SecurityContextHolderAwareRequestFilter (Spring Security 3.2.0.RC1 API)

Overview

Package

Class

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.springframework.security.web.servletapi
Class SecurityContextHolderAwareRequestFilter

java.lang.Object
  org.springframework.web.filter.GenericFilterBean
      org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter

All Implemented Interfaces:: javax.servlet.Filter, Aware, BeanNameAware, DisposableBean, InitializingBean, EnvironmentAware, ServletContextAware

public class SecurityContextHolderAwareRequestFilter
extends GenericFilterBean
extends GenericFilterBean

A Filter which populates the ServletRequest with a request wrapper which implements the servlet API security methods.

In pre servlet 3 environment the wrapper class used is SecurityContextHolderAwareRequestWrapper. See its javadoc for the methods that are implemented.

In a servlet 3 environment SecurityContextHolderAwareRequestWrapper is extended to provide the following additional methods:

HttpServletRequest.authenticate(HttpServletResponse) - Allows the user to determine if they are authenticated and if not send the user to the login page. See setAuthenticationEntryPoint(AuthenticationEntryPoint).
HttpServletRequest.login(String, String) - Allows the user to authenticate using the AuthenticationManager. See setAuthenticationManager(AuthenticationManager).
HttpServletRequest.logout() - Allows the user to logout using the LogoutHandlers configured in Spring Security. See setLogoutHandlers(List).
AsyncContext.start(Runnable) - Automatically copy the SecurityContext from the SecurityContextHolder found on the Thread that invoked AsyncContext.start(Runnable) to the Thread that processes the Runnable.

Field Summary

Fields inherited from class org.springframework.web.filter.GenericFilterBean
`logger`

Constructor Summary
`SecurityContextHolderAwareRequestFilter()`

Method Summary
`void`	`afterPropertiesSet()`
`void`	`doFilter(javax.servlet.ServletRequest req, javax.servlet.ServletResponse res, javax.servlet.FilterChain chain)`
`void`	`setAuthenticationEntryPoint(AuthenticationEntryPoint authenticationEntryPoint)` Sets the `AuthenticationEntryPoint` used when integrating `HttpServletRequest` with Servlet 3 APIs.
`void`	`setAuthenticationManager(AuthenticationManager authenticationManager)` Sets the `AuthenticationManager` used when integrating `HttpServletRequest` with Servlet 3 APIs.
`void`	`setLogoutHandlers(List<LogoutHandler> logoutHandlers)` Sets the `LogoutHandler`s used when integrating with `HttpServletRequest` with Servlet 3 APIs.
`void`	`setRolePrefix(String rolePrefix)`

Methods inherited from class org.springframework.web.filter.GenericFilterBean
`addRequiredProperty, destroy, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext`

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Constructor Detail

SecurityContextHolderAwareRequestFilter

public SecurityContextHolderAwareRequestFilter()

Method Detail

setRolePrefix

public void setRolePrefix(String rolePrefix)

setAuthenticationEntryPoint

public void setAuthenticationEntryPoint(AuthenticationEntryPoint authenticationEntryPoint)

Sets the AuthenticationEntryPoint used when integrating HttpServletRequest with Servlet 3 APIs. Specifically, it will be used when HttpServletRequest.authenticate(HttpServletResponse) is called and the user is not authenticated.

If the value is null (default), then the default container behavior will be be retained when invoking HttpServletRequest.authenticate(HttpServletResponse).

Parameters:: authenticationEntryPoint - the AuthenticationEntryPoint to use when invoking HttpServletRequest.authenticate(HttpServletResponse) if the user is not authenticated.
Throws:: IllegalStateException - if the Servlet 3 APIs are not found on the classpath

setAuthenticationManager

public void setAuthenticationManager(AuthenticationManager authenticationManager)

Sets the AuthenticationManager used when integrating HttpServletRequest with Servlet 3 APIs. Specifically, it will be used when HttpServletRequest.login(String, String) is invoked to determine if the user is authenticated.

If the value is null (default), then the default container behavior will be retained when invoking HttpServletRequest.login(String, String).

Parameters:: authenticationManager - the AuthenticationManager to use when invoking HttpServletRequest.login(String, String)
Throws:: IllegalStateException - if the Servlet 3 APIs are not found on the classpath

setLogoutHandlers

public void setLogoutHandlers(List<LogoutHandler> logoutHandlers)

Sets the LogoutHandlers used when integrating with HttpServletRequest with Servlet 3 APIs. Specifically it will be used when HttpServletRequest.logout() is invoked in order to log the user out. So long as the LogoutHandlers do not commit the HttpServletResponse (expected), then the user is in charge of handling the response.

If the value is null (default), the default container behavior will be retained when invoking HttpServletRequest.logout().

Parameters:: logoutHandlers - the Lists when invoking HttpServletRequest.logout().
Throws:: IllegalStateException - if the Servlet 3 APIs are not found on the classpath

doFilter

public void doFilter(javax.servlet.ServletRequest req,
                     javax.servlet.ServletResponse res,
                     javax.servlet.FilterChain chain)
              throws IOException,
                     javax.servlet.ServletException

Throws:: IOException; javax.servlet.ServletException

afterPropertiesSet

public void afterPropertiesSet()
                        throws javax.servlet.ServletException

Specified by:: afterPropertiesSet in interface InitializingBean
Overrides:: afterPropertiesSet in class GenericFilterBean

Throws:: javax.servlet.ServletException