org.springframework.security.ui.rememberme
Class RememberMeProcessingFilter
java.lang.Object
org.springframework.security.ui.SpringSecurityFilter
org.springframework.security.ui.rememberme.RememberMeProcessingFilter
- All Implemented Interfaces:
- javax.servlet.Filter, org.springframework.beans.factory.InitializingBean, org.springframework.context.ApplicationEventPublisherAware, org.springframework.core.Ordered
public class RememberMeProcessingFilter
- extends SpringSecurityFilter
- implements org.springframework.beans.factory.InitializingBean, org.springframework.context.ApplicationEventPublisherAware
Detects if there is no Authentication object in the SecurityContext, and populates it
with a remember-me authentication token if a RememberMeServices
implementation so requests.
Concrete RememberMeServices implementations will have their RememberMeServices.autoLogin(HttpServletRequest, HttpServletResponse) method
called by this filter. The Authentication or null returned by that method will be placed
into the SecurityContext. The AuthenticationManager will be used, so that any concurrent
session management or other authentication-specific behaviour can be achieved. This is the same pattern as with
other authentication mechanisms, which call the AuthenticationManager as part of their contract.
If authentication is successful, an InteractiveAuthenticationSuccessEvent will be published to the application
context. No events will be published if authentication was unsuccessful, because this would generally be recorded
via an AuthenticationManager-specific application event.
- Version:
- $Id$
- Author:
- Ben Alex
| Fields inherited from interface org.springframework.core.Ordered |
HIGHEST_PRECEDENCE, LOWEST_PRECEDENCE |
| Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait |
RememberMeProcessingFilter
public RememberMeProcessingFilter()
afterPropertiesSet
public void afterPropertiesSet()
throws java.lang.Exception
- Specified by:
afterPropertiesSet in interface org.springframework.beans.factory.InitializingBean
- Throws:
java.lang.Exception
doFilterHttp
public void doFilterHttp(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
javax.servlet.FilterChain chain)
throws java.io.IOException,
javax.servlet.ServletException
- Specified by:
doFilterHttp in class SpringSecurityFilter
- Throws:
java.io.IOException
javax.servlet.ServletException
onSuccessfulAuthentication
protected void onSuccessfulAuthentication(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
Authentication authResult)
- Called if a remember-me token is presented and successfully authenticated by the RememberMeServices
autoLogin method and the AuthenticationManager.
onUnsuccessfulAuthentication
protected void onUnsuccessfulAuthentication(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
AuthenticationException failed)
- Called if the AuthenticationManager rejects the authentication object returned from the
RememberMeServices autoLogin method. This method will not be called when no remember-me
token is present in the request and autoLogin returns null.
getRememberMeServices
public RememberMeServices getRememberMeServices()
setApplicationEventPublisher
public void setApplicationEventPublisher(org.springframework.context.ApplicationEventPublisher eventPublisher)
- Specified by:
setApplicationEventPublisher in interface org.springframework.context.ApplicationEventPublisherAware
setAuthenticationManager
public void setAuthenticationManager(AuthenticationManager authenticationManager)
setRememberMeServices
public void setRememberMeServices(RememberMeServices rememberMeServices)
getOrder
public int getOrder()
- Specified by:
getOrder in interface org.springframework.core.Ordered