LoginUrlAuthenticationEntryPoint (Spring Security 3.0.0.RELEASE API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.springframework.security.web.authentication
Class LoginUrlAuthenticationEntryPoint

java.lang.Object
  org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint

All Implemented Interfaces:: InitializingBean, AuthenticationEntryPoint

Direct Known Subclasses:: AuthenticationProcessingFilterEntryPoint

public class LoginUrlAuthenticationEntryPoint
extends Object
implements AuthenticationEntryPoint, InitializingBean
extends Object
implements AuthenticationEntryPoint, InitializingBean

Used by the ExceptionTranslationFilter to commence a form login authentication via the UsernamePasswordAuthenticationFilter. This object holds the location of the login form, relative to the web app context path, and is used to commence a redirect to that form.

By setting the forceHttps property to true, you may configure the class to force the protocol used for the login form to be HTTPS, even if the original intercepted request for a resource used the HTTP protocol. When this happens, after a successful login (via HTTPS), the original resource will still be accessed as HTTP, via the original request URL. For the forced HTTPS feature to work, the PortMapper is consulted to determine the HTTP:HTTPS pairs.

Since:: 3.0
Version:: $Id: LoginUrlAuthenticationEntryPoint.java 3924 2009-10-05 17:33:34Z ltaylor $
Author:: Ben Alex, colin sampaleanu, Omri Spector, Luke Taylor

Constructor Summary
`LoginUrlAuthenticationEntryPoint()`

Method Summary
`void`	`afterPropertiesSet()`
`protected String`	`buildHttpsRedirectUrlForRequest(HttpServletRequest request)` Builds a URL to redirect the supplied request to HTTPS.
`protected String`	`buildRedirectUrlToLoginPage(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException)`
`void`	`commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException)` Performs the redirect (or forward) to the login form URL.
`protected String`	`determineUrlToUseForThisRequest(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception)` Allows subclasses to modify the login form URL that should be applicable for a given request.
`String`	`getLoginFormUrl()`
`protected PortMapper`	`getPortMapper()`
`protected PortResolver`	`getPortResolver()`
`protected boolean`	`isForceHttps()`
`protected boolean`	`isUseForward()`
`void`	`setForceHttps(boolean forceHttps)` Set to true to force login form access to be via https.
`void`	`setLoginFormUrl(String loginFormUrl)` The URL where the `UsernamePasswordAuthenticationFilter` login page can be found.
`void`	`setPortMapper(PortMapper portMapper)`
`void`	`setPortResolver(PortResolver portResolver)`
`void`	`setUseForward(boolean useForward)` Tells if we are to do a forward to the `loginFormUrl` using the `RequestDispatcher`, instead of a 302 redirect.

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Constructor Detail

LoginUrlAuthenticationEntryPoint

public LoginUrlAuthenticationEntryPoint()

Method Detail

afterPropertiesSet

public void afterPropertiesSet()
                        throws Exception

Specified by:: afterPropertiesSet in interface InitializingBean

Throws:: Exception

determineUrlToUseForThisRequest

protected String determineUrlToUseForThisRequest(HttpServletRequest request,
                                                 HttpServletResponse response,
                                                 AuthenticationException exception)

Allows subclasses to modify the login form URL that should be applicable for a given request.

Parameters:: request - the request; response - the response; exception - the exception
Returns:: the URL (cannot be null or empty; defaults to getLoginFormUrl())

commence

public void commence(HttpServletRequest request,
                     HttpServletResponse response,
                     AuthenticationException authException)
              throws IOException,
                     ServletException

Performs the redirect (or forward) to the login form URL.

Specified by:: commence in interface AuthenticationEntryPoint

Parameters:: request - that resulted in an AuthenticationException; response - so that the user agent can begin authentication; authException - that caused the invocation
Throws:: IOException; ServletException

buildRedirectUrlToLoginPage

protected String buildRedirectUrlToLoginPage(HttpServletRequest request,
                                             HttpServletResponse response,
                                             AuthenticationException authException)

buildHttpsRedirectUrlForRequest

protected String buildHttpsRedirectUrlForRequest(HttpServletRequest request)
                                          throws IOException,
                                                 ServletException

Builds a URL to redirect the supplied request to HTTPS. Used to redirect the current request to HTTPS, before doing a forward to the login page.

Throws:: IOException; ServletException

setForceHttps

public void setForceHttps(boolean forceHttps)

Set to true to force login form access to be via https. If this value is true (the default is false), and the incoming request for the protected resource which triggered the interceptor was not already https, then the client will first be redirected to an https URL, even if serverSideRedirect is set to true.

isForceHttps

protected boolean isForceHttps()

setLoginFormUrl

public void setLoginFormUrl(String loginFormUrl)

The URL where the UsernamePasswordAuthenticationFilter login page can be found. Should be relative to the web-app context path, and include a leading /

getLoginFormUrl

public String getLoginFormUrl()

setPortMapper

public void setPortMapper(PortMapper portMapper)

getPortMapper

protected PortMapper getPortMapper()

setPortResolver

public void setPortResolver(PortResolver portResolver)

getPortResolver

protected PortResolver getPortResolver()

setUseForward

public void setUseForward(boolean useForward)

Tells if we are to do a forward to the loginFormUrl using the RequestDispatcher, instead of a 302 redirect.

Parameters:: useForward -

isUseForward

protected boolean isUseForward()