org.springframework.security.ui.rememberme
Class RememberMeProcessingFilter
java.lang.Object
org.springframework.security.ui.SpringSecurityFilter
org.springframework.security.ui.rememberme.RememberMeProcessingFilter
- All Implemented Interfaces:
- Filter, InitializingBean, ApplicationEventPublisherAware, Ordered
public class RememberMeProcessingFilter
- extends SpringSecurityFilter
- implements InitializingBean, ApplicationEventPublisherAware
Detects if there is no Authentication
object in the SecurityContext
, and populates it
with a remember-me authentication token if a RememberMeServices
implementation so requests.
Concrete RememberMeServices
implementations will have their RememberMeServices.autoLogin(HttpServletRequest, HttpServletResponse)
method
called by this filter. The Authentication
or null
returned by that method will be placed
into the SecurityContext
. The AuthenticationManager
will be used, so that any concurrent
session management or other authentication-specific behaviour can be achieved. This is the same pattern as with
other authentication mechanisms, which call the AuthenticationManager
as part of their contract.
If authentication is successful, an InteractiveAuthenticationSuccessEvent
will be published to the application
context. No events will be published if authentication was unsuccessful, because this would generally be recorded
via an AuthenticationManager
-specific application event.
- Version:
- $Id$
- Author:
- Ben Alex
RememberMeProcessingFilter
public RememberMeProcessingFilter()
afterPropertiesSet
public void afterPropertiesSet()
throws Exception
- Specified by:
afterPropertiesSet
in interface InitializingBean
- Throws:
Exception
doFilterHttp
public void doFilterHttp(HttpServletRequest request,
HttpServletResponse response,
FilterChain chain)
throws IOException,
ServletException
- Specified by:
doFilterHttp
in class SpringSecurityFilter
- Throws:
IOException
ServletException
onSuccessfulAuthentication
protected void onSuccessfulAuthentication(HttpServletRequest request,
HttpServletResponse response,
Authentication authResult)
- Called if a remember-me token is presented and successfully authenticated by the RememberMeServices
autoLogin method and the AuthenticationManager.
onUnsuccessfulAuthentication
protected void onUnsuccessfulAuthentication(HttpServletRequest request,
HttpServletResponse response,
AuthenticationException failed)
- Called if the AuthenticationManager rejects the authentication object returned from the
RememberMeServices autoLogin method. This method will not be called when no remember-me
token is present in the request and autoLogin returns null.
getRememberMeServices
public RememberMeServices getRememberMeServices()
setApplicationEventPublisher
public void setApplicationEventPublisher(ApplicationEventPublisher eventPublisher)
- Specified by:
setApplicationEventPublisher
in interface ApplicationEventPublisherAware
setAuthenticationManager
public void setAuthenticationManager(AuthenticationManager authenticationManager)
setRememberMeServices
public void setRememberMeServices(RememberMeServices rememberMeServices)
getOrder
public int getOrder()
- Specified by:
getOrder
in interface Ordered
Copyright © 2004-2010 SpringSource, Inc. All Rights Reserved.