|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object org.springframework.web.filter.GenericFilterBean org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter
public class SecurityContextHolderAwareRequestFilter
A Filter
which populates the ServletRequest
with a request wrapper
which implements the servlet API security methods.
In pre servlet 3 environment the wrapper class used is SecurityContextHolderAwareRequestWrapper
. See its javadoc for the methods that are implemented.
In a servlet 3 environment SecurityContextHolderAwareRequestWrapper
is extended to provide the following additional methods:
HttpServletRequest.authenticate(HttpServletResponse)
- Allows the user to determine if they are
authenticated and if not send the user to the login page. See
setAuthenticationEntryPoint(AuthenticationEntryPoint)
.HttpServletRequest.login(String, String)
- Allows the user to authenticate using the
AuthenticationManager
. See setAuthenticationManager(AuthenticationManager)
.HttpServletRequest.logout()
- Allows the user to logout using the LogoutHandler
s configured in
Spring Security. See setLogoutHandlers(List)
.AsyncContext.start(Runnable)
- Automatically copy the SecurityContext
from the
SecurityContextHolder
found on the Thread that invoked AsyncContext.start(Runnable)
to the Thread
that processes the Runnable
.
Field Summary |
---|
Fields inherited from class org.springframework.web.filter.GenericFilterBean |
---|
logger |
Constructor Summary | |
---|---|
SecurityContextHolderAwareRequestFilter()
|
Method Summary | |
---|---|
void |
afterPropertiesSet()
|
void |
doFilter(javax.servlet.ServletRequest req,
javax.servlet.ServletResponse res,
javax.servlet.FilterChain chain)
|
void |
setAuthenticationEntryPoint(AuthenticationEntryPoint authenticationEntryPoint)
Sets the AuthenticationEntryPoint used when integrating HttpServletRequest with Servlet 3 APIs. |
void |
setAuthenticationManager(AuthenticationManager authenticationManager)
Sets the AuthenticationManager used when integrating HttpServletRequest with Servlet 3 APIs. |
void |
setLogoutHandlers(List<LogoutHandler> logoutHandlers)
Sets the LogoutHandler s used when integrating with HttpServletRequest with Servlet 3 APIs. |
void |
setRolePrefix(String rolePrefix)
|
Methods inherited from class org.springframework.web.filter.GenericFilterBean |
---|
addRequiredProperty, destroy, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
---|
public SecurityContextHolderAwareRequestFilter()
Method Detail |
---|
public void setRolePrefix(String rolePrefix)
public void setAuthenticationEntryPoint(AuthenticationEntryPoint authenticationEntryPoint)
Sets the AuthenticationEntryPoint
used when integrating HttpServletRequest
with Servlet 3 APIs.
Specifically, it will be used when HttpServletRequest.authenticate(HttpServletResponse)
is called and the
user is not authenticated.
If the value is null (default), then the default container behavior will be be retained when invoking
HttpServletRequest.authenticate(HttpServletResponse)
.
authenticationEntryPoint
- the AuthenticationEntryPoint
to use when invoking
HttpServletRequest.authenticate(HttpServletResponse)
if the user is not authenticated.
IllegalStateException
- if the Servlet 3 APIs are not found on the classpathpublic void setAuthenticationManager(AuthenticationManager authenticationManager)
Sets the AuthenticationManager
used when integrating HttpServletRequest
with Servlet 3 APIs.
Specifically, it will be used when HttpServletRequest.login(String, String)
is invoked to determine if
the user is authenticated.
If the value is null (default), then the default container behavior will be retained when invoking
HttpServletRequest.login(String, String)
.
authenticationManager
- the AuthenticationManager
to use when invoking
HttpServletRequest.login(String, String)
IllegalStateException
- if the Servlet 3 APIs are not found on the classpathpublic void setLogoutHandlers(List<LogoutHandler> logoutHandlers)
Sets the LogoutHandler
s used when integrating with HttpServletRequest
with Servlet 3 APIs.
Specifically it will be used when HttpServletRequest.logout()
is invoked in order to log the user out. So
long as the LogoutHandler
s do not commit the HttpServletResponse
(expected), then the user is in
charge of handling the response.
If the value is null (default), the default container behavior will be retained when invoking
HttpServletRequest.logout()
.
logoutHandlers
- the List
s when invoking HttpServletRequest.logout()
.
IllegalStateException
- if the Servlet 3 APIs are not found on the classpathpublic void doFilter(javax.servlet.ServletRequest req, javax.servlet.ServletResponse res, javax.servlet.FilterChain chain) throws IOException, javax.servlet.ServletException
IOException
javax.servlet.ServletException
public void afterPropertiesSet() throws javax.servlet.ServletException
afterPropertiesSet
in interface InitializingBean
afterPropertiesSet
in class GenericFilterBean
javax.servlet.ServletException
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |