public class ChannelProcessingFilter extends GenericFilterBean
Internally uses a FilterInvocation to represent the request, allowing a
FilterInvocationSecurityMetadataSource to be used to lookup the attributes which apply.
Delegates the actual channel security decisions and necessary actions to the configured
ChannelDecisionManager. If a response is committed by the ChannelDecisionManager,
the filter chain will not proceed.
The most common usage is to ensure that a request takes place over HTTPS, where the
ChannelDecisionManagerImpl is configured with a SecureChannelProcessor and an
InsecureChannelProcessor. A typical configuration would be
<bean id="channelProcessingFilter" class="org.springframework.security.web.access.channel.ChannelProcessingFilter">
<property name="channelDecisionManager" ref="channelDecisionManager"/>
<property name="securityMetadataSource">
<security:filter-security-metadata-source path-type="regex">
<security:intercept-url pattern="\A/secure/.*\Z" access="REQUIRES_SECURE_CHANNEL"/>
<security:intercept-url pattern="\A/login.jsp.*\Z" access="REQUIRES_SECURE_CHANNEL"/>
<security:intercept-url pattern="\A/.*\Z" access="ANY_CHANNEL"/>
</security:filter-security-metadata-source>
</property>
</bean>
<bean id="channelDecisionManager" class="org.springframework.security.web.access.channel.ChannelDecisionManagerImpl">
<property name="channelProcessors">
<list>
<ref bean="secureChannelProcessor"/>
<ref bean="insecureChannelProcessor"/>
</list>
</property>
</bean>
<bean id="secureChannelProcessor"
class="org.springframework.security.web.access.channel.SecureChannelProcessor"/>
<bean id="insecureChannelProcessor"
class="org.springframework.security.web.access.channel.InsecureChannelProcessor"/>
which would force the login form and any access to the /secure path to be made over HTTPS.logger| Constructor and Description |
|---|
ChannelProcessingFilter() |
| Modifier and Type | Method and Description |
|---|---|
void |
afterPropertiesSet() |
void |
doFilter(javax.servlet.ServletRequest req,
javax.servlet.ServletResponse res,
javax.servlet.FilterChain chain) |
protected ChannelDecisionManager |
getChannelDecisionManager() |
protected FilterInvocationSecurityMetadataSource |
getSecurityMetadataSource() |
void |
setChannelDecisionManager(ChannelDecisionManager channelDecisionManager) |
void |
setSecurityMetadataSource(FilterInvocationSecurityMetadataSource filterInvocationSecurityMetadataSource) |
addRequiredProperty, destroy, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContextpublic void afterPropertiesSet()
afterPropertiesSet in interface InitializingBeanafterPropertiesSet in class GenericFilterBeanpublic void doFilter(javax.servlet.ServletRequest req,
javax.servlet.ServletResponse res,
javax.servlet.FilterChain chain)
throws IOException,
javax.servlet.ServletException
IOExceptionjavax.servlet.ServletExceptionprotected ChannelDecisionManager getChannelDecisionManager()
protected FilterInvocationSecurityMetadataSource getSecurityMetadataSource()
public void setChannelDecisionManager(ChannelDecisionManager channelDecisionManager)
public void setSecurityMetadataSource(FilterInvocationSecurityMetadataSource filterInvocationSecurityMetadataSource)