org.springframework.security.web.access.intercept
Class FilterSecurityInterceptor

java.lang.Object
  extended by org.springframework.security.access.intercept.AbstractSecurityInterceptor
      extended by org.springframework.security.web.access.intercept.FilterSecurityInterceptor
All Implemented Interfaces:
Filter, InitializingBean, ApplicationEventPublisherAware, MessageSourceAware

public class FilterSecurityInterceptor
extends AbstractSecurityInterceptor
implements Filter

Performs security handling of HTTP resources via a filter implementation.

The SecurityMetadataSource required by this security interceptor is of type FilterInvocationSecurityMetadataSource.

Refer to AbstractSecurityInterceptor for details on the workflow.

Version:
$Id: FilterSecurityInterceptor.java 3752 2009-07-08 23:55:42Z ltaylor $
Author:
Ben Alex

Field Summary
 
Fields inherited from class org.springframework.security.access.intercept.AbstractSecurityInterceptor
logger, messages
 
Constructor Summary
FilterSecurityInterceptor()
           
 
Method Summary
 void destroy()
          Not used (we rely on IoC container lifecycle services instead)
 void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
          Method that is actually called by the filter chain.
 Class<? extends Object> getSecureObjectClass()
          Indicates the type of secure objects the subclass will be presenting to the abstract parent for processing.
 FilterInvocationSecurityMetadataSource getSecurityMetadataSource()
           
 void init(FilterConfig arg0)
          Not used (we rely on IoC container lifecycle services instead)
 void invoke(FilterInvocation fi)
           
 boolean isObserveOncePerRequest()
          Indicates whether once-per-request handling will be observed.
 SecurityMetadataSource obtainSecurityMetadataSource()
           
 void setObjectDefinitionSource(FilterInvocationSecurityMetadataSource newSource)
          Deprecated. use setSecurityMetadataSource instead
 void setObserveOncePerRequest(boolean observeOncePerRequest)
           
 void setSecurityMetadataSource(FilterInvocationSecurityMetadataSource newSource)
           
 
Methods inherited from class org.springframework.security.access.intercept.AbstractSecurityInterceptor
afterInvocation, afterPropertiesSet, beforeInvocation, getAccessDecisionManager, getAfterInvocationManager, getAuthenticationManager, getRunAsManager, isAlwaysReauthenticate, isRejectPublicInvocations, isValidateConfigAttributes, setAccessDecisionManager, setAfterInvocationManager, setAlwaysReauthenticate, setApplicationEventPublisher, setAuthenticationManager, setMessageSource, setRejectPublicInvocations, setRunAsManager, setValidateConfigAttributes
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

FilterSecurityInterceptor

public FilterSecurityInterceptor()
Method Detail

init

public void init(FilterConfig arg0)
          throws ServletException
Not used (we rely on IoC container lifecycle services instead)

Specified by:
init in interface Filter
Parameters:
arg0 - ignored
Throws:
ServletException - never thrown

destroy

public void destroy()
Not used (we rely on IoC container lifecycle services instead)

Specified by:
destroy in interface Filter

doFilter

public void doFilter(ServletRequest request,
                     ServletResponse response,
                     FilterChain chain)
              throws IOException,
                     ServletException
Method that is actually called by the filter chain. Simply delegates to the invoke(FilterInvocation) method.

Specified by:
doFilter in interface Filter
Parameters:
request - the servlet request
response - the servlet response
chain - the filter chain
Throws:
IOException - if the filter chain fails
ServletException - if the filter chain fails

getSecurityMetadataSource

public FilterInvocationSecurityMetadataSource getSecurityMetadataSource()

getSecureObjectClass

public Class<? extends Object> getSecureObjectClass()
Description copied from class: AbstractSecurityInterceptor
Indicates the type of secure objects the subclass will be presenting to the abstract parent for processing. This is used to ensure collaborators wired to the AbstractSecurityInterceptor all support the indicated secure object class.

Specified by:
getSecureObjectClass in class AbstractSecurityInterceptor
Returns:
the type of secure object the subclass provides services for

invoke

public void invoke(FilterInvocation fi)
            throws IOException,
                   ServletException
Throws:
IOException
ServletException

isObserveOncePerRequest

public boolean isObserveOncePerRequest()
Indicates whether once-per-request handling will be observed. By default this is true, meaning the FilterSecurityInterceptor will only execute once-per-request. Sometimes users may wish it to execute more than once per request, such as when JSP forwards are being used and filter security is desired on each included fragment of the HTTP request.

Returns:
true (the default) if once-per-request is honoured, otherwise false if FilterSecurityInterceptor will enforce authorizations for each and every fragment of the HTTP request.

obtainSecurityMetadataSource

public SecurityMetadataSource obtainSecurityMetadataSource()
Specified by:
obtainSecurityMetadataSource in class AbstractSecurityInterceptor

setObjectDefinitionSource

public void setObjectDefinitionSource(FilterInvocationSecurityMetadataSource newSource)
Deprecated. use setSecurityMetadataSource instead


setSecurityMetadataSource

public void setSecurityMetadataSource(FilterInvocationSecurityMetadataSource newSource)

setObserveOncePerRequest

public void setObserveOncePerRequest(boolean observeOncePerRequest)


Copyright © 2004-2009 SpringSource, Inc. All Rights Reserved.