionCreation, setAlwaysUseDefaultTargetUrl, setApplicationEventPublisher, setAuthenticationDetailsSource, setAuthenticationFailureUrl, setAuthenticationManager, setContinueChainBeforeSuccessfulAuthentication, setDefaultTargetUrl, setExceptionMappings, setFilterProcessesUrl, setInvalidateSessionOnSuccessfulAuthentication, setMessageSource, setMigrateInvalidatedSessionAttributes, setRememberMeServices, setServerSideRedirect, setSessionRegistry, setTargetUrlResolver, setUseRelativeContext, successfulAuthentication, unsuccessfulAuthentication

Methods inherited from class org.springframework.security.ui.SpringSecurityFilter

destroy, doFilter, init, toString

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

SPRING_SECURITY_FORM_USERNAME_KEY

public static final java.lang.String SPRING_SECURITY_FORM_USERNAME_KEY

See Also:

Constant Field Values

SPRING_SECURITY_FORM_PASSWORD_KEY

public static final java.lang.String SPRING_SECURITY_FORM_PASSWORD_KEY

See Also:

Constant Field Values

SPRING_SECURITY_LAST_USERNAME_KEY

public static final java.lang.String SPRING_SECURITY_LAST_USERNAME_KEY

See Also:

Constant Field Values

Constructor Detail

AuthenticationProcessingFilter

public AuthenticationProcessingFilter()

Method Detail

attemptAuthentication

public Authentication attemptAuthentication(javax.servlet.http.HttpServletRequest request)
                                     throws AuthenticationException

Description copied from class: AbstractProcessingFilter

Performs actual authentication.

Specified by:

attemptAuthentication in class AbstractProcessingFilter

Parameters:

request - from which to extract parameters and perform the authentication

Returns:

the authenticated user

Throws:

AuthenticationException - if authentication fails

getDefaultFilterProcessesUrl

public java.lang.String getDefaultFilterProcessesUrl()

This filter by default responds to /j_spring_security_check.

Specified by:

getDefaultFilterProcessesUrl in class AbstractProcessingFilter

Returns:

the default

obtainPassword

protected java.lang.String obtainPassword(javax.servlet.http.HttpServletRequest request)

Enables subclasses to override the composition of the password, such as by including additional values and a separator.

This might be used for example if a postcode/zipcode was required in addition to the password. A delimiter such as a pipe (|) should be used to separate the password and extended value(s). The AuthenticationDao will need to generate the expected password in a corresponding manner.

Parameters:

request - so that request attributes can be retrieved

Returns:

the password that will be presented in the Authentication request token to the AuthenticationManager

obtainUsername

protected java.lang.String obtainUsername(javax.servlet.http.HttpServletRequest request)

Enables subclasses to override the composition of the username, such as by including additional values and a separator.

Parameters:

request - so that request attributes can be retrieved

Returns:

the username that will be presented in the Authentication request token to the AuthenticationManager

setDetails

protected void setDetails(javax.servlet.http.HttpServletRequest request,
              UsernamePasswordAuthenticationToken authRequest)

Provided so that subclasses may configure what is put into the authentication request's details property.

Parameters:

request - that an authentication request is being created for

authRequest - the authentication request object that should have its details set

setUsernameParameter

public void setUsernameParameter(java.lang.String usernameParameter)

Sets the parameter name which will be used to obtain the username from the login request.

Parameters:

usernameParameter - the parameter name. Defaults to "j_username".

setPasswordParameter

public void setPasswordParameter(java.lang.String passwordParameter)

Sets the parameter name which will be used to obtain the password from the login request..

Parameters:

passwordParameter - the parameter name. Defaults to "j_password".

getOrder

public int getOrder()