org.acegisecurity.ui.webapp
Class AuthenticationProcessingFilter

java.lang.Object
  extended by org.acegisecurity.ui.AbstractProcessingFilter
      extended by org.acegisecurity.ui.webapp.AuthenticationProcessingFilter
All Implemented Interfaces:
javax.servlet.Filter, org.springframework.beans.factory.InitializingBean, org.springframework.context.ApplicationEventPublisherAware, org.springframework.context.MessageSourceAware
Direct Known Subclasses:
SiteminderAuthenticationProcessingFilter

public class AuthenticationProcessingFilter
extends AbstractProcessingFilter

Processes an authentication form.

Login forms must present two parameters to this filter: a username and password. The parameter names to use are contained in the static fields ACEGI_SECURITY_FORM_USERNAME_KEY and ACEGI_SECURITY_FORM_PASSWORD_KEY.

Do not use this class directly. Instead configure web.xml to use the FilterToBeanProxy.

Version:
$Id: AuthenticationProcessingFilter.java 2110 2007-09-14 14:32:19Z luke_t $
Author:
Ben Alex, Colin Sampaleanu

Field Summary
static java.lang.String ACEGI_SECURITY_FORM_PASSWORD_KEY
           
static java.lang.String ACEGI_SECURITY_FORM_USERNAME_KEY
           
static java.lang.String ACEGI_SECURITY_LAST_USERNAME_KEY
           
 
Fields inherited from class org.acegisecurity.ui.AbstractProcessingFilter
ACEGI_SAVED_REQUEST_KEY, ACEGI_SECURITY_LAST_EXCEPTION_KEY, authenticationDetailsSource, eventPublisher, logger, messages
 
Constructor Summary
AuthenticationProcessingFilter()
           
 
Method Summary
 Authentication attemptAuthentication(javax.servlet.http.HttpServletRequest request)
          Performs actual authentication.
 java.lang.String getDefaultFilterProcessesUrl()
          This filter by default responds to /j_acegi_security_check.
 void init(javax.servlet.FilterConfig filterConfig)
          Does nothing.
protected  java.lang.String obtainPassword(javax.servlet.http.HttpServletRequest request)
          Enables subclasses to override the composition of the password, such as by including additional values and a separator.
protected  java.lang.String obtainUsername(javax.servlet.http.HttpServletRequest request)
          Enables subclasses to override the composition of the username, such as by including additional values and a separator.
protected  void setDetails(javax.servlet.http.HttpServletRequest request, UsernamePasswordAuthenticationToken authRequest)
          Provided so that subclasses may configure what is put into the authentication request's details property.
 
Methods inherited from class org.acegisecurity.ui.AbstractProcessingFilter
afterPropertiesSet, destroy, determineFailureUrl, determineTargetUrl, doFilter, getAuthenticationDetailsSource, getAuthenticationFailureUrl, getAuthenticationManager, getDefaultTargetUrl, getExceptionMappings, getFilterProcessesUrl, getRememberMeServices, isAlwaysUseDefaultTargetUrl, isContinueChainBeforeSuccessfulAuthentication, obtainFullRequestUrl, onPreAuthentication, onSuccessfulAuthentication, onUnsuccessfulAuthentication, requiresAuthentication, sendRedirect, setAlwaysUseDefaultTargetUrl, setApplicationEventPublisher, setAuthenticationDetailsSource, setAuthenticationFailureUrl, setAuthenticationManager, setBufferSize, setContinueChainBeforeSuccessfulAuthentication, setDefaultTargetUrl, setExceptionMappings, setFilterProcessesUrl, setMessageSource, setRememberMeServices, setUseRelativeContext, successfulAuthentication, unsuccessfulAuthentication
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

ACEGI_SECURITY_FORM_USERNAME_KEY

public static final java.lang.String ACEGI_SECURITY_FORM_USERNAME_KEY
See Also:
Constant Field Values

ACEGI_SECURITY_FORM_PASSWORD_KEY

public static final java.lang.String ACEGI_SECURITY_FORM_PASSWORD_KEY
See Also:
Constant Field Values

ACEGI_SECURITY_LAST_USERNAME_KEY

public static final java.lang.String ACEGI_SECURITY_LAST_USERNAME_KEY
See Also:
Constant Field Values
Constructor Detail

AuthenticationProcessingFilter

public AuthenticationProcessingFilter()
Method Detail

attemptAuthentication

public Authentication attemptAuthentication(javax.servlet.http.HttpServletRequest request)
                                     throws AuthenticationException
Description copied from class: AbstractProcessingFilter
Performs actual authentication.

Specified by:
attemptAuthentication in class AbstractProcessingFilter
Parameters:
request - from which to extract parameters and perform the authentication
Returns:
the authenticated user
Throws:
AuthenticationException - if authentication fails

getDefaultFilterProcessesUrl

public java.lang.String getDefaultFilterProcessesUrl()
This filter by default responds to /j_acegi_security_check.

Specified by:
getDefaultFilterProcessesUrl in class AbstractProcessingFilter
Returns:
the default

init

public void init(javax.servlet.FilterConfig filterConfig)
          throws javax.servlet.ServletException
Description copied from class: AbstractProcessingFilter
Does nothing. We use IoC container lifecycle services instead.

Specified by:
init in interface javax.servlet.Filter
Overrides:
init in class AbstractProcessingFilter
Parameters:
filterConfig - ignored
Throws:
javax.servlet.ServletException - ignored

obtainPassword

protected java.lang.String obtainPassword(javax.servlet.http.HttpServletRequest request)
Enables subclasses to override the composition of the password, such as by including additional values and a separator.

This might be used for example if a postcode/zipcode was required in addition to the password. A delimiter such as a pipe (|) should be used to separate the password and extended value(s). The AuthenticationDao will need to generate the expected password in a corresponding manner.

Parameters:
request - so that request attributes can be retrieved
Returns:
the password that will be presented in the Authentication request token to the AuthenticationManager

obtainUsername

protected java.lang.String obtainUsername(javax.servlet.http.HttpServletRequest request)
Enables subclasses to override the composition of the username, such as by including additional values and a separator.

Parameters:
request - so that request attributes can be retrieved
Returns:
the username that will be presented in the Authentication request token to the AuthenticationManager

setDetails

protected void setDetails(javax.servlet.http.HttpServletRequest request,
                          UsernamePasswordAuthenticationToken authRequest)
Provided so that subclasses may configure what is put into the authentication request's details property.

Parameters:
request - that an authentication request is being created for
authRequest - the authentication request object that should have its details set


Copyright © 2004-2011 Interface21, Inc. All Rights Reserved.