org.springframework.security.oauth.provider.filter
Class ProtectedResourceProcessingFilter

java.lang.Object
  org.springframework.security.oauth.provider.filter.OAuthProviderProcessingFilter
      org.springframework.security.oauth.provider.filter.ProtectedResourceProcessingFilter

All Implemented Interfaces:

javax.servlet.Filter, org.springframework.beans.factory.Aware, org.springframework.beans.factory.InitializingBean, org.springframework.context.MessageSourceAware

public class ProtectedResourceProcessingFilter
extends OAuthProviderProcessingFilter

Processing filter for requests to protected resources. This filter attempts to load the OAuth authentication request into the security context using a presented access token. Default behavior of this filter allows the request to continue even if OAuth credentials are not presented (allowing another filter to potentially load a different authentication request into the security context). If the protected resource is available ONLY via OAuth access token, set ignoreMissingCredentials to false.

Author:

Ryan Heaton, Andrew McCall

Field Summary

Fields inherited from class org.springframework.security.oauth.provider.filter.OAuthProviderProcessingFilter

messages, OAUTH_PROCESSING_HANDLED

Constructor Summary

ProtectedResourceProcessingFilter()

Method Summary

protected boolean	allowMethod(String method) Whether to allow the specified HTTP method.
OAuthAuthenticationHandler	getAuthHandler() The authentication handler.
boolean	isAllowAllMethods() Whether to allow all methods.
protected void	onValidSignature(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, javax.servlet.FilterChain chain) Logic executed on valid signature.
protected boolean	requiresAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, javax.servlet.FilterChain filterChain) Whether this filter is configured to process the specified request.
void	setAllowAllMethods(boolean allowAllMethods) Whether to allow all methods.
void	setAuthHandler(OAuthAuthenticationHandler authHandler) The authentication handler.
void	setFilterProcessesUrl(String filterProcessesUrl) The URL for which this filter will be applied.

Methods inherited from class org.springframework.security.oauth.provider.filter.OAuthProviderProcessingFilter

afterPropertiesSet, createDetails, destroy, doFilter, fail, getAuthenticationEntryPoint, getConsumerDetailsService, getFilterProcessesUrl, getNonceServices, getProviderSupport, getSignatureMethodFactory, getTokenServices, init, isIgnoreInadequateCredentials, onNewTimestamp, parametersAreAdequate, resetPreviousAuthentication, setAllowedMethods, setAuthenticationEntryPoint, setConsumerDetailsService, setIgnoreMissingCredentials, setMessageSource, setNonceServices, setProviderSupport, setSignatureMethodFactory, setTokenServices, skipProcessing, validateAdditionalParameters, validateOAuthParams, validateSignature

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

ProtectedResourceProcessingFilter

public ProtectedResourceProcessingFilter()

Method Detail

allowMethod

protected boolean allowMethod(String method)

Description copied from class: OAuthProviderProcessingFilter

Whether to allow the specified HTTP method.

Overrides:

allowMethod in class OAuthProviderProcessingFilter

Parameters:

method - The HTTP method to check for allowing.

Returns:

Whether to allow the specified method.

onValidSignature

protected void onValidSignature(javax.servlet.http.HttpServletRequest request,
                                javax.servlet.http.HttpServletResponse response,
                                javax.servlet.FilterChain chain)
                         throws IOException,
                                javax.servlet.ServletException

Description copied from class: OAuthProviderProcessingFilter

Logic executed on valid signature. The security context can be assumed to hold a verified, authenticated ConsumerAuthentication.

Default implementation continues the chain.

Specified by:

onValidSignature in class OAuthProviderProcessingFilter

Parameters:

request - The request.

response - The response

chain - The filter chain.

Throws:

IOException

javax.servlet.ServletException

requiresAuthentication

protected boolean requiresAuthentication(javax.servlet.http.HttpServletRequest request,
                                         javax.servlet.http.HttpServletResponse response,
                                         javax.servlet.FilterChain filterChain)

Description copied from class: OAuthProviderProcessingFilter

Whether this filter is configured to process the specified request.

Overrides:

requiresAuthentication in class OAuthProviderProcessingFilter

Parameters:

request - The request.

response - The response

filterChain - The filter chain

Returns:

Whether this filter is configured to process the specified request.

setFilterProcessesUrl

public void setFilterProcessesUrl(String filterProcessesUrl)

Description copied from class: OAuthProviderProcessingFilter

The URL for which this filter will be applied.

Overrides:

setFilterProcessesUrl in class OAuthProviderProcessingFilter

Parameters:

filterProcessesUrl - The URL for which this filter will be applied.

isAllowAllMethods

public boolean isAllowAllMethods()

Whether to allow all methods.

Returns:

Whether to allow all methods.

setAllowAllMethods

public void setAllowAllMethods(boolean allowAllMethods)

Whether to allow all methods.

Parameters:

allowAllMethods - Whether to allow all methods.

getAuthHandler

public OAuthAuthenticationHandler getAuthHandler()

The authentication handler.

Returns:

The authentication handler.

setAuthHandler

public void setAuthHandler(OAuthAuthenticationHandler authHandler)

The authentication handler.

Parameters:

authHandler - The authentication handler.