public abstract class AbstractPreAuthenticatedProcessingFilter extends SpringSecurityFilter implements org.springframework.beans.factory.InitializingBean, org.springframework.context.ApplicationEventPublisherAware
By default, the filter chain will proceed when an authentication attempt fails in order to allow other
authentication mechanisms to process the request. To reject the credentials immediately, set the
continueFilterChainOnUnsuccessfulAuthentication flag to false. The exception raised by the
AuthenticationManager will the be re-thrown. Note that this will not affect cases where the principal
returned by getPreAuthenticatedPrincipal(javax.servlet.http.HttpServletRequest)
is null, when the chain will still proceed as normal.
logger
Constructor and Description |
---|
AbstractPreAuthenticatedProcessingFilter() |
Modifier and Type | Method and Description |
---|---|
void |
afterPropertiesSet()
Check whether all required properties have been set.
|
void |
doFilterHttp(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
javax.servlet.FilterChain filterChain)
Try to authenticate a pre-authenticated user with Spring Security if the user has not yet been authenticated.
|
protected abstract java.lang.Object |
getPreAuthenticatedCredentials(javax.servlet.http.HttpServletRequest request)
Override to extract the credentials (if applicable) from the current request.
|
protected abstract java.lang.Object |
getPreAuthenticatedPrincipal(javax.servlet.http.HttpServletRequest request)
Override to extract the principal information from the current request
|
void |
setApplicationEventPublisher(org.springframework.context.ApplicationEventPublisher anApplicationEventPublisher) |
void |
setAuthenticationDetailsSource(AuthenticationDetailsSource authenticationDetailsSource) |
void |
setAuthenticationManager(AuthenticationManager authenticationManager) |
void |
setContinueFilterChainOnUnsuccessfulAuthentication(boolean shouldContinue) |
protected void |
successfulAuthentication(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
Authentication authResult)
Puts the
Authentication instance returned by the
authentication manager into the secure context. |
protected void |
unsuccessfulAuthentication(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
AuthenticationException failed)
Ensures the authentication object in the secure context is set to null
when authentication fails.
|
destroy, doFilter, init, toString
public AbstractPreAuthenticatedProcessingFilter()
public void afterPropertiesSet() throws java.lang.Exception
afterPropertiesSet
in interface org.springframework.beans.factory.InitializingBean
java.lang.Exception
public void doFilterHttp(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, javax.servlet.FilterChain filterChain) throws java.io.IOException, javax.servlet.ServletException
doFilterHttp
in class SpringSecurityFilter
java.io.IOException
javax.servlet.ServletException
protected void successfulAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, Authentication authResult)
Authentication
instance returned by the
authentication manager into the secure context.protected void unsuccessfulAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, AuthenticationException failed)
public void setApplicationEventPublisher(org.springframework.context.ApplicationEventPublisher anApplicationEventPublisher)
setApplicationEventPublisher
in interface org.springframework.context.ApplicationEventPublisherAware
anApplicationEventPublisher
- The ApplicationEventPublisher to usepublic void setAuthenticationDetailsSource(AuthenticationDetailsSource authenticationDetailsSource)
authenticationDetailsSource
- The AuthenticationDetailsSource to usepublic void setAuthenticationManager(AuthenticationManager authenticationManager)
authenticationManager
- The AuthenticationManager to usepublic void setContinueFilterChainOnUnsuccessfulAuthentication(boolean shouldContinue)
protected abstract java.lang.Object getPreAuthenticatedPrincipal(javax.servlet.http.HttpServletRequest request)
protected abstract java.lang.Object getPreAuthenticatedCredentials(javax.servlet.http.HttpServletRequest request)