Package org.springframework.security.web.access.intercept

Class FilterSecurityInterceptor

  • All Implemented Interfaces:
    javax.servlet.Filter, org.springframework.beans.factory.Aware, org.springframework.beans.factory.InitializingBean, org.springframework.context.ApplicationEventPublisherAware, org.springframework.context.MessageSourceAware
    public class FilterSecurityInterceptor
extends AbstractSecurityInterceptor
implements javax.servlet.Filter
    Performs security handling of HTTP resources via a filter implementation.

    The SecurityMetadataSource required by this security interceptor is of type FilterInvocationSecurityMetadataSource.

    Refer to AbstractSecurityInterceptor for details on the workflow.

    • Constructor Detail

      • FilterSecurityInterceptor

        public FilterSecurityInterceptor()

    • Method Detail

      • init

        public void init​(javax.servlet.FilterConfig arg0)
        Not used (we rely on IoC container lifecycle services instead)
        Specified by:
        init in interface javax.servlet.Filter
        Parameters:
        arg0 - ignored

      • destroy

        public void destroy()
        Not used (we rely on IoC container lifecycle services instead)
        Specified by:
        destroy in interface javax.servlet.Filter

      • doFilter

        public void doFilter​(javax.servlet.ServletRequest request,
                     javax.servlet.ServletResponse response,
                     javax.servlet.FilterChain chain)
              throws java.io.IOException,
                     javax.servlet.ServletException
        Method that is actually called by the filter chain. Simply delegates to the invoke(FilterInvocation) method.
        Specified by:
        doFilter in interface javax.servlet.Filter
        Parameters:
        request - the servlet request
        response - the servlet response
        chain - the filter chain
        Throws:
        java.io.IOException - if the filter chain fails
        javax.servlet.ServletException - if the filter chain fails

      • getSecureObjectClass

        public java.lang.Class<?> getSecureObjectClass()
        Description copied from class: AbstractSecurityInterceptor
        Indicates the type of secure objects the subclass will be presenting to the abstract parent for processing. This is used to ensure collaborators wired to the AbstractSecurityInterceptor all support the indicated secure object class.
        Specified by:
        getSecureObjectClass in class AbstractSecurityInterceptor
        Returns:
        the type of secure object the subclass provides services for

      • invoke

        public void invoke​(FilterInvocation filterInvocation)
            throws java.io.IOException,
                   javax.servlet.ServletException
        Throws:
        java.io.IOException
        javax.servlet.ServletException

      • isObserveOncePerRequest

        public boolean isObserveOncePerRequest()
        Indicates whether once-per-request handling will be observed. By default this is true, meaning the FilterSecurityInterceptor will only execute once-per-request. Sometimes users may wish it to execute more than once per request, such as when JSP forwards are being used and filter security is desired on each included fragment of the HTTP request.
        Returns:
        true (the default) if once-per-request is honoured, otherwise false if FilterSecurityInterceptor will enforce authorizations for each and every fragment of the HTTP request.

      • setObserveOncePerRequest

        public void setObserveOncePerRequest​(boolean observeOncePerRequest)