org.springframework.security.ui.basicauth
Class BasicProcessingFilter
java.lang.Object
org.springframework.security.ui.SpringSecurityFilter
org.springframework.security.ui.basicauth.BasicProcessingFilter
- All Implemented Interfaces:
- Filter, InitializingBean, Ordered
public class BasicProcessingFilter
- extends SpringSecurityFilter
- implements InitializingBean
Processes a HTTP request's BASIC authorization headers, putting the result into the
SecurityContextHolder
.
For a detailed background on what this filter is designed to process, refer to
RFC 1945, Section 11.1. Any realm name presented in
the HTTP request is ignored.
In summary, this filter is responsible for processing any request that has a HTTP request header of
Authorization
with an authentication scheme of Basic
and a Base64-encoded
username:password
token. For example, to authenticate user "Aladdin" with password "open sesame" the
following header would be presented:
Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
This filter can be used to provide BASIC authentication services to both remoting protocol clients (such as
Hessian and SOAP) as well as standard user agents (such as Internet Explorer and Netscape).
If authentication is successful, the resulting Authentication
object will be placed into the
SecurityContextHolder
.
If authentication fails and ignoreFailure
is false
(the default), an AuthenticationEntryPoint
implementation is called (unless the ignoreFailure property is set to
true). Usually this should be BasicProcessingFilterEntryPoint
, which will prompt the user to
authenticate again via BASIC authentication.
Basic authentication is an attractive protocol because it is simple and widely deployed. However, it still
transmits a password in clear text and as such is undesirable in many situations. Digest authentication is also
provided by Spring Security and should be used instead of Basic authentication wherever possible. See DigestProcessingFilter
.
Note that if a RememberMeServices
is set, this filter will automatically send back remember-me
details to the client. Therefore, subsequent requests will not need to present a BASIC authentication header as
they will be authenticated using the remember-me mechanism.
- Version:
- $Id$
- Author:
- Ben Alex
BasicProcessingFilter
public BasicProcessingFilter()
afterPropertiesSet
public void afterPropertiesSet()
throws Exception
- Specified by:
afterPropertiesSet
in interface InitializingBean
- Throws:
Exception
doFilterHttp
public void doFilterHttp(HttpServletRequest request,
HttpServletResponse response,
FilterChain chain)
throws IOException,
ServletException
- Specified by:
doFilterHttp
in class SpringSecurityFilter
- Throws:
IOException
ServletException
onSuccessfulAuthentication
protected void onSuccessfulAuthentication(HttpServletRequest request,
HttpServletResponse response,
Authentication authResult)
throws IOException
- Throws:
IOException
onUnsuccessfulAuthentication
protected void onUnsuccessfulAuthentication(HttpServletRequest request,
HttpServletResponse response,
AuthenticationException failed)
throws IOException
- Throws:
IOException
getAuthenticationEntryPoint
protected AuthenticationEntryPoint getAuthenticationEntryPoint()
setAuthenticationEntryPoint
public void setAuthenticationEntryPoint(AuthenticationEntryPoint authenticationEntryPoint)
getAuthenticationManager
protected AuthenticationManager getAuthenticationManager()
setAuthenticationManager
public void setAuthenticationManager(AuthenticationManager authenticationManager)
isIgnoreFailure
protected boolean isIgnoreFailure()
setIgnoreFailure
public void setIgnoreFailure(boolean ignoreFailure)
setAuthenticationDetailsSource
public void setAuthenticationDetailsSource(AuthenticationDetailsSource authenticationDetailsSource)
setRememberMeServices
public void setRememberMeServices(RememberMeServices rememberMeServices)
setCredentialsCharset
public void setCredentialsCharset(String credentialsCharset)
getCredentialsCharset
protected String getCredentialsCharset(HttpServletRequest httpRequest)
getOrder
public int getOrder()
- Specified by:
getOrder
in interface Ordered
Copyright © 2004-2010 SpringSource, Inc. All Rights Reserved.