|
spring-security-web | ||||||||
| PREV NEXT | FRAMES NO FRAMES | ||||||||
AbstractPreAuthenticatedAuthenticationDetailsSource.buildDetails(Object).ExceptionTranslationFilter to handle an
AccessDeniedException.AccessDeniedHandler.Authentication object in the SecurityContextHolder, and
populates it with one if needed.ExceptionTranslationFilter to commence an authentication scheme.SecurityContextHolder does not contain an
Authentication object and Spring Security wishes to provide an implementation with an
opportunity to authenticate the request using remember-me capabilities.
ExceptionTraslationFilter to commence authentication via the BasicAuthenticationFilter.SecurityContextHolder.ChannelDecisionManager.ChannelProcessor to launch a web channel.FilterInvocation provides the appropriate level of channel
security based on the requested list of ConfigAttributes.
FilterInvocation provides the appropriate level of channel
security based on the requested list of ConfigAttributes.
Throwable instances.
servletPath and
pathInfo, which do not contain path parameters (as defined in
RFC 2396).HttpServletRequest.Throwable.
SecurityEnforcementFilter to commence authentication via the DigestAuthenticationFilter.SecurityContextHolder.DefaultSavedRequest.
requiresAuthentication
method to determine whether the request is for authentication and should be handled by this filter.
Enumeration around a Java 2 collection Iterator.AccessDeniedException and AuthenticationException thrown within the
filter chain.Throwable.
Filter requests to a list of Spring-managed filter beans.SecurityMetadataSource implementations
that are designed to perform lookups keyed on FilterInvocations.HttpFirewall interface.flushBuffer()
getDateHeader().
getOutputStream().close() or
getOutputStream().flush()
credentialsRequestHeader is set, this
will be read and used as the credentials value.
principalRequestHeader from the request.
SecurityContextHolder.
ServletRequest was received on.
HttpSession id the authentication request was received from.
Authentication (which is a subclass of Principal), or
null if unavailable.
getWriter().close() or
getWriter().flush()
RedirectStrategy with the URL returned by the determineTargetUrl method.
SecurityContextRepository.loadContext(HttpRequestResponseHolder),
allowing the method to swap the request for a wrapped version, as well as returning the SecurityContext
value.HttpSessionEventPublisher when an HttpSession is created by the containerHttpSessionEventPublisher when a HttpSession is created in the containerSecurityContextRepository implementation which stores the security context in the HttpSession
between requests.Throwables and ThrowableCauseExtractors.
HttpServletRequest.isSecure() responses.InvocationTargetException instances.
saveContext() because of this wrapper.
GrantedAuthority.getAuthority().
HttpServletRequest.isUserInRole(String)) into GrantedAuthoritys and stores these in the authentication
details object.WebAuthenticationDetails
class to be used.
ExceptionTranslationFilter to commence a form login
authentication via the UsernamePasswordAuthenticationFilter.LogoutFilter, to handle redirection or
forwarding to the appropriate destination.FilterInvocation.
NonceExpiredException with the specified
message.
NonceExpiredException with the specified
message and root cause.
NullRememberMeServices that does nothing.Filter instances registered in the map of
filter chains.
defaultFailureUrl if set, otherwise returns a 401 error code.
handle() method to forward or redirect to the target URL, and
then calls clearAuthenticationAttributes() to remove any leftover session data.
HttpServletRequest which requires authentication.HttpServletRequestWrapper.HttpSession events and publisher classes.RememberMeServices implementation based on Barry Jaspan's
Improved Persistent Login Cookie
Best Practice.PersistentTokenBasedRememberMeServices to store the persistent
login tokens for a user.PortMapper implementations provide callers with information
about which HTTP ports are associated with which HTTPS ports on the system,
and vice versa.PortMapper that obtains HTTP:HTTPS pairs from the application context.PortResolver determines the port a web request was received
on.PortResolver that obtains the port from ServletRequest.getServerPort().Authentication implementation for pre-authenticated
authentication.ThrowableCauseExtractor for the specified type.
Authentication object in the SecurityContext, and populates it
with a remember-me authentication token if a RememberMeServices
implementation so requests.UrlMatcher.pathMatchesUrl(Object, String).
SecurityContext when a sendError(), sendRedirect,
getOutputStream().close(), getOutputStream().flush(), getWriter().close(), or
getWriter().flush() happens.DefaultSavedRequest which may have been stored in
the session by the ExceptionTranslationFilter.AuthenticationException for use in view rendering.
HttpServletRequest.isSecure() responses.Filter which populates the ServletRequest with a request wrapper
which implements the servlet API security methods.HttpServletRequestWrapper, which uses the
SecurityContext-defined Authentication object to implement the servlet API security
methods SecurityContextHolderAwareRequestWrapper.isUserInRole(String) and HttpServletRequestWrapper.getRemoteUser().SecurityContextHolder.SecurityContextHolder with information obtained from
the configured SecurityContextRepository prior to the request and stores it back in the repository
once the request has completed and clearing the context holder.SecurityContext between requests.sendError()
sendError()
sendRedirect()
HttpSessionCreatedEvent to the application
appContext.
HttpSessionDestroyedEvent to the application
appContext.
SessionAuthenticationStrategy.SessionAuthenticationStrategy to perform any session-related activity such as
activating session-fixation protection mechanisms or checking for multiple concurrent logins.true, will always redirect to the value of defaultTargetUrl
(defaults to false).
Authentication from the SecurityContext to prevent issues with concurrent
requests.
loadContext method and copy the created context instead.
AbstractAuthenticationProcessingFilter.successfulAuthentication(HttpServletRequest, HttpServletResponse,
Authentication), which may be useful in certain environment (such as
Tapestry applications).
true, indicates that it is permitted to store the target
URL and exception information in a new HttpSession (the default).
HttpSession to be invalidated when this LogoutHandler is invoked.
true, will only use DefaultSavedRequest to determine the target URL on successful
authentication if the request that caused the authentication request was a GET.
UsernamePasswordAuthenticationFilter login
page can be found.
loginFormUrl using the RequestDispatcher,
instead of a 302 redirect.
defaultFailureUrl property when the onAuthenticationFailure method is called.AbstractAuthenticationTargetUrlRequestHandler
base class logic.WebAttributes directly.
WebAttributes directly.
WebAttributes directly.
X509Certificate.getSubjectDN()).Authentication instance returned by the
authentication manager into the secure context.
ChannelDecisionManager is able to process the passed
ConfigAttribute.
ChannelProcessor is able to process the passed
ConfigAttribute.
GrantedAuthority list that will be assigned to the principal
when they assume the identity of a different principal.GrantedAuthority used by SwitchUserFilterThrowable instances.ThrowableAnalyzer instance.
Throwable type.AuthenticationDetailsSource which builds the details object from
an HttpServletRequest object.WebXmlMappableAttributesRetriever.getMappableAttributes().
|
spring-security-web | ||||||||
| PREV NEXT | FRAMES NO FRAMES | ||||||||