AuthenticationProcessingFilter (Acegi Security System for Spring 1.0.3 API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.acegisecurity.ui.webapp
Class AuthenticationProcessingFilter

java.lang.Object
  org.acegisecurity.ui.AbstractProcessingFilter
      org.acegisecurity.ui.webapp.AuthenticationProcessingFilter

All Implemented Interfaces:: Filter, InitializingBean, ApplicationEventPublisherAware, MessageSourceAware

Direct Known Subclasses:: SiteminderAuthenticationProcessingFilter

public class AuthenticationProcessingFilter
extends AbstractProcessingFilter
extends AbstractProcessingFilter

Processes an authentication form.

Login forms must present two parameters to this filter: a username and password. The parameter names to use are contained in the static fields ACEGI_SECURITY_FORM_USERNAME_KEY and ACEGI_SECURITY_FORM_PASSWORD_KEY.

Do not use this class directly. Instead configure web.xml to use the FilterToBeanProxy.

Version:: $Id: AuthenticationProcessingFilter.java 1496 2006-05-23 13:38:33Z benalex $
Author:: Ben Alex, Colin Sampaleanu

Field Summary
`static String`	`ACEGI_SECURITY_FORM_PASSWORD_KEY`
`static String`	`ACEGI_SECURITY_FORM_USERNAME_KEY`
`static String`	`ACEGI_SECURITY_LAST_USERNAME_KEY`

Fields inherited from class org.acegisecurity.ui.AbstractProcessingFilter
`ACEGI_SAVED_REQUEST_KEY, ACEGI_SECURITY_LAST_EXCEPTION_KEY, authenticationDetailsSource, eventPublisher, logger, messages`

Constructor Summary
`AuthenticationProcessingFilter()`

Method Summary
`Authentication`	`attemptAuthentication(HttpServletRequest request)` Performs actual authentication.
`String`	`getDefaultFilterProcessesUrl()` This filter by default responds to `/j_acegi_security_check`.
`void`	`init(FilterConfig filterConfig)` Does nothing.
`protected String`	`obtainPassword(HttpServletRequest request)` Enables subclasses to override the composition of the password, such as by including additional values and a separator.
`protected String`	`obtainUsername(HttpServletRequest request)` Enables subclasses to override the composition of the username, such as by including additional values and a separator.
`protected void`	`setDetails(HttpServletRequest request, UsernamePasswordAuthenticationToken authRequest)` Provided so that subclasses may configure what is put into the authentication request's details property.

Methods inherited from class org.acegisecurity.ui.AbstractProcessingFilter
afterPropertiesSet, destroy, doFilter, getAuthenticationDetailsSource, getAuthenticationFailureUrl, getAuthenticationManager, getDefaultTargetUrl, getExceptionMappings, getFilterProcessesUrl, getRememberMeServices, isAlwaysUseDefaultTargetUrl, isContinueChainBeforeSuccessfulAuthentication, obtainFullRequestUrl, onPreAuthentication, onSuccessfulAuthentication, onUnsuccessfulAuthentication, requiresAuthentication, sendRedirect, setAlwaysUseDefaultTargetUrl, setApplicationEventPublisher, setAuthenticationDetailsSource, setAuthenticationFailureUrl, setAuthenticationManager, setContinueChainBeforeSuccessfulAuthentication, setDefaultTargetUrl, setExceptionMappings, setFilterProcessesUrl, setMessageSource, setRememberMeServices, successfulAuthentication, unsuccessfulAuthentication

Methods inherited from class org.acegisecurity.ui.AbstractProcessingFilter

afterPropertiesSet, destroy, doFilter, getAuthenticationDetailsSource, getAuthenticationFailureUrl, getAuthenticationManager, getDefaultTargetUrl, getExceptionMappings, getFilterProcessesUrl, getRememberMeServices, isAlwaysUseDefaultTargetUrl, isContinueChainBeforeSuccessfulAuthentication, obtainFullRequestUrl, onPreAuthentication, onSuccessfulAuthentication, onUnsuccessfulAuthentication, requiresAuthentication, sendRedirect, setAlwaysUseDefaultTargetUrl, setApplicationEventPublisher, setAuthenticationDetailsSource, setAuthenticationFailureUrl, setAuthenticationManager, setContinueChainBeforeSuccessfulAuthentication, setDefaultTargetUrl, setExceptionMappings, setFilterProcessesUrl, setMessageSource, setRememberMeServices, successfulAuthentication, unsuccessfulAuthentication

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Field Detail

ACEGI_SECURITY_FORM_USERNAME_KEY

public static final String ACEGI_SECURITY_FORM_USERNAME_KEY

See Also:: Constant Field Values

ACEGI_SECURITY_FORM_PASSWORD_KEY

public static final String ACEGI_SECURITY_FORM_PASSWORD_KEY

See Also:: Constant Field Values

ACEGI_SECURITY_LAST_USERNAME_KEY

public static final String ACEGI_SECURITY_LAST_USERNAME_KEY

See Also:: Constant Field Values

Constructor Detail

AuthenticationProcessingFilter

public AuthenticationProcessingFilter()

Method Detail

attemptAuthentication

public Authentication attemptAuthentication(HttpServletRequest request)
                                     throws AuthenticationException

Description copied from class: AbstractProcessingFilter

Performs actual authentication.

Specified by:: attemptAuthentication in class AbstractProcessingFilter

Parameters:: request - from which to extract parameters and perform the authentication
Returns:: the authenticated user
Throws:: AuthenticationException - if authentication fails

getDefaultFilterProcessesUrl

public String getDefaultFilterProcessesUrl()

This filter by default responds to /j_acegi_security_check.

Specified by:: getDefaultFilterProcessesUrl in class AbstractProcessingFilter

Returns:: the default

init

public void init(FilterConfig filterConfig)
          throws ServletException

Description copied from class: AbstractProcessingFilter

Does nothing. We use IoC container lifecycle services instead.

Specified by:: init in interface Filter
Overrides:: init in class AbstractProcessingFilter

Parameters:: filterConfig - ignored
Throws:: ServletException - ignored

obtainPassword

protected String obtainPassword(HttpServletRequest request)

Enables subclasses to override the composition of the password, such as by including additional values and a separator.

This might be used for example if a postcode/zipcode was required in addition to the password. A delimiter such as a pipe (|) should be used to separate the password and extended value(s). The AuthenticationDao will need to generate the expected password in a corresponding manner.

Parameters:: request - so that request attributes can be retrieved
Returns:: the password that will be presented in the Authentication request token to the AuthenticationManager

obtainUsername

protected String obtainUsername(HttpServletRequest request)

Enables subclasses to override the composition of the username, such as by including additional values and a separator.

Parameters:: request - so that request attributes can be retrieved
Returns:: the username that will be presented in the Authentication request token to the AuthenticationManager

setDetails

protected void setDetails(HttpServletRequest request,
                          UsernamePasswordAuthenticationToken authRequest)

Provided so that subclasses may configure what is put into the authentication request's details property.

Parameters:: request - that an authentication request is being created for; authRequest - the authentication request object that should have its details set

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.acegisecurity.ui.webapp Class AuthenticationProcessingFilter

ACEGI_SECURITY_FORM_USERNAME_KEY

ACEGI_SECURITY_FORM_PASSWORD_KEY

ACEGI_SECURITY_LAST_USERNAME_KEY

AuthenticationProcessingFilter

attemptAuthentication

getDefaultFilterProcessesUrl

init

obtainPassword

obtainUsername

setDetails

org.acegisecurity.ui.webapp
Class AuthenticationProcessingFilter