|
Spring Security Framework | |||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object org.springframework.security.ui.digestauth.DigestProcessingFilter
public class DigestProcessingFilter
Processes a HTTP request's Digest authorization headers, putting the result into the
SecurityContextHolder
.
For a detailed background on what this filter is designed to process, refer to RFC 2617 (which superseded RFC 2069, although this filter support clients that implement either RFC 2617 or RFC 2069).
This filter can be used to provide Digest authentication services to both remoting protocol clients (such as Hessian and SOAP) as well as standard user agents (such as Internet Explorer and FireFox).
This Digest implementation has been designed to avoid needing to store session state between invocations.
All session management information is stored in the "nonce" that is sent to the client by the DigestProcessingFilterEntryPoint
.
If authentication is successful, the resulting Authentication
object will be placed into the SecurityContextHolder
.
If authentication fails, an AuthenticationEntryPoint
implementation is called. This must always be DigestProcessingFilterEntryPoint
, which will prompt the user
to authenticate again via Digest authentication.
Note there are limitations to Digest authentication, although it is a more comprehensive and secure solution than Basic authentication. Please see RFC 2617 section 4 for a full discussion on the advantages of Digest authentication over Basic authentication, including commentary on the limitations that it still imposes.
Field Summary | |
---|---|
protected MessageSourceAccessor |
messages
|
Constructor Summary | |
---|---|
DigestProcessingFilter()
|
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
protected MessageSourceAccessor messages
Constructor Detail |
---|
public DigestProcessingFilter()
Method Detail |
---|
public void afterPropertiesSet() throws Exception
afterPropertiesSet
in interface InitializingBean
Exception
public void destroy()
destroy
in interface Filter
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException
doFilter
in interface Filter
IOException
ServletException
public static String encodePasswordInA1Format(String username, String realm, String password)
public static String generateDigest(boolean passwordAlreadyEncoded, String username, String realm, String password, String httpMethod, String uri, String qop, String nonce, String nc, String cnonce) throws IllegalArgumentException
response
portion of a Digest authentication header. Both the server and user
agent should compute the response
independently. Provided as a static method to simplify the
coding of user agents.
passwordAlreadyEncoded
- true if the password argument is already encoded in the correct format. False if
it is plain text.username
- the user's login name.realm
- the name of the realm.password
- the user's password in plaintext or ready-encoded.httpMethod
- the HTTP request method (GET, POST etc.)uri
- the request URI.qop
- the qop directive, or null if not set.nonce
- the nonce supplied by the servernc
- the "nonce-count" as defined in RFC 2617.cnonce
- opaque string supplied by the client when qop is set.
IllegalArgumentException
- if the supplied qop value is unsupported.public DigestProcessingFilterEntryPoint getAuthenticationEntryPoint()
public UserCache getUserCache()
public UserDetailsService getUserDetailsService()
public void init(FilterConfig ignored) throws ServletException
init
in interface Filter
ServletException
public void setAuthenticationDetailsSource(AuthenticationDetailsSource authenticationDetailsSource)
public void setAuthenticationEntryPoint(DigestProcessingFilterEntryPoint authenticationEntryPoint)
public void setMessageSource(MessageSource messageSource)
setMessageSource
in interface MessageSourceAware
public void setPasswordAlreadyEncoded(boolean passwordAlreadyEncoded)
public void setUserCache(UserCache userCache)
public void setUserDetailsService(UserDetailsService userDetailsService)
|
Spring Security Framework | |||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |