public class RememberMeAuthenticationFilter
extends org.springframework.web.filter.GenericFilterBean
implements org.springframework.context.ApplicationEventPublisherAware
Authentication
object in the SecurityContext
,
and populates the context with a remember-me authentication token if a
RememberMeServices
implementation so requests.
Concrete RememberMeServices
implementations will have their
RememberMeServices.autoLogin(HttpServletRequest, HttpServletResponse)
method
called by this filter. If this method returns a non-null Authentication
object,
it will be passed to the AuthenticationManager
, so that any
authentication-specific behaviour can be achieved. The resulting Authentication
(if successful) will be placed into the SecurityContext
.
If authentication is successful, an InteractiveAuthenticationSuccessEvent
will
be published to the application context. No events will be published if authentication
was unsuccessful, because this would generally be recorded via an
AuthenticationManager
-specific application event.
Normally the request will be allowed to proceed regardless of whether authentication
succeeds or fails. If some control over the destination for authenticated users is
required, an AuthenticationSuccessHandler
can be injected
Constructor and Description |
---|
RememberMeAuthenticationFilter(AuthenticationManager authenticationManager,
RememberMeServices rememberMeServices) |
Modifier and Type | Method and Description |
---|---|
void |
afterPropertiesSet() |
void |
doFilter(javax.servlet.ServletRequest req,
javax.servlet.ServletResponse res,
javax.servlet.FilterChain chain) |
RememberMeServices |
getRememberMeServices() |
protected void |
onSuccessfulAuthentication(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
Authentication authResult)
Called if a remember-me token is presented and successfully authenticated by the
RememberMeServices autoLogin method and the
AuthenticationManager . |
protected void |
onUnsuccessfulAuthentication(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
AuthenticationException failed)
Called if the
AuthenticationManager rejects the authentication object
returned from the RememberMeServices autoLogin method. |
void |
setApplicationEventPublisher(org.springframework.context.ApplicationEventPublisher eventPublisher) |
void |
setAuthenticationSuccessHandler(AuthenticationSuccessHandler successHandler)
Allows control over the destination a remembered user is sent to when they are
successfully authenticated.
|
public RememberMeAuthenticationFilter(AuthenticationManager authenticationManager, RememberMeServices rememberMeServices)
public void afterPropertiesSet()
afterPropertiesSet
in interface org.springframework.beans.factory.InitializingBean
afterPropertiesSet
in class org.springframework.web.filter.GenericFilterBean
public void doFilter(javax.servlet.ServletRequest req, javax.servlet.ServletResponse res, javax.servlet.FilterChain chain) throws java.io.IOException, javax.servlet.ServletException
doFilter
in interface javax.servlet.Filter
java.io.IOException
javax.servlet.ServletException
protected void onSuccessfulAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, Authentication authResult)
RememberMeServices
autoLogin
method and the
AuthenticationManager
.protected void onUnsuccessfulAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, AuthenticationException failed)
AuthenticationManager
rejects the authentication object
returned from the RememberMeServices
autoLogin
method. This method
will not be called when no remember-me token is present in the request and
autoLogin
reurns null.public RememberMeServices getRememberMeServices()
public void setApplicationEventPublisher(org.springframework.context.ApplicationEventPublisher eventPublisher)
setApplicationEventPublisher
in interface org.springframework.context.ApplicationEventPublisherAware
public void setAuthenticationSuccessHandler(AuthenticationSuccessHandler successHandler)
AuthenticationSuccessHandler
is set, it will
be invoked and the doFilter()
method will return immediately, thus allowing
the application to redirect the user to a specific URL, regardless of whatthe
original request was for.successHandler
- the strategy to invoke immediately before returning from
doFilter()
.