org.springframework.web.filter.GenericFilterBean
org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter
|
|||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | ||||||||
java.lang.Object
public class RememberMeAuthenticationFilter
Detects if there is no Authentication object in the SecurityContext, and populates the context with
a remember-me authentication token if a RememberMeServices implementation so requests.
Concrete RememberMeServices implementations will have their
RememberMeServices.autoLogin(HttpServletRequest, HttpServletResponse)
method called by this filter. If this method returns a non-null Authentication object, it will be passed
to the AuthenticationManager, so that any authentication-specific behaviour can be achieved.
The resulting Authentication (if successful) will be placed into the SecurityContext.
If authentication is successful, an InteractiveAuthenticationSuccessEvent will be published
to the application context. No events will be published if authentication was unsuccessful, because this would
generally be recorded via an AuthenticationManager-specific application event.
Normally the request will be allowed to proceed regardless of whether authentication succeeds or fails. If
some control over the destination for authenticated users is required, an AuthenticationSuccessHandler
can be injected
| Field Summary |
|---|
| Fields inherited from class org.springframework.web.filter.GenericFilterBean |
|---|
logger |
| Constructor Summary | |
|---|---|
RememberMeAuthenticationFilter()
Deprecated. Use constructor injection |
|
RememberMeAuthenticationFilter(AuthenticationManager authenticationManager,
RememberMeServices rememberMeServices)
|
|
| Method Summary | |
|---|---|
void |
afterPropertiesSet()
|
void |
doFilter(javax.servlet.ServletRequest req,
javax.servlet.ServletResponse res,
javax.servlet.FilterChain chain)
|
RememberMeServices |
getRememberMeServices()
|
protected void |
onSuccessfulAuthentication(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
Authentication authResult)
Called if a remember-me token is presented and successfully authenticated by the RememberMeServices
autoLogin method and the AuthenticationManager. |
protected void |
onUnsuccessfulAuthentication(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
AuthenticationException failed)
Called if the AuthenticationManager rejects the authentication object returned from the
RememberMeServices autoLogin method. |
void |
setApplicationEventPublisher(ApplicationEventPublisher eventPublisher)
|
void |
setAuthenticationManager(AuthenticationManager authenticationManager)
Deprecated. Use constructor injection |
void |
setAuthenticationSuccessHandler(AuthenticationSuccessHandler successHandler)
Allows control over the destination a remembered user is sent to when they are successfully authenticated. |
void |
setRememberMeServices(RememberMeServices rememberMeServices)
Deprecated. Use constructor injection |
| Methods inherited from class org.springframework.web.filter.GenericFilterBean |
|---|
addRequiredProperty, destroy, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setServletContext |
| Methods inherited from class java.lang.Object |
|---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
| Constructor Detail |
|---|
@Deprecated public RememberMeAuthenticationFilter()
public RememberMeAuthenticationFilter(AuthenticationManager authenticationManager,
RememberMeServices rememberMeServices)
| Method Detail |
|---|
public void afterPropertiesSet()
afterPropertiesSet in interface InitializingBeanafterPropertiesSet in class GenericFilterBean
public void doFilter(javax.servlet.ServletRequest req,
javax.servlet.ServletResponse res,
javax.servlet.FilterChain chain)
throws IOException,
javax.servlet.ServletException
doFilter in interface javax.servlet.FilterIOException
javax.servlet.ServletException
protected void onSuccessfulAuthentication(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
Authentication authResult)
RememberMeServices
autoLogin method and the AuthenticationManager.
protected void onUnsuccessfulAuthentication(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
AuthenticationException failed)
AuthenticationManager rejects the authentication object returned from the
RememberMeServices autoLogin method. This method will not be called when no remember-me
token is present in the request and autoLogin reurns null.
public RememberMeServices getRememberMeServices()
public void setApplicationEventPublisher(ApplicationEventPublisher eventPublisher)
setApplicationEventPublisher in interface ApplicationEventPublisherAware@Deprecated public void setAuthenticationManager(AuthenticationManager authenticationManager)
@Deprecated public void setRememberMeServices(RememberMeServices rememberMeServices)
public void setAuthenticationSuccessHandler(AuthenticationSuccessHandler successHandler)
AuthenticationSuccessHandler is set, it will be invoked and the doFilter() method will return
immediately, thus allowing the application to redirect the user to a specific URL, regardless of whatthe original
request was for.
successHandler - the strategy to invoke immediately before returning from doFilter().
|
|||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | ||||||||