public class BasicProcessingFilter extends Object implements javax.servlet.Filter, org.springframework.beans.factory.InitializingBean
SecurityContextHolder
.For a detailed background on what this filter is designed to process, refer to RFC 1945, Section 11.1. Any realm name presented in the HTTP request is ignored.
In summary, this filter is responsible for processing any request that has a HTTP request header of
Authorization
with an authentication scheme of Basic
and a Base64-encoded
username:password
token. For example, to authenticate user "Aladdin" with password "open sesame" the
following header would be presented:
Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
.
This filter can be used to provide BASIC authentication services to both remoting protocol clients (such as Hessian and SOAP) as well as standard user agents (such as Internet Explorer and Netscape).
If authentication is successful, the resulting Authentication
object will be placed into the
SecurityContextHolder
.
If authentication fails and ignoreFailure
is false
(the default), an AuthenticationEntryPoint
implementation is called. Usually this should be BasicProcessingFilterEntryPoint
,
which will prompt the user to authenticate again via BASIC authentication.
Basic authentication is an attractive protocol because it is simple and widely deployed. However, it still
transmits a password in clear text and as such is undesirable in many situations. Digest authentication is also
provided by Acegi Security and should be used instead of Basic authentication wherever possible. See DigestProcessingFilter
.
Note that if a rememberMeServices
is set, this filter will automatically send back remember-me
details to the client. Therefore, subsequent requests will not need to present a BASIC authentication header as
they will be authenticated using the remember-me mechanism.
Do not use this class directly. Instead configure web.xml
to use the FilterToBeanProxy
.
Constructor and Description |
---|
BasicProcessingFilter() |
Modifier and Type | Method and Description |
---|---|
void |
afterPropertiesSet() |
void |
destroy() |
void |
doFilter(javax.servlet.ServletRequest request,
javax.servlet.ServletResponse response,
javax.servlet.FilterChain chain) |
AuthenticationEntryPoint |
getAuthenticationEntryPoint() |
AuthenticationManager |
getAuthenticationManager() |
void |
init(javax.servlet.FilterConfig arg0) |
boolean |
isIgnoreFailure() |
void |
setAuthenticationDetailsSource(AuthenticationDetailsSource authenticationDetailsSource) |
void |
setAuthenticationEntryPoint(AuthenticationEntryPoint authenticationEntryPoint) |
void |
setAuthenticationManager(AuthenticationManager authenticationManager) |
void |
setIgnoreFailure(boolean ignoreFailure) |
void |
setRememberMeServices(RememberMeServices rememberMeServices) |
public void afterPropertiesSet() throws Exception
afterPropertiesSet
in interface org.springframework.beans.factory.InitializingBean
Exception
public void destroy()
destroy
in interface javax.servlet.Filter
public void doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain) throws IOException, javax.servlet.ServletException
doFilter
in interface javax.servlet.Filter
IOException
javax.servlet.ServletException
public AuthenticationEntryPoint getAuthenticationEntryPoint()
public AuthenticationManager getAuthenticationManager()
public void init(javax.servlet.FilterConfig arg0) throws javax.servlet.ServletException
init
in interface javax.servlet.Filter
javax.servlet.ServletException
public boolean isIgnoreFailure()
public void setAuthenticationDetailsSource(AuthenticationDetailsSource authenticationDetailsSource)
public void setAuthenticationEntryPoint(AuthenticationEntryPoint authenticationEntryPoint)
public void setAuthenticationManager(AuthenticationManager authenticationManager)
public void setIgnoreFailure(boolean ignoreFailure)
public void setRememberMeServices(RememberMeServices rememberMeServices)
Copyright © 2004–2019 Interface21, Inc. All rights reserved.