org.springframework.security.web.authentication.rememberme
Class RememberMeAuthenticationFilter

java.lang.Object
  extended by org.springframework.web.filter.GenericFilterBean
      extended by org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter
All Implemented Interfaces:
Filter, BeanNameAware, DisposableBean, InitializingBean, ApplicationEventPublisherAware, ServletContextAware

public class RememberMeAuthenticationFilter
extends GenericFilterBean
implements ApplicationEventPublisherAware

Detects if there is no Authentication object in the SecurityContext, and populates it with a remember-me authentication token if a RememberMeServices implementation so requests.

Concrete RememberMeServices implementations will have their RememberMeServices.autoLogin(HttpServletRequest, HttpServletResponse) method called by this filter. The Authentication or null returned by that method will be placed into the SecurityContext. The AuthenticationManager will be used, so that any concurrent session management or other authentication-specific behaviour can be achieved. This is the same pattern as with other authentication mechanisms, which call the AuthenticationManager as part of their contract.

If authentication is successful, an InteractiveAuthenticationSuccessEvent will be published to the application context. No events will be published if authentication was unsuccessful, because this would generally be recorded via an AuthenticationManager-specific application event.

Version:
$Id: RememberMeAuthenticationFilter.java 3928 2009-10-07 14:43:55Z ltaylor $
Author:
Ben Alex

Field Summary
 
Fields inherited from class org.springframework.web.filter.GenericFilterBean
logger
 
Constructor Summary
RememberMeAuthenticationFilter()
           
 
Method Summary
 void afterPropertiesSet()
           
 void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
           
 RememberMeServices getRememberMeServices()
           
protected  void onSuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response, Authentication authResult)
          Called if a remember-me token is presented and successfully authenticated by the RememberMeServices autoLogin method and the AuthenticationManager.
protected  void onUnsuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response, AuthenticationException failed)
          Called if the AuthenticationManager rejects the authentication object returned from the RememberMeServices autoLogin method.
 void setApplicationEventPublisher(ApplicationEventPublisher eventPublisher)
           
 void setAuthenticationManager(AuthenticationManager authenticationManager)
           
 void setRememberMeServices(RememberMeServices rememberMeServices)
           
 
Methods inherited from class org.springframework.web.filter.GenericFilterBean
addRequiredProperty, destroy, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setServletContext
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

RememberMeAuthenticationFilter

public RememberMeAuthenticationFilter()
Method Detail

afterPropertiesSet

public void afterPropertiesSet()
Specified by:
afterPropertiesSet in interface InitializingBean
Overrides:
afterPropertiesSet in class GenericFilterBean

doFilter

public void doFilter(ServletRequest req,
                     ServletResponse res,
                     FilterChain chain)
              throws IOException,
                     ServletException
Specified by:
doFilter in interface Filter
Throws:
IOException
ServletException

onSuccessfulAuthentication

protected void onSuccessfulAuthentication(HttpServletRequest request,
                                          HttpServletResponse response,
                                          Authentication authResult)
Called if a remember-me token is presented and successfully authenticated by the RememberMeServices autoLogin method and the AuthenticationManager.


onUnsuccessfulAuthentication

protected void onUnsuccessfulAuthentication(HttpServletRequest request,
                                            HttpServletResponse response,
                                            AuthenticationException failed)
Called if the AuthenticationManager rejects the authentication object returned from the RememberMeServices autoLogin method. This method will not be called when no remember-me token is present in the request and autoLogin returns null.


getRememberMeServices

public RememberMeServices getRememberMeServices()

setApplicationEventPublisher

public void setApplicationEventPublisher(ApplicationEventPublisher eventPublisher)
Specified by:
setApplicationEventPublisher in interface ApplicationEventPublisherAware

setAuthenticationManager

public void setAuthenticationManager(AuthenticationManager authenticationManager)

setRememberMeServices

public void setRememberMeServices(RememberMeServices rememberMeServices)


Copyright © 2004-2009 SpringSource, Inc. All Rights Reserved.