public class DigestAuthenticationFilter
extends org.springframework.web.filter.GenericFilterBean
implements org.springframework.context.MessageSourceAware
SecurityContextHolder
.
For a detailed background on what this filter is designed to process, refer to RFC 2617 (which superseded RFC 2069, although this filter support clients that implement either RFC 2617 or RFC 2069).
This filter can be used to provide Digest authentication services to both remoting protocol clients (such as Hessian and SOAP) as well as standard user agents (such as Internet Explorer and FireFox).
This Digest implementation has been designed to avoid needing to store session state
between invocations. All session management information is stored in the "nonce" that
is sent to the client by the DigestAuthenticationEntryPoint
.
If authentication is successful, the resulting
Authentication
object will be
placed into the SecurityContextHolder
.
If authentication fails, an
AuthenticationEntryPoint
implementation is called. This must always be
DigestAuthenticationEntryPoint
, which will prompt the user to authenticate
again via Digest authentication.
Note there are limitations to Digest authentication, although it is a more comprehensive and secure solution than Basic authentication. Please see RFC 2617 section 4 for a full discussion on the advantages of Digest authentication over Basic authentication, including commentary on the limitations that it still imposes.
Modifier and Type | Field and Description |
---|---|
protected org.springframework.context.support.MessageSourceAccessor |
messages |
Constructor and Description |
---|
DigestAuthenticationFilter() |
Modifier and Type | Method and Description |
---|---|
void |
afterPropertiesSet() |
void |
doFilter(javax.servlet.ServletRequest req,
javax.servlet.ServletResponse res,
javax.servlet.FilterChain chain) |
protected DigestAuthenticationEntryPoint |
getAuthenticationEntryPoint() |
UserCache |
getUserCache() |
UserDetailsService |
getUserDetailsService() |
void |
setAuthenticationDetailsSource(AuthenticationDetailsSource<javax.servlet.http.HttpServletRequest,?> authenticationDetailsSource) |
void |
setAuthenticationEntryPoint(DigestAuthenticationEntryPoint authenticationEntryPoint) |
void |
setCreateAuthenticatedToken(boolean createAuthenticatedToken)
If you set this property, the Authentication object, which is created after the
successful digest authentication will be marked as authenticated and filled
with the authorities loaded by the UserDetailsService.
|
void |
setMessageSource(org.springframework.context.MessageSource messageSource) |
void |
setPasswordAlreadyEncoded(boolean passwordAlreadyEncoded) |
void |
setUserCache(UserCache userCache) |
void |
setUserDetailsService(UserDetailsService userDetailsService) |
public void afterPropertiesSet()
afterPropertiesSet
in interface org.springframework.beans.factory.InitializingBean
afterPropertiesSet
in class org.springframework.web.filter.GenericFilterBean
public void doFilter(javax.servlet.ServletRequest req, javax.servlet.ServletResponse res, javax.servlet.FilterChain chain) throws java.io.IOException, javax.servlet.ServletException
doFilter
in interface javax.servlet.Filter
java.io.IOException
javax.servlet.ServletException
protected final DigestAuthenticationEntryPoint getAuthenticationEntryPoint()
public UserCache getUserCache()
public UserDetailsService getUserDetailsService()
public void setAuthenticationDetailsSource(AuthenticationDetailsSource<javax.servlet.http.HttpServletRequest,?> authenticationDetailsSource)
public void setAuthenticationEntryPoint(DigestAuthenticationEntryPoint authenticationEntryPoint)
public void setMessageSource(org.springframework.context.MessageSource messageSource)
setMessageSource
in interface org.springframework.context.MessageSourceAware
public void setPasswordAlreadyEncoded(boolean passwordAlreadyEncoded)
public void setUserCache(UserCache userCache)
public void setUserDetailsService(UserDetailsService userDetailsService)
public void setCreateAuthenticatedToken(boolean createAuthenticatedToken)
createAuthenticatedToken
- default is false