public class ChannelProcessingFilter
extends GenericFilterBean
Internally uses a FilterInvocation
to represent the request, allowing a
FilterInvocationSecurityMetadataSource
to be used to lookup the attributes
which apply.
Delegates the actual channel security decisions and necessary actions to the configured
ChannelDecisionManager
. If a response is committed by the
ChannelDecisionManager
, the filter chain will not proceed.
The most common usage is to ensure that a request takes place over HTTPS, where the
ChannelDecisionManagerImpl
is configured with a SecureChannelProcessor
and an InsecureChannelProcessor
. A typical configuration would be
<bean id="channelProcessingFilter" class="org.springframework.security.web.access.channel.ChannelProcessingFilter"> <property name="channelDecisionManager" ref="channelDecisionManager"/> <property name="securityMetadataSource"> <security:filter-security-metadata-source request-matcher="regex"> <security:intercept-url pattern="\A/secure/.*\Z" access="REQUIRES_SECURE_CHANNEL"/> <security:intercept-url pattern="\A/login.jsp.*\Z" access="REQUIRES_SECURE_CHANNEL"/> <security:intercept-url pattern="\A/.*\Z" access="ANY_CHANNEL"/> </security:filter-security-metadata-source> </property> </bean> <bean id="channelDecisionManager" class="org.springframework.security.web.access.channel.ChannelDecisionManagerImpl"> <property name="channelProcessors"> <list> <ref bean="secureChannelProcessor"/> <ref bean="insecureChannelProcessor"/> </list> </property> </bean> <bean id="secureChannelProcessor" class="org.springframework.security.web.access.channel.SecureChannelProcessor"/> <bean id="insecureChannelProcessor" class="org.springframework.security.web.access.channel.InsecureChannelProcessor"/>which would force the login form and any access to the
/secure
path to be made
over HTTPS.Constructor and Description |
---|
ChannelProcessingFilter() |
Modifier and Type | Method and Description |
---|---|
void |
afterPropertiesSet() |
void |
doFilter(ServletRequest req,
ServletResponse res,
FilterChain chain) |
protected ChannelDecisionManager |
getChannelDecisionManager() |
protected FilterInvocationSecurityMetadataSource |
getSecurityMetadataSource() |
void |
setChannelDecisionManager(ChannelDecisionManager channelDecisionManager) |
void |
setSecurityMetadataSource(FilterInvocationSecurityMetadataSource filterInvocationSecurityMetadataSource) |
public void afterPropertiesSet()
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws java.io.IOException, ServletException
java.io.IOException
ServletException
protected ChannelDecisionManager getChannelDecisionManager()
protected FilterInvocationSecurityMetadataSource getSecurityMetadataSource()
public void setChannelDecisionManager(ChannelDecisionManager channelDecisionManager)
public void setSecurityMetadataSource(FilterInvocationSecurityMetadataSource filterInvocationSecurityMetadataSource)