Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
Spring Security Framework
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.springframework.security.intercept.web
Class FilterSecurityInterceptor

java.lang.Object
  extended by org.springframework.security.intercept.AbstractSecurityInterceptor
      extended by org.springframework.security.intercept.web.FilterSecurityInterceptor
All Implemented Interfaces:
Filter, InitializingBean, ApplicationEventPublisherAware, MessageSourceAware, Ordered
public class FilterSecurityInterceptor
extends AbstractSecurityInterceptor
implements Filter, Ordered

Performs security handling of HTTP resources via a filter implementation.

The ObjectDefinitionSource required by this security interceptor is of type FilterInvocationDefinitionSource.

Refer to AbstractSecurityInterceptor for details on the workflow.

Version:
$Id$
Author:
Ben Alex

Field Summary
 
Fields inherited from class org.springframework.security.intercept.AbstractSecurityInterceptor
logger, messages
 
Fields inherited from interface org.springframework.core.Ordered
HIGHEST_PRECEDENCE, LOWEST_PRECEDENCE
 
Constructor Summary
FilterSecurityInterceptor()
           
 
Method Summary
 void destroy()
          Not used (we rely on IoC container lifecycle services instead)
 void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
          Method that is actually called by the filter chain.
 FilterInvocationDefinitionSource getObjectDefinitionSource()
           
 int getOrder()
           
 Class getSecureObjectClass()
          Indicates the type of secure objects the subclass will be presenting to the abstract parent for processing.
 void init(FilterConfig arg0)
          Not used (we rely on IoC container lifecycle services instead)
 void invoke(FilterInvocation fi)
           
 boolean isObserveOncePerRequest()
          Indicates whether once-per-request handling will be observed.
 ObjectDefinitionSource obtainObjectDefinitionSource()
           
 void setObjectDefinitionSource(FilterInvocationDefinitionSource newSource)
           
 void setObserveOncePerRequest(boolean observeOncePerRequest)
           
 
Methods inherited from class org.springframework.security.intercept.AbstractSecurityInterceptor
afterInvocation, afterPropertiesSet, beforeInvocation, getAccessDecisionManager, getAfterInvocationManager, getAuthenticationManager, getRunAsManager, isAlwaysReauthenticate, isRejectPublicInvocations, isValidateConfigAttributes, setAccessDecisionManager, setAfterInvocationManager, setAlwaysReauthenticate, setApplicationEventPublisher, setAuthenticationManager, setMessageSource, setRejectPublicInvocations, setRunAsManager, setValidateConfigAttributes
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

FilterSecurityInterceptor

public FilterSecurityInterceptor()
Method Detail

init

public void init(FilterConfig arg0)
          throws ServletException
Not used (we rely on IoC container lifecycle services instead)

Specified by:
init in interface Filter
Parameters:
arg0 - ignored
Throws:
ServletException - never thrown

destroy

public void destroy()
Not used (we rely on IoC container lifecycle services instead)

Specified by:
destroy in interface Filter

doFilter

public void doFilter(ServletRequest request,
                     ServletResponse response,
                     FilterChain chain)
              throws IOException,
                     ServletException
Method that is actually called by the filter chain. Simply delegates to the invoke(FilterInvocation) method.

Specified by:
doFilter in interface Filter
Parameters:
request - the servlet request
response - the servlet response
chain - the filter chain
Throws:
IOException - if the filter chain fails
ServletException - if the filter chain fails

getObjectDefinitionSource

public FilterInvocationDefinitionSource getObjectDefinitionSource()

getSecureObjectClass

public Class getSecureObjectClass()
Description copied from class: AbstractSecurityInterceptor
Indicates the type of secure objects the subclass will be presenting to the abstract parent for processing. This is used to ensure collaborators wired to the AbstractSecurityInterceptor all support the indicated secure object class.

Specified by:
getSecureObjectClass in class AbstractSecurityInterceptor
Returns:
the type of secure object the subclass provides services for

invoke

public void invoke(FilterInvocation fi)
            throws IOException,
                   ServletException
Throws:
IOException
ServletException

isObserveOncePerRequest

public boolean isObserveOncePerRequest()
Indicates whether once-per-request handling will be observed. By default this is true, meaning the FilterSecurityInterceptor will only execute once-per-request. Sometimes users may wish it to execute more than once per request, such as when JSP forwards are being used and filter security is desired on each included fragment of the HTTP request.

Returns:
true (the default) if once-per-request is honoured, otherwise false if FilterSecurityInterceptor will enforce authorizations for each and every fragment of the HTTP request.

obtainObjectDefinitionSource

public ObjectDefinitionSource obtainObjectDefinitionSource()
Specified by:
obtainObjectDefinitionSource in class AbstractSecurityInterceptor

setObjectDefinitionSource

public void setObjectDefinitionSource(FilterInvocationDefinitionSource newSource)

setObserveOncePerRequest

public void setObserveOncePerRequest(boolean observeOncePerRequest)

getOrder

public int getOrder()
Specified by:
getOrder in interface Ordered
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
Spring Security Framework
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2004-2010 SpringSource, Inc. All Rights Reserved.