Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
Spring Security Framework
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.springframework.security.ui.rememberme
Class RememberMeProcessingFilter

java.lang.Object
  extended by org.springframework.security.ui.SpringSecurityFilter
      extended by org.springframework.security.ui.rememberme.RememberMeProcessingFilter
All Implemented Interfaces:
Filter, InitializingBean, ApplicationEventPublisherAware, Ordered
public class RememberMeProcessingFilter
extends SpringSecurityFilter
implements InitializingBean, ApplicationEventPublisherAware

Detects if there is no Authentication object in the SecurityContext, and populates it with a remember-me authentication token if a RememberMeServices implementation so requests.

Concrete RememberMeServices implementations will have their RememberMeServices.autoLogin(HttpServletRequest, HttpServletResponse) method called by this filter. The Authentication or null returned by that method will be placed into the SecurityContext. The AuthenticationManager will be used, so that any concurrent session management or other authentication-specific behaviour can be achieved. This is the same pattern as with other authentication mechanisms, which call the AuthenticationManager as part of their contract.

If authentication is successful, an InteractiveAuthenticationSuccessEvent will be published to the application context. No events will be published if authentication was unsuccessful, because this would generally be recorded via an AuthenticationManager-specific application event.

Version:
$Id$
Author:
Ben Alex

Field Summary
 
Fields inherited from class org.springframework.security.ui.SpringSecurityFilter
logger
 
Fields inherited from interface org.springframework.core.Ordered
HIGHEST_PRECEDENCE, LOWEST_PRECEDENCE
 
Constructor Summary
RememberMeProcessingFilter()
           
 
Method Summary
 void afterPropertiesSet()
           
 void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
           
 int getOrder()
           
 RememberMeServices getRememberMeServices()
           
protected  void onSuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response, Authentication authResult)
          Called if a remember-me token is presented and successfully authenticated by the RememberMeServices autoLogin method and the AuthenticationManager.
protected  void onUnsuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response, AuthenticationException failed)
          Called if the AuthenticationManager rejects the authentication object returned from the RememberMeServices autoLogin method.
 void setApplicationEventPublisher(ApplicationEventPublisher eventPublisher)
           
 void setAuthenticationManager(AuthenticationManager authenticationManager)
           
 void setRememberMeServices(RememberMeServices rememberMeServices)
           
 
Methods inherited from class org.springframework.security.ui.SpringSecurityFilter
destroy, doFilter, init, toString
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
 

Constructor Detail

RememberMeProcessingFilter

public RememberMeProcessingFilter()
Method Detail

afterPropertiesSet

public void afterPropertiesSet()
                        throws Exception
Specified by:
afterPropertiesSet in interface InitializingBean
Throws:
Exception

doFilterHttp

public void doFilterHttp(HttpServletRequest request,
                         HttpServletResponse response,
                         FilterChain chain)
                  throws IOException,
                         ServletException
Specified by:
doFilterHttp in class SpringSecurityFilter
Throws:
IOException
ServletException

onSuccessfulAuthentication

protected void onSuccessfulAuthentication(HttpServletRequest request,
                                          HttpServletResponse response,
                                          Authentication authResult)
Called if a remember-me token is presented and successfully authenticated by the RememberMeServices autoLogin method and the AuthenticationManager.

onUnsuccessfulAuthentication

protected void onUnsuccessfulAuthentication(HttpServletRequest request,
                                            HttpServletResponse response,
                                            AuthenticationException failed)
Called if the AuthenticationManager rejects the authentication object returned from the RememberMeServices autoLogin method. This method will not be called when no remember-me token is present in the request and autoLogin returns null.

getRememberMeServices

public RememberMeServices getRememberMeServices()

setApplicationEventPublisher

public void setApplicationEventPublisher(ApplicationEventPublisher eventPublisher)
Specified by:
setApplicationEventPublisher in interface ApplicationEventPublisherAware

setAuthenticationManager

public void setAuthenticationManager(AuthenticationManager authenticationManager)

setRememberMeServices

public void setRememberMeServices(RememberMeServices rememberMeServices)

getOrder

public int getOrder()
Specified by:
getOrder in interface Ordered
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
Spring Security Framework
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2004-2010 SpringSource, Inc. All Rights Reserved.