org.juiser.spring.security.web.authentication

Class HeaderAuthenticationFilter

java.lang.Object

org.springframework.web.filter.GenericFilterBean

org.juiser.spring.security.web.authentication.HeaderAuthenticationFilter

All Implemented Interfaces:

javax.servlet.Filter, org.springframework.beans.factory.Aware, org.springframework.beans.factory.BeanNameAware, org.springframework.beans.factory.DisposableBean, org.springframework.beans.factory.InitializingBean, org.springframework.context.EnvironmentAware, org.springframework.web.context.ServletContextAware

public class HeaderAuthenticationFilter
extends org.springframework.web.filter.GenericFilterBean

Since:

0.1.0

Field Summary

Fields inherited from class org.springframework.web.filter.GenericFilterBean

logger

Constructor Summary

Constructors

Constructor and Description
HeaderAuthenticationFilter(String headerName, org.springframework.security.authentication.AuthenticationManager authenticationManager)

Method Summary

Modifier and Type	Method and Description
void	afterPropertiesSet()
protected org.springframework.security.core.Authentication	attemptAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
void	doFilter(javax.servlet.ServletRequest req, javax.servlet.ServletResponse res, javax.servlet.FilterChain chain)
protected org.springframework.security.authentication.AuthenticationManager	getAuthenticationManager()
protected String	getHeaderName()
protected org.springframework.security.web.util.matcher.RequestMatcher	getRequiresAuthenticationRequestMatcher()
protected boolean	requiresAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) Indicates whether this filter should attempt to process a login request for the current invocation.
protected boolean	successfulAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, javax.servlet.FilterChain chain, org.springframework.security.core.Authentication authResult)
protected boolean	unsuccessfulAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, javax.servlet.FilterChain chain, org.springframework.security.core.AuthenticationException failed) Clears the SecurityContextHolder and returns true.

Methods inherited from class org.springframework.web.filter.GenericFilterBean

addRequiredProperty, destroy, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

HeaderAuthenticationFilter

public HeaderAuthenticationFilter(String headerName,
                                  org.springframework.security.authentication.AuthenticationManager authenticationManager)

Method Detail

getHeaderName

protected String getHeaderName()

getAuthenticationManager

protected org.springframework.security.authentication.AuthenticationManager getAuthenticationManager()

getRequiresAuthenticationRequestMatcher

protected org.springframework.security.web.util.matcher.RequestMatcher getRequiresAuthenticationRequestMatcher()

afterPropertiesSet

public void afterPropertiesSet()
                        throws javax.servlet.ServletException

Specified by:

afterPropertiesSet in interface org.springframework.beans.factory.InitializingBean

Overrides:

afterPropertiesSet in class org.springframework.web.filter.GenericFilterBean

Throws:

javax.servlet.ServletException

requiresAuthentication

protected boolean requiresAuthentication(javax.servlet.http.HttpServletRequest request,
                                         javax.servlet.http.HttpServletResponse response)

Indicates whether this filter should attempt to process a login request for the current invocation.

It strips any parameters from the "path" section of the request URL (such as the jsessionid parameter in http://host/myapp/index.html;jsessionid=blah) before matching against the filterProcessesUrl property.

Subclasses may override for special requirements, such as Tapestry integration.

Returns:

true if the filter should attempt authentication, false otherwise.

doFilter

public void doFilter(javax.servlet.ServletRequest req,
                     javax.servlet.ServletResponse res,
                     javax.servlet.FilterChain chain)
              throws IOException,
                     javax.servlet.ServletException

Throws:

IOException

javax.servlet.ServletException

successfulAuthentication

protected boolean successfulAuthentication(javax.servlet.http.HttpServletRequest request,
                                           javax.servlet.http.HttpServletResponse response,
                                           javax.servlet.FilterChain chain,
                                           org.springframework.security.core.Authentication authResult)
                                    throws IOException,
                                           javax.servlet.ServletException

Throws:

IOException

javax.servlet.ServletException

unsuccessfulAuthentication

protected boolean unsuccessfulAuthentication(javax.servlet.http.HttpServletRequest request,
                                             javax.servlet.http.HttpServletResponse response,
                                             javax.servlet.FilterChain chain,
                                             org.springframework.security.core.AuthenticationException failed)
                                      throws IOException,
                                             javax.servlet.ServletException

Clears the SecurityContextHolder and returns true.

Throws:

IOException

javax.servlet.ServletException

attemptAuthentication

protected org.springframework.security.core.Authentication attemptAuthentication(javax.servlet.http.HttpServletRequest request,
                                                                                 javax.servlet.http.HttpServletResponse response)
                                                                          throws org.springframework.security.core.AuthenticationException,
                                                                                 IOException,
                                                                                 javax.servlet.ServletException

Throws:

org.springframework.security.core.AuthenticationException

IOException

javax.servlet.ServletException