org.springframework.security.oauth.provider.filter
Class ProtectedResourceProcessingFilter

java.lang.Object
  extended by org.springframework.security.oauth.provider.filter.OAuthProviderProcessingFilter
      extended by org.springframework.security.oauth.provider.filter.ProtectedResourceProcessingFilter
All Implemented Interfaces:
Filter, Aware, InitializingBean, MessageSourceAware

public class ProtectedResourceProcessingFilter
extends OAuthProviderProcessingFilter

Processing filter for requests to protected resources. This filter attempts to load the OAuth authentication request into the security context using a presented access token. Default behavior of this filter allows the request to continue even if OAuth credentials are not presented (allowing another filter to potentially load a different authentication request into the security context). If the protected resource is available ONLY via OAuth access token, set ignoreMissingCredentials to false.

Author:
Ryan Heaton, Andrew McCall

Field Summary
 
Fields inherited from class org.springframework.security.oauth.provider.filter.OAuthProviderProcessingFilter
messages, OAUTH_PROCESSING_HANDLED
 
Constructor Summary
ProtectedResourceProcessingFilter()
           
 
Method Summary
protected  boolean allowMethod(String method)
          Whether to allow the specified HTTP method.
 OAuthAuthenticationHandler getAuthHandler()
          The authentication handler.
 boolean isAllowAllMethods()
          Whether to allow all methods.
protected  void onValidSignature(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
          Logic executed on valid signature.
protected  boolean requiresAuthentication(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
          Whether this filter is configured to process the specified request.
 void setAllowAllMethods(boolean allowAllMethods)
          Whether to allow all methods.
 void setAuthHandler(OAuthAuthenticationHandler authHandler)
          The authentication handler.
 void setFilterProcessesUrl(String filterProcessesUrl)
          The URL for which this filter will be applied.
 
Methods inherited from class org.springframework.security.oauth.provider.filter.OAuthProviderProcessingFilter
afterPropertiesSet, createDetails, destroy, doFilter, fail, getAuthenticationEntryPoint, getConsumerDetailsService, getFilterProcessesUrl, getNonceServices, getProviderSupport, getSignatureMethodFactory, getTokenServices, init, isIgnoreInadequateCredentials, onNewTimestamp, parametersAreAdequate, resetPreviousAuthentication, setAllowedMethods, setAuthenticationEntryPoint, setConsumerDetailsService, setIgnoreMissingCredentials, setMessageSource, setNonceServices, setProviderSupport, setSignatureMethodFactory, setTokenServices, skipProcessing, validateAdditionalParameters, validateOAuthParams, validateSignature
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

ProtectedResourceProcessingFilter

public ProtectedResourceProcessingFilter()
Method Detail

allowMethod

protected boolean allowMethod(String method)
Description copied from class: OAuthProviderProcessingFilter
Whether to allow the specified HTTP method.

Overrides:
allowMethod in class OAuthProviderProcessingFilter
Parameters:
method - The HTTP method to check for allowing.
Returns:
Whether to allow the specified method.

onValidSignature

protected void onValidSignature(HttpServletRequest request,
                                HttpServletResponse response,
                                FilterChain chain)
                         throws IOException,
                                ServletException
Description copied from class: OAuthProviderProcessingFilter
Logic executed on valid signature. The security context can be assumed to hold a verified, authenticated ConsumerAuthentication.

Default implementation continues the chain.

Specified by:
onValidSignature in class OAuthProviderProcessingFilter
Parameters:
request - The request.
response - The response
chain - The filter chain.
Throws:
IOException
ServletException

requiresAuthentication

protected boolean requiresAuthentication(HttpServletRequest request,
                                         HttpServletResponse response,
                                         FilterChain filterChain)
Description copied from class: OAuthProviderProcessingFilter
Whether this filter is configured to process the specified request.

Overrides:
requiresAuthentication in class OAuthProviderProcessingFilter
Parameters:
request - The request.
response - The response
filterChain - The filter chain
Returns:
Whether this filter is configured to process the specified request.

setFilterProcessesUrl

public void setFilterProcessesUrl(String filterProcessesUrl)
Description copied from class: OAuthProviderProcessingFilter
The URL for which this filter will be applied.

Overrides:
setFilterProcessesUrl in class OAuthProviderProcessingFilter
Parameters:
filterProcessesUrl - The URL for which this filter will be applied.

isAllowAllMethods

public boolean isAllowAllMethods()
Whether to allow all methods.

Returns:
Whether to allow all methods.

setAllowAllMethods

public void setAllowAllMethods(boolean allowAllMethods)
Whether to allow all methods.

Parameters:
allowAllMethods - Whether to allow all methods.

getAuthHandler

public OAuthAuthenticationHandler getAuthHandler()
The authentication handler.

Returns:
The authentication handler.

setAuthHandler

public void setAuthHandler(OAuthAuthenticationHandler authHandler)
The authentication handler.

Parameters:
authHandler - The authentication handler.


Copyright © 2012. All Rights Reserved.