Class FilterSecurityInterceptor
- java.lang.Object
-
- org.springframework.security.access.intercept.AbstractSecurityInterceptor
-
- org.springframework.security.web.access.intercept.FilterSecurityInterceptor
-
- All Implemented Interfaces:
javax.servlet.Filter
,org.springframework.beans.factory.Aware
,org.springframework.beans.factory.InitializingBean
,org.springframework.context.ApplicationEventPublisherAware
,org.springframework.context.MessageSourceAware
public class FilterSecurityInterceptor extends AbstractSecurityInterceptor implements javax.servlet.Filter
Performs security handling of HTTP resources via a filter implementation.The
SecurityMetadataSource
required by this security interceptor is of typeFilterInvocationSecurityMetadataSource
.Refer to
AbstractSecurityInterceptor
for details on the workflow.
-
-
Field Summary
-
Fields inherited from class org.springframework.security.access.intercept.AbstractSecurityInterceptor
logger, messages
-
-
Constructor Summary
Constructors Constructor Description FilterSecurityInterceptor()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
destroy()
Not used (we rely on IoC container lifecycle services instead)void
doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain)
Method that is actually called by the filter chain.java.lang.Class<?>
getSecureObjectClass()
Indicates the type of secure objects the subclass will be presenting to the abstract parent for processing.FilterInvocationSecurityMetadataSource
getSecurityMetadataSource()
void
init(javax.servlet.FilterConfig arg0)
Not used (we rely on IoC container lifecycle services instead)void
invoke(FilterInvocation filterInvocation)
boolean
isObserveOncePerRequest()
Indicates whether once-per-request handling will be observed.SecurityMetadataSource
obtainSecurityMetadataSource()
void
setObserveOncePerRequest(boolean observeOncePerRequest)
void
setSecurityMetadataSource(FilterInvocationSecurityMetadataSource newSource)
-
Methods inherited from class org.springframework.security.access.intercept.AbstractSecurityInterceptor
afterInvocation, afterPropertiesSet, beforeInvocation, finallyInvocation, getAccessDecisionManager, getAfterInvocationManager, getAuthenticationManager, getRunAsManager, isAlwaysReauthenticate, isRejectPublicInvocations, isValidateConfigAttributes, setAccessDecisionManager, setAfterInvocationManager, setAlwaysReauthenticate, setApplicationEventPublisher, setAuthenticationManager, setMessageSource, setPublishAuthorizationSuccess, setRejectPublicInvocations, setRunAsManager, setValidateConfigAttributes
-
-
-
-
Method Detail
-
init
public void init(javax.servlet.FilterConfig arg0)
Not used (we rely on IoC container lifecycle services instead)- Specified by:
init
in interfacejavax.servlet.Filter
- Parameters:
arg0
- ignored
-
destroy
public void destroy()
Not used (we rely on IoC container lifecycle services instead)- Specified by:
destroy
in interfacejavax.servlet.Filter
-
doFilter
public void doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain) throws java.io.IOException, javax.servlet.ServletException
Method that is actually called by the filter chain. Simply delegates to theinvoke(FilterInvocation)
method.- Specified by:
doFilter
in interfacejavax.servlet.Filter
- Parameters:
request
- the servlet requestresponse
- the servlet responsechain
- the filter chain- Throws:
java.io.IOException
- if the filter chain failsjavax.servlet.ServletException
- if the filter chain fails
-
getSecurityMetadataSource
public FilterInvocationSecurityMetadataSource getSecurityMetadataSource()
-
obtainSecurityMetadataSource
public SecurityMetadataSource obtainSecurityMetadataSource()
- Specified by:
obtainSecurityMetadataSource
in classAbstractSecurityInterceptor
-
setSecurityMetadataSource
public void setSecurityMetadataSource(FilterInvocationSecurityMetadataSource newSource)
-
getSecureObjectClass
public java.lang.Class<?> getSecureObjectClass()
Description copied from class:AbstractSecurityInterceptor
Indicates the type of secure objects the subclass will be presenting to the abstract parent for processing. This is used to ensure collaborators wired to theAbstractSecurityInterceptor
all support the indicated secure object class.- Specified by:
getSecureObjectClass
in classAbstractSecurityInterceptor
- Returns:
- the type of secure object the subclass provides services for
-
invoke
public void invoke(FilterInvocation filterInvocation) throws java.io.IOException, javax.servlet.ServletException
- Throws:
java.io.IOException
javax.servlet.ServletException
-
isObserveOncePerRequest
public boolean isObserveOncePerRequest()
Indicates whether once-per-request handling will be observed. By default this istrue
, meaning theFilterSecurityInterceptor
will only execute once-per-request. Sometimes users may wish it to execute more than once per request, such as when JSP forwards are being used and filter security is desired on each included fragment of the HTTP request.- Returns:
true
(the default) if once-per-request is honoured, otherwisefalse
ifFilterSecurityInterceptor
will enforce authorizations for each and every fragment of the HTTP request.
-
setObserveOncePerRequest
public void setObserveOncePerRequest(boolean observeOncePerRequest)
-
-