public class UsernamePasswordAuthenticationFilter extends AbstractAuthenticationProcessingFilter
AuthenticationProcessingFilter prior to Spring Security 3.0.
Login forms must present two parameters to this filter: a username and password. The
default parameter names to use are contained in the static fields
SPRING_SECURITY_FORM_USERNAME_KEY and
SPRING_SECURITY_FORM_PASSWORD_KEY. The parameter names can also be changed by
setting the usernameParameter and passwordParameter properties.
This filter by default responds to the URL /login.
| Modifier and Type | Field and Description |
|---|---|
static String |
SPRING_SECURITY_FORM_PASSWORD_KEY |
static String |
SPRING_SECURITY_FORM_USERNAME_KEY |
authenticationDetailsSource, eventPublisher, messageslogger| Constructor and Description |
|---|
UsernamePasswordAuthenticationFilter() |
| Modifier and Type | Method and Description |
|---|---|
org.springframework.security.core.Authentication |
attemptAuthentication(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
Performs actual authentication.
|
String |
getPasswordParameter() |
String |
getUsernameParameter() |
protected String |
obtainPassword(javax.servlet.http.HttpServletRequest request)
Enables subclasses to override the composition of the password, such as by
including additional values and a separator.
|
protected String |
obtainUsername(javax.servlet.http.HttpServletRequest request)
Enables subclasses to override the composition of the username, such as by
including additional values and a separator.
|
protected void |
setDetails(javax.servlet.http.HttpServletRequest request,
org.springframework.security.authentication.UsernamePasswordAuthenticationToken authRequest)
Provided so that subclasses may configure what is put into the authentication
request's details property.
|
void |
setPasswordParameter(String passwordParameter)
Sets the parameter name which will be used to obtain the password from the login
request..
|
void |
setPostOnly(boolean postOnly)
Defines whether only HTTP POST requests will be allowed by this filter.
|
void |
setUsernameParameter(String usernameParameter)
Sets the parameter name which will be used to obtain the username from the login
request.
|
afterPropertiesSet, doFilter, getAllowSessionCreation, getAuthenticationManager, getFailureHandler, getRememberMeServices, getSuccessHandler, requiresAuthentication, setAllowSessionCreation, setApplicationEventPublisher, setAuthenticationDetailsSource, setAuthenticationFailureHandler, setAuthenticationManager, setAuthenticationSuccessHandler, setContinueChainBeforeSuccessfulAuthentication, setFilterProcessesUrl, setMessageSource, setRememberMeServices, setRequiresAuthenticationRequestMatcher, setSessionAuthenticationStrategy, successfulAuthentication, unsuccessfulAuthenticationaddRequiredProperty, destroy, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContextpublic static final String SPRING_SECURITY_FORM_USERNAME_KEY
public static final String SPRING_SECURITY_FORM_PASSWORD_KEY
public UsernamePasswordAuthenticationFilter()
public org.springframework.security.core.Authentication attemptAuthentication(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
throws org.springframework.security.core.AuthenticationException
AbstractAuthenticationProcessingFilterThe implementation should do one of the following:
attemptAuthentication in class AbstractAuthenticationProcessingFilterrequest - from which to extract parameters and perform the authenticationresponse - the response, which may be needed if the implementation has to do a
redirect as part of a multi-stage authentication process (such as OpenID).org.springframework.security.core.AuthenticationException - if authentication fails.protected String obtainPassword(javax.servlet.http.HttpServletRequest request)
This might be used for example if a postcode/zipcode was required in addition to
the password. A delimiter such as a pipe (|) should be used to separate the
password and extended value(s). The AuthenticationDao will need to
generate the expected password in a corresponding manner.
request - so that request attributes can be retrievedAuthentication
request token to the AuthenticationManagerprotected String obtainUsername(javax.servlet.http.HttpServletRequest request)
request - so that request attributes can be retrievedAuthentication
request token to the AuthenticationManagerprotected void setDetails(javax.servlet.http.HttpServletRequest request,
org.springframework.security.authentication.UsernamePasswordAuthenticationToken authRequest)
request - that an authentication request is being created forauthRequest - the authentication request object that should have its details
setpublic void setUsernameParameter(String usernameParameter)
usernameParameter - the parameter name. Defaults to "username".public void setPasswordParameter(String passwordParameter)
passwordParameter - the parameter name. Defaults to "password".public void setPostOnly(boolean postOnly)
Defaults to true but may be overridden by subclasses.
public final String getUsernameParameter()
public final String getPasswordParameter()