Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.springframework.security.web.context
Class AbstractSecurityWebApplicationInitializer

java.lang.Object
  extended by org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer
All Implemented Interfaces:
WebApplicationInitializer
public abstract class AbstractSecurityWebApplicationInitializer
extends Object
implements WebApplicationInitializer

Registers the DelegatingFilterProxy to use the springSecurityFilterChain before any other registered Filter. This class is typically used in addition to a subclass of AbstractContextLoaderInitializer.

By default the DelegatingFilterProxy is registered without support, but can be enabled by overriding isAsyncSecuritySupported() and getSecurityDispatcherTypes().

Additional configuration before and after the springSecurityFilterChain can be added by overriding #beforeSpringSecurityFilterChain(ServletContext) and afterSpringSecurityFilterChain(ServletContext).

Caveats

Subclasses of AbstractDispatcherServletInitializer will register their filters before any other Filter. This means that you will typically want to ensure subclasses of AbstractDispatcherServletInitializer are invoked first. This can be done by ensuring the Order or Ordered of AbstractDispatcherServletInitializer are sooner than subclasses of AbstractSecurityWebApplicationInitializer.

Constructor Summary
AbstractSecurityWebApplicationInitializer()
           
 
Method Summary
protected  void afterSpringSecurityFilterChain(javax.servlet.ServletContext servletContext)
          Invoked after the springSecurityFilterChain is added.
protected  void appendFilters(javax.servlet.ServletContext servletContext, javax.servlet.Filter... filters)
          Inserts the provided Filters after existing Filters using default generated names, getSecurityDispatcherTypes(), and isAsyncSecuritySupported().
protected  boolean enableHttpSessionEventPublisher()
          Override this if HttpSessionEventPublisher should be added as a listener.
protected  String getDispatcherWebApplicationContextSuffix()
          Return the to use the DispatcherServlet's WebApplicationContext to find the DelegatingFilterProxy or null to use the parent ApplicationContext.
protected  EnumSet<javax.servlet.DispatcherType> getSecurityDispatcherTypes()
          Get the DispatcherType for the springSecurityFilterChain.
protected  void insertFilters(javax.servlet.ServletContext servletContext, javax.servlet.Filter... filters)
          Inserts the provided Filters before existing Filters using default generated names, getSecurityDispatcherTypes(), and isAsyncSecuritySupported().
protected  boolean isAsyncSecuritySupported()
          Determine if the springSecurityFilterChain should be marked as supporting asynch.
 void onStartup(javax.servlet.ServletContext servletContext)
           
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

AbstractSecurityWebApplicationInitializer

public AbstractSecurityWebApplicationInitializer()
Method Detail

onStartup

public final void onStartup(javax.servlet.ServletContext servletContext)
                     throws javax.servlet.ServletException
Specified by:
onStartup in interface WebApplicationInitializer
Throws:
javax.servlet.ServletException

enableHttpSessionEventPublisher

protected boolean enableHttpSessionEventPublisher()
Override this if HttpSessionEventPublisher should be added as a listener. This should be true, if session management has specified a maximum number of sessions.

Returns:
true to add HttpSessionEventPublisher, else false

insertFilters

protected final void insertFilters(javax.servlet.ServletContext servletContext,
                                   javax.servlet.Filter... filters)
Inserts the provided Filters before existing Filters using default generated names, getSecurityDispatcherTypes(), and isAsyncSecuritySupported().

Parameters:
servletContext - the ServletContext to use
filters - the Filters to register

appendFilters

protected final void appendFilters(javax.servlet.ServletContext servletContext,
                                   javax.servlet.Filter... filters)
Inserts the provided Filters after existing Filters using default generated names, getSecurityDispatcherTypes(), and isAsyncSecuritySupported().

Parameters:
servletContext - the ServletContext to use
filters - the Filters to register

getDispatcherWebApplicationContextSuffix

protected String getDispatcherWebApplicationContextSuffix()
Return the to use the DispatcherServlet's WebApplicationContext to find the DelegatingFilterProxy or null to use the parent ApplicationContext.

For example, if you are using AbstractDispatcherServletInitializer or AbstractAnnotationConfigDispatcherServletInitializer and using the provided Servlet name, you can return "dispatcher" from this method to use the DispatcherServlet's WebApplicationContext.

Returns:
the of the DispatcherServlet to use its WebApplicationContext or null (default) to use the parent ApplicationContext.

afterSpringSecurityFilterChain

protected void afterSpringSecurityFilterChain(javax.servlet.ServletContext servletContext)
Invoked after the springSecurityFilterChain is added.

Parameters:
servletContext - the ServletContext

getSecurityDispatcherTypes

protected EnumSet<javax.servlet.DispatcherType> getSecurityDispatcherTypes()
Get the DispatcherType for the springSecurityFilterChain.

Returns:

isAsyncSecuritySupported

protected boolean isAsyncSecuritySupported()
Determine if the springSecurityFilterChain should be marked as supporting asynch. Default is true.

Returns:
true if springSecurityFilterChain should be marked as supporting asynch
Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD