Package org.springframework.security.web.access.intercept

Class FilterSecurityInterceptor

java.lang.Object
org.springframework.security.access.intercept.AbstractSecurityInterceptor
org.springframework.security.web.access.intercept.FilterSecurityInterceptor
All Implemented Interfaces:
jakarta.servlet.Filter, org.springframework.beans.factory.Aware, org.springframework.beans.factory.InitializingBean, org.springframework.context.ApplicationEventPublisherAware, org.springframework.context.MessageSourceAware
public class FilterSecurityInterceptor extends AbstractSecurityInterceptor implements jakarta.servlet.Filter
Performs security handling of HTTP resources via a filter implementation.

The SecurityMetadataSource required by this security interceptor is of type FilterInvocationSecurityMetadataSource.

Refer to AbstractSecurityInterceptor for details on the workflow.

  • Constructor Details

    • FilterSecurityInterceptor

      public FilterSecurityInterceptor()

  • Method Details

    • init

      public void init(jakarta.servlet.FilterConfig arg0)
      Not used (we rely on IoC container lifecycle services instead)
      Specified by:
      init in interface jakarta.servlet.Filter
      Parameters:
      arg0 - ignored

    • destroy

      public void destroy()
      Not used (we rely on IoC container lifecycle services instead)
      Specified by:
      destroy in interface jakarta.servlet.Filter

    • doFilter

      public void doFilter(jakarta.servlet.ServletRequest request, jakarta.servlet.ServletResponse response, jakarta.servlet.FilterChain chain) throws IOException, jakarta.servlet.ServletException
      Method that is actually called by the filter chain. Simply delegates to the invoke(FilterInvocation) method.
      Specified by:
      doFilter in interface jakarta.servlet.Filter
      Parameters:
      request - the servlet request
      response - the servlet response
      chain - the filter chain
      Throws:
      IOException - if the filter chain fails
      jakarta.servlet.ServletException - if the filter chain fails

    • getSecurityMetadataSource

      public FilterInvocationSecurityMetadataSource getSecurityMetadataSource()

    • obtainSecurityMetadataSource

      public SecurityMetadataSource obtainSecurityMetadataSource()
      Specified by:
      obtainSecurityMetadataSource in class AbstractSecurityInterceptor

    • setSecurityMetadataSource

      public void setSecurityMetadataSource(FilterInvocationSecurityMetadataSource newSource)

    • getSecureObjectClass

      public Class<?> getSecureObjectClass()
      Description copied from class: AbstractSecurityInterceptor
      Indicates the type of secure objects the subclass will be presenting to the abstract parent for processing. This is used to ensure collaborators wired to the AbstractSecurityInterceptor all support the indicated secure object class.
      Specified by:
      getSecureObjectClass in class AbstractSecurityInterceptor
      Returns:
      the type of secure object the subclass provides services for

    • invoke

      public void invoke(FilterInvocation filterInvocation) throws IOException, jakarta.servlet.ServletException
      Throws:
      IOException
      jakarta.servlet.ServletException

    • isObserveOncePerRequest

      public boolean isObserveOncePerRequest()
      Indicates whether once-per-request handling will be observed. By default this is true, meaning the FilterSecurityInterceptor will only execute once-per-request. Sometimes users may wish it to execute more than once per request, such as when JSP forwards are being used and filter security is desired on each included fragment of the HTTP request.
      Returns:
      true (the default) if once-per-request is honoured, otherwise false if FilterSecurityInterceptor will enforce authorizations for each and every fragment of the HTTP request.

    • setObserveOncePerRequest

      public void setObserveOncePerRequest(boolean observeOncePerRequest)