public class LoginUrlAuthenticationEntryPoint extends Object implements AuthenticationEntryPoint, InitializingBean
ExceptionTranslationFilter
to commence a form login
authentication via the UsernamePasswordAuthenticationFilter
.
Holds the location of the login form in the loginFormUrl
property, and
uses that to build a redirect URL to the login page. Alternatively, an absolute URL
can be set in this property and that will be used exclusively.
When using a relative URL, you can set the forceHttps
property to true,
to force the protocol used for the login form to be HTTPS
,
even if the original intercepted request for a resource used the
HTTP
protocol. When this happens, after a successful login
(via HTTPS), the original resource will still be accessed as HTTP, via the
original request URL. For the forced HTTPS feature to work, the PortMapper
is consulted to determine the HTTP:HTTPS pairs. The value of
forceHttps
will have no effect if an absolute URL is used.
Constructor and Description |
---|
LoginUrlAuthenticationEntryPoint()
Deprecated.
Use constructor injection
|
LoginUrlAuthenticationEntryPoint(String loginFormUrl) |
Modifier and Type | Method and Description |
---|---|
void |
afterPropertiesSet() |
protected String |
buildHttpsRedirectUrlForRequest(javax.servlet.http.HttpServletRequest request)
Builds a URL to redirect the supplied request to HTTPS.
|
protected String |
buildRedirectUrlToLoginPage(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
AuthenticationException authException) |
void |
commence(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
AuthenticationException authException)
Performs the redirect (or forward) to the login form URL.
|
protected String |
determineUrlToUseForThisRequest(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
AuthenticationException exception)
Allows subclasses to modify the login form URL that should be applicable for a given request.
|
String |
getLoginFormUrl() |
protected PortMapper |
getPortMapper() |
protected PortResolver |
getPortResolver() |
protected boolean |
isForceHttps() |
protected boolean |
isUseForward() |
void |
setForceHttps(boolean forceHttps)
Set to true to force login form access to be via https.
|
void |
setLoginFormUrl(String loginFormUrl)
Deprecated.
use constructor injection
|
void |
setPortMapper(PortMapper portMapper) |
void |
setPortResolver(PortResolver portResolver) |
void |
setUseForward(boolean useForward)
Tells if we are to do a forward to the
loginFormUrl using the RequestDispatcher ,
instead of a 302 redirect. |
@Deprecated public LoginUrlAuthenticationEntryPoint()
public LoginUrlAuthenticationEntryPoint(String loginFormUrl)
loginFormUrl
- URL where the login page can be found. Should either be relative to the web-app context path
(include a leading /
) or an absolute URL.public void afterPropertiesSet() throws Exception
afterPropertiesSet
in interface InitializingBean
Exception
protected String determineUrlToUseForThisRequest(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, AuthenticationException exception)
request
- the requestresponse
- the responseexception
- the exceptiongetLoginFormUrl()
)public void commence(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, AuthenticationException authException) throws IOException, javax.servlet.ServletException
commence
in interface AuthenticationEntryPoint
request
- that resulted in an AuthenticationException
response
- so that the user agent can begin authenticationauthException
- that caused the invocationIOException
javax.servlet.ServletException
protected String buildRedirectUrlToLoginPage(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, AuthenticationException authException)
protected String buildHttpsRedirectUrlForRequest(javax.servlet.http.HttpServletRequest request) throws IOException, javax.servlet.ServletException
IOException
javax.servlet.ServletException
public void setForceHttps(boolean forceHttps)
https
, then the client will first be redirected to an https URL, even if serverSideRedirect
is set to true.protected boolean isForceHttps()
@Deprecated public void setLoginFormUrl(String loginFormUrl)
UsernamePasswordAuthenticationFilter
login
page can be found. Should either be relative to the web-app context path
(include a leading /
) or an absolute URL.public String getLoginFormUrl()
public void setPortMapper(PortMapper portMapper)
protected PortMapper getPortMapper()
public void setPortResolver(PortResolver portResolver)
protected PortResolver getPortResolver()
public void setUseForward(boolean useForward)
loginFormUrl
using the RequestDispatcher
,
instead of a 302 redirect.useForward
- true if a forward to the login page should be used. Must be false (the default) if
loginFormUrl
is set to an absolute value.protected boolean isUseForward()