public class FilterSecurityInterceptor
extends org.springframework.security.access.intercept.AbstractSecurityInterceptor
implements javax.servlet.Filter
The SecurityMetadataSource required by this security interceptor is of
type FilterInvocationSecurityMetadataSource.
Refer to AbstractSecurityInterceptor for details on the workflow.
| Constructor and Description |
|---|
FilterSecurityInterceptor() |
| Modifier and Type | Method and Description |
|---|---|
void |
destroy()
Not used (we rely on IoC container lifecycle services instead)
|
void |
doFilter(javax.servlet.ServletRequest request,
javax.servlet.ServletResponse response,
javax.servlet.FilterChain chain)
Method that is actually called by the filter chain.
|
Class<?> |
getSecureObjectClass() |
FilterInvocationSecurityMetadataSource |
getSecurityMetadataSource() |
void |
init(javax.servlet.FilterConfig arg0)
Not used (we rely on IoC container lifecycle services instead)
|
void |
invoke(FilterInvocation fi) |
boolean |
isObserveOncePerRequest()
Indicates whether once-per-request handling will be observed.
|
org.springframework.security.access.SecurityMetadataSource |
obtainSecurityMetadataSource() |
void |
setObserveOncePerRequest(boolean observeOncePerRequest) |
void |
setSecurityMetadataSource(FilterInvocationSecurityMetadataSource newSource) |
afterInvocation, afterPropertiesSet, beforeInvocation, finallyInvocation, getAccessDecisionManager, getAfterInvocationManager, getAuthenticationManager, getRunAsManager, isAlwaysReauthenticate, isRejectPublicInvocations, isValidateConfigAttributes, setAccessDecisionManager, setAfterInvocationManager, setAlwaysReauthenticate, setApplicationEventPublisher, setAuthenticationManager, setMessageSource, setPublishAuthorizationSuccess, setRejectPublicInvocations, setRunAsManager, setValidateConfigAttributespublic void init(javax.servlet.FilterConfig arg0)
throws javax.servlet.ServletException
init in interface javax.servlet.Filterarg0 - ignoredjavax.servlet.ServletException - never thrownpublic void destroy()
destroy in interface javax.servlet.Filterpublic void doFilter(javax.servlet.ServletRequest request,
javax.servlet.ServletResponse response,
javax.servlet.FilterChain chain)
throws IOException,
javax.servlet.ServletException
invoke(FilterInvocation) method.doFilter in interface javax.servlet.Filterrequest - the servlet requestresponse - the servlet responsechain - the filter chainIOException - if the filter chain failsjavax.servlet.ServletException - if the filter chain failspublic FilterInvocationSecurityMetadataSource getSecurityMetadataSource()
public org.springframework.security.access.SecurityMetadataSource obtainSecurityMetadataSource()
obtainSecurityMetadataSource in class org.springframework.security.access.intercept.AbstractSecurityInterceptorpublic void setSecurityMetadataSource(FilterInvocationSecurityMetadataSource newSource)
public Class<?> getSecureObjectClass()
getSecureObjectClass in class org.springframework.security.access.intercept.AbstractSecurityInterceptorpublic void invoke(FilterInvocation fi) throws IOException, javax.servlet.ServletException
IOExceptionjavax.servlet.ServletExceptionpublic boolean isObserveOncePerRequest()
true, meaning the FilterSecurityInterceptor will only
execute once-per-request. Sometimes users may wish it to execute more than once per
request, such as when JSP forwards are being used and filter security is desired on
each included fragment of the HTTP request.true (the default) if once-per-request is honoured, otherwise
false if FilterSecurityInterceptor will enforce
authorizations for each and every fragment of the HTTP request.public void setObserveOncePerRequest(boolean observeOncePerRequest)