public class FilterSecurityInterceptor extends AbstractSecurityInterceptor implements javax.servlet.Filter
The SecurityMetadataSource
required by this security interceptor is of
type FilterInvocationSecurityMetadataSource
.
Refer to AbstractSecurityInterceptor
for details on the workflow.
logger, messages
Constructor and Description |
---|
FilterSecurityInterceptor() |
Modifier and Type | Method and Description |
---|---|
void |
destroy()
Not used (we rely on IoC container lifecycle services instead)
|
void |
doFilter(javax.servlet.ServletRequest request,
javax.servlet.ServletResponse response,
javax.servlet.FilterChain chain)
Method that is actually called by the filter chain.
|
java.lang.Class<?> |
getSecureObjectClass()
Indicates the type of secure objects the subclass will be presenting to the
abstract parent for processing.
|
FilterInvocationSecurityMetadataSource |
getSecurityMetadataSource() |
void |
init(javax.servlet.FilterConfig arg0)
Not used (we rely on IoC container lifecycle services instead)
|
void |
invoke(FilterInvocation fi) |
boolean |
isObserveOncePerRequest()
Indicates whether once-per-request handling will be observed.
|
SecurityMetadataSource |
obtainSecurityMetadataSource() |
void |
setObserveOncePerRequest(boolean observeOncePerRequest) |
void |
setSecurityMetadataSource(FilterInvocationSecurityMetadataSource newSource) |
afterInvocation, afterPropertiesSet, beforeInvocation, finallyInvocation, getAccessDecisionManager, getAfterInvocationManager, getAuthenticationManager, getRunAsManager, isAlwaysReauthenticate, isRejectPublicInvocations, isValidateConfigAttributes, setAccessDecisionManager, setAfterInvocationManager, setAlwaysReauthenticate, setApplicationEventPublisher, setAuthenticationManager, setMessageSource, setPublishAuthorizationSuccess, setRejectPublicInvocations, setRunAsManager, setValidateConfigAttributes
public void init(javax.servlet.FilterConfig arg0)
init
in interface javax.servlet.Filter
arg0
- ignoredpublic void destroy()
destroy
in interface javax.servlet.Filter
public void doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain) throws java.io.IOException, javax.servlet.ServletException
invoke(FilterInvocation)
method.doFilter
in interface javax.servlet.Filter
request
- the servlet requestresponse
- the servlet responsechain
- the filter chainjava.io.IOException
- if the filter chain failsjavax.servlet.ServletException
- if the filter chain failspublic FilterInvocationSecurityMetadataSource getSecurityMetadataSource()
public SecurityMetadataSource obtainSecurityMetadataSource()
obtainSecurityMetadataSource
in class AbstractSecurityInterceptor
public void setSecurityMetadataSource(FilterInvocationSecurityMetadataSource newSource)
public java.lang.Class<?> getSecureObjectClass()
AbstractSecurityInterceptor
AbstractSecurityInterceptor
all support the indicated secure object class.getSecureObjectClass
in class AbstractSecurityInterceptor
public void invoke(FilterInvocation fi) throws java.io.IOException, javax.servlet.ServletException
java.io.IOException
javax.servlet.ServletException
public boolean isObserveOncePerRequest()
true
, meaning the FilterSecurityInterceptor
will only
execute once-per-request. Sometimes users may wish it to execute more than once per
request, such as when JSP forwards are being used and filter security is desired on
each included fragment of the HTTP request.true
(the default) if once-per-request is honoured, otherwise
false
if FilterSecurityInterceptor
will enforce
authorizations for each and every fragment of the HTTP request.public void setObserveOncePerRequest(boolean observeOncePerRequest)