Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.springframework.security.ui.webapp
Class AuthenticationProcessingFilter

java.lang.Object
  extended by org.springframework.security.ui.SpringSecurityFilter
      extended by org.springframework.security.ui.AbstractProcessingFilter
          extended by org.springframework.security.ui.webapp.AuthenticationProcessingFilter
All Implemented Interfaces:
javax.servlet.Filter, org.springframework.beans.factory.InitializingBean, org.springframework.context.ApplicationEventPublisherAware, org.springframework.context.MessageSourceAware, org.springframework.core.Ordered
public class AuthenticationProcessingFilter
extends AbstractProcessingFilter

Processes an authentication form.

Login forms must present two parameters to this filter: a username and password. The default parameter names to use are contained in the static fields SPRING_SECURITY_FORM_USERNAME_KEY and SPRING_SECURITY_FORM_PASSWORD_KEY. The parameter names can also be changed by setting the usernameParameter and passwordParameter properties.

Version:
$Id$
Author:
Ben Alex, Colin Sampaleanu

Field Summary
static java.lang.String SPRING_SECURITY_FORM_PASSWORD_KEY
           
static java.lang.String SPRING_SECURITY_FORM_USERNAME_KEY
           
static java.lang.String SPRING_SECURITY_LAST_USERNAME_KEY
           
 
Fields inherited from class org.springframework.security.ui.AbstractProcessingFilter
authenticationDetailsSource, eventPublisher, messages, SPRING_SECURITY_LAST_EXCEPTION_KEY, SPRING_SECURITY_SAVED_REQUEST_KEY
 
Fields inherited from class org.springframework.security.ui.SpringSecurityFilter
logger
 
Fields inherited from interface org.springframework.core.Ordered
HIGHEST_PRECEDENCE, LOWEST_PRECEDENCE
 
Constructor Summary
AuthenticationProcessingFilter()
           
 
Method Summary
 Authentication attemptAuthentication(javax.servlet.http.HttpServletRequest request)
          Performs actual authentication.
 java.lang.String getDefaultFilterProcessesUrl()
          This filter by default responds to /j_spring_security_check.
 int getOrder()
           
protected  java.lang.String obtainPassword(javax.servlet.http.HttpServletRequest request)
          Enables subclasses to override the composition of the password, such as by including additional values and a separator.
protected  java.lang.String obtainUsername(javax.servlet.http.HttpServletRequest request)
          Enables subclasses to override the composition of the username, such as by including additional values and a separator.
protected  void setDetails(javax.servlet.http.HttpServletRequest request, UsernamePasswordAuthenticationToken authRequest)
          Provided so that subclasses may configure what is put into the authentication request's details property.
 void setPasswordParameter(java.lang.String passwordParameter)
          Sets the parameter name which will be used to obtain the password from the login request..
 void setUsernameParameter(java.lang.String usernameParameter)
          Sets the parameter name which will be used to obtain the username from the login request.
 
Methods inherited from class org.springframework.security.ui.AbstractProcessingFilter
afterPropertiesSet, determineFailureUrl, determineTargetUrl, doFilterHttp, getAllowSessionCreation, getAuthenticationDetailsSource, getAuthenticationFailureUrl, getAuthenticationManager, getDefaultTargetUrl, getExceptionMappings, getFilterProcessesUrl, getRememberMeServices, getTargetUrlResolver, obtainFullSavedRequestUrl, onPreAuthentication, onSuccessfulAuthentication, onUnsuccessfulAuthentication, requiresAuthentication, sendRedirect, setAllowSessionCreation, setAlwaysUseDefaultTargetUrl, setApplicationEventPublisher, setAuthenticationDetailsSource, setAuthenticationFailureUrl, setAuthenticationManager, setContinueChainBeforeSuccessfulAuthentication, setDefaultTargetUrl, setExceptionMappings, setFilterProcessesUrl, setInvalidateSessionOnSuccessfulAuthentication, setMessageSource, setMigrateInvalidatedSessionAttributes, setRememberMeServices, setServerSideRedirect, setSessionRegistry, setTargetUrlResolver, setUseRelativeContext, successfulAuthentication, unsuccessfulAuthentication
 
Methods inherited from class org.springframework.security.ui.SpringSecurityFilter
destroy, doFilter, init, toString
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
 

Field Detail

SPRING_SECURITY_FORM_USERNAME_KEY

public static final java.lang.String SPRING_SECURITY_FORM_USERNAME_KEY
See Also:
Constant Field Values

SPRING_SECURITY_FORM_PASSWORD_KEY

public static final java.lang.String SPRING_SECURITY_FORM_PASSWORD_KEY
See Also:
Constant Field Values

SPRING_SECURITY_LAST_USERNAME_KEY

public static final java.lang.String SPRING_SECURITY_LAST_USERNAME_KEY
See Also:
Constant Field Values
Constructor Detail

AuthenticationProcessingFilter

public AuthenticationProcessingFilter()
Method Detail

attemptAuthentication

public Authentication attemptAuthentication(javax.servlet.http.HttpServletRequest request)
                                     throws AuthenticationException
Description copied from class: AbstractProcessingFilter
Performs actual authentication.

Specified by:
attemptAuthentication in class AbstractProcessingFilter
Parameters:
request - from which to extract parameters and perform the authentication
Returns:
the authenticated user
Throws:
AuthenticationException - if authentication fails

getDefaultFilterProcessesUrl

public java.lang.String getDefaultFilterProcessesUrl()
This filter by default responds to /j_spring_security_check.

Specified by:
getDefaultFilterProcessesUrl in class AbstractProcessingFilter
Returns:
the default

obtainPassword

protected java.lang.String obtainPassword(javax.servlet.http.HttpServletRequest request)
Enables subclasses to override the composition of the password, such as by including additional values and a separator.

This might be used for example if a postcode/zipcode was required in addition to the password. A delimiter such as a pipe (|) should be used to separate the password and extended value(s). The AuthenticationDao will need to generate the expected password in a corresponding manner.

Parameters:
request - so that request attributes can be retrieved
Returns:
the password that will be presented in the Authentication request token to the AuthenticationManager

obtainUsername

protected java.lang.String obtainUsername(javax.servlet.http.HttpServletRequest request)
Enables subclasses to override the composition of the username, such as by including additional values and a separator.

Parameters:
request - so that request attributes can be retrieved
Returns:
the username that will be presented in the Authentication request token to the AuthenticationManager

setDetails

protected void setDetails(javax.servlet.http.HttpServletRequest request,
                          UsernamePasswordAuthenticationToken authRequest)
Provided so that subclasses may configure what is put into the authentication request's details property.

Parameters:
request - that an authentication request is being created for
authRequest - the authentication request object that should have its details set

setUsernameParameter

public void setUsernameParameter(java.lang.String usernameParameter)
Sets the parameter name which will be used to obtain the username from the login request.

Parameters:
usernameParameter - the parameter name. Defaults to "j_username".

setPasswordParameter

public void setPasswordParameter(java.lang.String passwordParameter)
Sets the parameter name which will be used to obtain the password from the login request..

Parameters:
passwordParameter - the parameter name. Defaults to "j_password".

getOrder

public int getOrder()
Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD