| |
- __builtin__.object
-
- Filter
-
- AccessDeniedHandler
-
- SimpleAccessDeniedHandler
- AuthenticationProcessingFilter
- AuthenticationProcessingFilterEntryPoint
- ExceptionTranslationFilter
- FilterChainProxy(Filter, springpython.context.ApplicationContextAware)
- FilterSecurityInterceptor(Filter, springpython.security.intercept.AbstractSecurityInterceptor)
- HttpSessionContextIntegrationFilter
- MiddlewareFilter
- FilterChain
- RedirectStrategy
- SessionStrategy
- springpython.security.intercept.ObjectDefinitionSource(__builtin__.object)
-
- AbstractFilterInvocationDefinitionSource
-
- RegExpBasedFilterInvocationDefinitionMap
- FilterInvocation
class AuthenticationProcessingFilter(Filter) |
|
This filter utilizes the authentication manager to make sure the requesting person is authenticated.
It expects the SecurityContextHolder to be populated when it runs, so it is always good to preceed it
with the HttpSessionContextIntegrationFilter. |
|
- Method resolution order:
- AuthenticationProcessingFilter
- Filter
- __builtin__.object
Methods defined here:
- __call__(self, environ, start_response)
- Check if the user is trying to access the login url. Then see if they are already authenticated (and
alwaysReauthenticate is disabled). Finally, try to authenticate the user. If successful, stored credentials
in SecurityContextHolder. Otherwise, redirect to the login page.
- __init__(self, auth_manager=None, alwaysReauthenticate=False)
- logout(self)
Methods inherited from Filter:
- doNextFilter(self, environ, start_response)
Data descriptors inherited from Filter:
- __dict__
- dictionary for instance variables (if defined)
- __weakref__
- list of weak references to the object (if defined)
|
class ExceptionTranslationFilter(Filter) |
|
Handles any AccessDeniedException and AuthenticationException thrown within the filter chain.
This filter is necessary because it provides the bridge between Python exceptions and HTTP responses.
It is solely concerned with maintaining the user interface. This filter does not do any actual security enforcement.
If an AuthenticationException is detected, the filter will launch the authenticationEntryPoint. This allows common
handling of authentication failures originating from any subclass of AuthenticationProcessingFilter.
If an AccessDeniedException is detected, the filter will launch the accessDeniedHandler. This allows common
handling of access failures originating from any subclass of AbstractSecurityInterceptor. |
|
- Method resolution order:
- ExceptionTranslationFilter
- Filter
- __builtin__.object
Methods defined here:
- __call__(self, environ, start_response)
- __init__(self, authenticationEntryPoint=None, accessDeniedHandler=None, redirectStrategy=None)
Methods inherited from Filter:
- doNextFilter(self, environ, start_response)
Data descriptors inherited from Filter:
- __dict__
- dictionary for instance variables (if defined)
- __weakref__
- list of weak references to the object (if defined)
|
class Filter(__builtin__.object) |
|
This is the interface definition of a filter. It must process a request/response. |
|
Methods defined here:
- doNextFilter(self, environ, start_response)
Data descriptors defined here:
- __dict__
- dictionary for instance variables (if defined)
- __weakref__
- list of weak references to the object (if defined)
|
class FilterChain(__builtin__.object) |
|
Collection of WSGI filters. It allows dynamic re-chaining of filters as the situation is needed.
In order to link in 3rd party WSGI middleware, see MiddlewareFilter. |
|
Methods defined here:
- __init__(self)
- addFilter(self, filter)
- getFilterChain(self)
Data descriptors defined here:
- __dict__
- dictionary for instance variables (if defined)
- __weakref__
- list of weak references to the object (if defined)
|
class FilterChainProxy(Filter, springpython.context.ApplicationContextAware) |
|
This acts as filter, and delegates to a chain of filters. Each time a web page is called, it dynamically
assembles a FilterChain, and then iterates over it. This is different than the conventional style of
wrapping applications for WSGI, because each URL pattern might have a different chained combination
of the WSGI filters.
Because most middleware objects define the wrapped application using __init__, Spring provides
the MiddlewareFilter, to help wrap any middleware object so that it can participate in a
FilterChain. |
|
- Method resolution order:
- FilterChainProxy
- Filter
- springpython.context.ApplicationContextAware
- __builtin__.object
Methods defined here:
- __call__(self, environ, start_response)
- This will route all requests/responses through the chain of filters.
- __init__(self, filterInvocationDefinitionSource=None)
- This class must be application-context aware in case it is instantiated inside an IoC container.
