public class AuthenticationProcessingFilter extends AbstractProcessingFilter
Login forms must present two parameters to this filter: a username and
password. The parameter names to use are contained in the static fields ACEGI_SECURITY_FORM_USERNAME_KEY
and ACEGI_SECURITY_FORM_PASSWORD_KEY
.
Do not use this class directly. Instead configure web.xml
to use the FilterToBeanProxy
.
Modifier and Type | Field and Description |
---|---|
static String |
ACEGI_SECURITY_FORM_PASSWORD_KEY |
static String |
ACEGI_SECURITY_FORM_USERNAME_KEY |
static String |
ACEGI_SECURITY_LAST_USERNAME_KEY |
ACEGI_SAVED_REQUEST_KEY, ACEGI_SECURITY_LAST_EXCEPTION_KEY, authenticationDetailsSource, eventPublisher, logger, messages
Constructor and Description |
---|
AuthenticationProcessingFilter() |
Modifier and Type | Method and Description |
---|---|
Authentication |
attemptAuthentication(javax.servlet.http.HttpServletRequest request)
Performs actual authentication.
|
String |
getDefaultFilterProcessesUrl()
This filter by default responds to
/j_acegi_security_check . |
void |
init(javax.servlet.FilterConfig filterConfig)
Does nothing.
|
protected String |
obtainPassword(javax.servlet.http.HttpServletRequest request)
Enables subclasses to override the composition of the password, such as by including additional values
and a separator.
|
protected String |
obtainUsername(javax.servlet.http.HttpServletRequest request)
Enables subclasses to override the composition of the username, such as by including additional values
and a separator.
|
protected void |
setDetails(javax.servlet.http.HttpServletRequest request,
UsernamePasswordAuthenticationToken authRequest)
Provided so that subclasses may configure what is put into the authentication request's details
property.
|
afterPropertiesSet, destroy, determineFailureUrl, determineTargetUrl, doFilter, getAuthenticationDetailsSource, getAuthenticationFailureUrl, getAuthenticationManager, getDefaultTargetUrl, getExceptionMappings, getFilterProcessesUrl, getRememberMeServices, isAlwaysUseDefaultTargetUrl, isContinueChainBeforeSuccessfulAuthentication, obtainFullRequestUrl, onPreAuthentication, onSuccessfulAuthentication, onUnsuccessfulAuthentication, requiresAuthentication, sendRedirect, setAlwaysUseDefaultTargetUrl, setApplicationEventPublisher, setAuthenticationDetailsSource, setAuthenticationFailureUrl, setAuthenticationManager, setBufferSize, setContinueChainBeforeSuccessfulAuthentication, setDefaultTargetUrl, setExceptionMappings, setFilterProcessesUrl, setMessageSource, setRememberMeServices, setUseRelativeContext, successfulAuthentication, unsuccessfulAuthentication
public static final String ACEGI_SECURITY_FORM_USERNAME_KEY
public static final String ACEGI_SECURITY_FORM_PASSWORD_KEY
public static final String ACEGI_SECURITY_LAST_USERNAME_KEY
public Authentication attemptAuthentication(javax.servlet.http.HttpServletRequest request) throws AuthenticationException
AbstractProcessingFilter
attemptAuthentication
in class AbstractProcessingFilter
request
- from which to extract parameters and perform the
authenticationAuthenticationException
- if authentication failspublic String getDefaultFilterProcessesUrl()
/j_acegi_security_check
.getDefaultFilterProcessesUrl
in class AbstractProcessingFilter
public void init(javax.servlet.FilterConfig filterConfig) throws javax.servlet.ServletException
AbstractProcessingFilter
init
in interface javax.servlet.Filter
init
in class AbstractProcessingFilter
filterConfig
- ignoredjavax.servlet.ServletException
- ignoredprotected String obtainPassword(javax.servlet.http.HttpServletRequest request)
This might be used for example if a postcode/zipcode was required in addition to the
password. A delimiter such as a pipe (|) should be used to separate the password and extended value(s). The
AuthenticationDao
will need to generate the expected password in a corresponding manner.
request
- so that request attributes can be retrievedAuthentication
request token to the
AuthenticationManager
protected String obtainUsername(javax.servlet.http.HttpServletRequest request)
request
- so that request attributes can be retrievedAuthentication
request token to the
AuthenticationManager
protected void setDetails(javax.servlet.http.HttpServletRequest request, UsernamePasswordAuthenticationToken authRequest)
request
- that an authentication request is being created forauthRequest
- the authentication request object that should have its details setCopyright © 2016. All rights reserved.