org.springframework.flex.security3
Class FlexAuthenticationEntryPoint

java.lang.Object
  org.springframework.security.web.authentication.Http403ForbiddenEntryPoint
      org.springframework.flex.security3.FlexAuthenticationEntryPoint

All Implemented Interfaces:

AuthenticationEntryPoint

public class FlexAuthenticationEntryPoint
extends Http403ForbiddenEntryPoint

An AuthenticationEntryPoint implementation to be used in conjunction with an authentication process that is completely driven by a Flex client, i.e. by presenting a Flex-based login UI and using the client-side ChannelSet API to commence authentication.

Mostly this class exists to satisfy the requirements of Spring Security, where it requires an AuthenticationEntryPoint to be provided to the ExceptionTranslationFilter. Only in relatively exceptional cases (such as using the intercept-url tag to secure BlazeDS URLs, which is not recommended in preference for using Spring BlazeDS's secured-endpoint-path and secured-channel tags when using Remoting and Messaging destinations) should this implementation's commence(HttpServletRequest, HttpServletResponse, AuthenticationException) method ever actually be invoked, as in the majority case security exceptions will never propagate out to the ExceptionTranslationFilter, instead being converted to a MessageException by the provided ExceptionTranslators. One such exceptional case might be when using RESTful Spring MVC endpoints to read and write AMF instead of the traditional RPC approach.

When this class is used in conjunction with the XML config namespace for Flex, it will be automatically detected and its exceptionTranslators will be configured automatically if they have not already been set explicitly as part of bean configuration.

Author:

Jeremy Grelle

Constructor Summary

FlexAuthenticationEntryPoint()

Method Summary

void	commence(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, AuthenticationException authException) If the incoming message is an ActionMessage, indicating a standard Flex Remoting or Messaging request, invokes Spring BlazeDS's ExceptionTranslators with the AuthenticationException and sends the resulting MessageException as an AMF response to the client.
Set<ExceptionTranslator>	getExceptionTranslators()
void	setExceptionTranslators(Set<ExceptionTranslator> exceptionTranslators)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

FlexAuthenticationEntryPoint

public FlexAuthenticationEntryPoint()

Method Detail

commence

public void commence(javax.servlet.http.HttpServletRequest request,
                     javax.servlet.http.HttpServletResponse response,
                     AuthenticationException authException)
              throws IOException,
                     javax.servlet.ServletException

If the incoming message is an ActionMessage, indicating a standard Flex Remoting or Messaging request, invokes Spring BlazeDS's ExceptionTranslators with the AuthenticationException and sends the resulting MessageException as an AMF response to the client.

If the request is unabled to be deserialized to AMF, if the resulting deserialized object is not an ActionMessage, or if no appropriate ExceptionTranslator is found, will simply delegate to the parent class to return a 403 response.

Specified by:

commence in interface AuthenticationEntryPoint

Overrides:

commence in class Http403ForbiddenEntryPoint

Throws:

IOException

javax.servlet.ServletException

getExceptionTranslators

public Set<ExceptionTranslator> getExceptionTranslators()

setExceptionTranslators

public void setExceptionTranslators(Set<ExceptionTranslator> exceptionTranslators)