org.springframework.flex.security3
Class FlexAuthenticationEntryPoint
java.lang.Object
org.springframework.security.web.authentication.Http403ForbiddenEntryPoint
org.springframework.flex.security3.FlexAuthenticationEntryPoint
- All Implemented Interfaces:
- AuthenticationEntryPoint
public class FlexAuthenticationEntryPoint
- extends Http403ForbiddenEntryPoint
An AuthenticationEntryPoint
implementation to be used in conjunction with an authentication
process that is completely driven by a Flex client, i.e. by presenting a Flex-based login UI and using
the client-side ChannelSet API to commence authentication.
Mostly this class exists to satisfy the requirements of Spring Security, where it requires an
AuthenticationEntryPoint
to be provided to the ExceptionTranslationFilter
. Only in
relatively exceptional cases (such as using the intercept-url
tag to secure BlazeDS URLs, which is
not recommended in preference for using Spring BlazeDS's secured-endpoint-path
and
secured-channel
tags when using Remoting and Messaging destinations) should this implementation's
commence(HttpServletRequest, HttpServletResponse, AuthenticationException)
method ever actually
be invoked, as in the majority case security exceptions will never propagate out to the
ExceptionTranslationFilter
, instead being converted to a MessageException
by the
provided ExceptionTranslator
s. One such exceptional case might be when using RESTful Spring MVC
endpoints to read and write AMF instead of the traditional RPC approach.
When this class is used in conjunction with the XML config namespace for Flex, it will be automatically
detected and its exceptionTranslators
will be configured automatically if they have not already been
set explicitly as part of bean configuration.
- Author:
- Jeremy Grelle
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
FlexAuthenticationEntryPoint
public FlexAuthenticationEntryPoint()
commence
public void commence(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
AuthenticationException authException)
throws IOException,
javax.servlet.ServletException
- If the incoming message is an
ActionMessage
, indicating a standard Flex Remoting or Messaging
request, invokes Spring BlazeDS's ExceptionTranslator
s with the AuthenticationException
and
sends the resulting MessageException
as an AMF response to the client.
If the request is unabled to be deserialized to AMF, if the resulting deserialized object is not an
ActionMessage
, or if no appropriate ExceptionTranslator
is found, will simply
delegate to the parent class to return a 403 response.
- Specified by:
commence
in interface AuthenticationEntryPoint
- Overrides:
commence
in class Http403ForbiddenEntryPoint
- Throws:
IOException
javax.servlet.ServletException
getExceptionTranslators
public Set<ExceptionTranslator> getExceptionTranslators()
setExceptionTranslators
public void setExceptionTranslators(Set<ExceptionTranslator> exceptionTranslators)
Copyright © 2011. All Rights Reserved.