Methods inherited from Filter:
- doNextFilter(self, environ, start_response)
Data descriptors inherited from Filter:
- __dict__
- dictionary for instance variables (if defined)
- __weakref__
- list of weak references to the object (if defined)
Methods inherited from springpython.context.ApplicationContextAware:
- set_app_context(self, app_context)
|
class FilterInvocation |
|
Holds objects associated with a WSGI filter, such as environ. This is the web-application equivalent to MethodInvocation. |
|
Methods defined here:
- __init__(self, environ)
- requestUrl(self)
|
class FilterSecurityInterceptor(Filter, springpython.security.intercept.AbstractSecurityInterceptor) |
|
Performs security handling of HTTP resources via a filter implementation.
The ObjectDefinitionSource required by this security interceptor is of type AbstractFilterInvocationDefinitionSource.
Refer to AbstractSecurityInterceptor for details on the workflow. |
|
- Method resolution order:
- FilterSecurityInterceptor
- Filter
- springpython.security.intercept.AbstractSecurityInterceptor
- __builtin__.object
Methods defined here:
- __call__(self, environ, start_response)
- __init__(self, auth_manager=None, access_decision_mgr=None, obj_def_source=None, sessionStrategy=None)
- __setattr__(self, name, value)
- obtain_obj_def_source(self)
Data and other attributes defined here:
- SPRINGPYTHON_FILTER_SECURITY_INTERCEPTOR_KEY = 'SPRINGPYTHON_FILTER_SECURITY_INTERCEPTOR_KEY'
Methods inherited from Filter:
- doNextFilter(self, environ, start_response)
Data descriptors inherited from Filter:
- __dict__
- dictionary for instance variables (if defined)
- __weakref__
- list of weak references to the object (if defined)
Methods inherited from springpython.security.intercept.AbstractSecurityInterceptor:
- after_invocation(self, token, results)
- As a minimum, this needs to pass the results right on through. Subclasses can extend this behavior
to utilize the token information.
- before_invocation(self, invocation)
|
class HttpSessionContextIntegrationFilter(Filter) |
|
This filter is meant to pull security context information from the HttpSession, and store it in the
SecurityContextHolder. Then on the response, copy and SecurityContext information back into the HttpSession. |
|
- Method resolution order:
- HttpSessionContextIntegrationFilter
- Filter
- __builtin__.object
Methods defined here:
- __call__(self, environ, start_response)
- This filter copies SecurityContext information back and forth between the HttpSession and the SecurityContextHolder.
- __init__(self, sessionStrategy=None)
- generateNewContext(self)
- This is a factory method that instantiates the assigned class, and populates it with an empty token.
- saveContext(self)
- setContext(self, clazz)
- This is a factory setter. The context parameter is used to create new security context objects.
Data and other attributes defined here:
- SPRINGPYTHON_SECURITY_CONTEXT_KEY = 'SPRINGPYTHON_SECURITY_CONTEXT_KEY'
- context = <class 'springpython.security.context.SecurityContext'>
Methods inherited from Filter:
- doNextFilter(self, environ, start_response)
Data descriptors inherited from Filter:
- __dict__
- dictionary for instance variables (if defined)
- __weakref__
- list of weak references to the object (if defined)
|
class MiddlewareFilter(Filter) |
|
This filter allows you to wrap any WSGI-compatible middleware and use it as a Spring Python filter.
This is primary because lots of middleware objects requires the wrapped WSGI app to be included
in the __init__ method. Spring's IoC container currently doesn't support constructor arguments. |
|
- Method resolution order:
- MiddlewareFilter
- Filter
- __builtin__.object
Methods defined here:
- __call__(self, environ, start_response)
- __init__(self, clazz=None, appAttribute=None)
- __setattr__(self, name, value)
Methods inherited from Filter:
- doNextFilter(self, environ, start_response)
Data descriptors inherited from Filter:
- __dict__
- dictionary for instance variables (if defined)
- __weakref__
- list of weak references to the object (if defined)
|
class RedirectStrategy(__builtin__.object) |
|
This class provides a mechanism to redirect users to another page. Currently, it returns a
standard forwarding message to the browser. This may not be the most efficient, but it guarantees
the entire WSGI stack is processed on both request and response. |
|
Methods defined here:
- redirect(self, url)
- This is a 0-second redirect.
Data descriptors defined here:
- __dict__
- dictionary for instance variables (if defined)
- __weakref__
- list of weak references to the object (if defined)
|
class SessionStrategy(__builtin__.object) |
|
This is an interface definition in defining access to session data. There may be many
ways to implement session data. This makes the mechanism pluggable. |
|
Methods defined here:
- getHttpSession(self, environ)
- setHttpSession(self, key, value)
Data descriptors defined here:
- __dict__
- dictionary for instance variables (if defined)
- __weakref__
- list of weak references to the object (if defined)
|
|