|
spring-security-web | ||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | ||||||||
java.lang.Objectorg.springframework.web.filter.GenericFilterBean
org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
public class UsernamePasswordAuthenticationFilter
Processes an authentication form submission. Called AuthenticationProcessingFilter prior to Spring Security
3.0.
Login forms must present two parameters to this filter: a username and
password. The default parameter names to use are contained in the
static fields SPRING_SECURITY_FORM_USERNAME_KEY and SPRING_SECURITY_FORM_PASSWORD_KEY.
The parameter names can also be changed by setting the usernameParameter and passwordParameter
properties.
This filter by default responds to the URL /j_spring_security_check.
| Field Summary | |
|---|---|
static String |
SPRING_SECURITY_FORM_PASSWORD_KEY
|
static String |
SPRING_SECURITY_FORM_USERNAME_KEY
|
static String |
SPRING_SECURITY_LAST_USERNAME_KEY
|
| Fields inherited from class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter |
|---|
authenticationDetailsSource, eventPublisher, messages, SPRING_SECURITY_LAST_EXCEPTION_KEY |
| Fields inherited from class org.springframework.web.filter.GenericFilterBean |
|---|
logger |
| Constructor Summary | |
|---|---|
UsernamePasswordAuthenticationFilter()
|
|
| Method Summary | |
|---|---|
org.springframework.security.core.Authentication |
attemptAuthentication(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
Performs actual authentication. |
String |
getPasswordParameter()
|
String |
getUsernameParameter()
|
protected String |
obtainPassword(javax.servlet.http.HttpServletRequest request)
Enables subclasses to override the composition of the password, such as by including additional values and a separator. |
protected String |
obtainUsername(javax.servlet.http.HttpServletRequest request)
Enables subclasses to override the composition of the username, such as by including additional values and a separator. |
protected void |
setDetails(javax.servlet.http.HttpServletRequest request,
org.springframework.security.authentication.UsernamePasswordAuthenticationToken authRequest)
Provided so that subclasses may configure what is put into the authentication request's details property. |
void |
setPasswordParameter(String passwordParameter)
Sets the parameter name which will be used to obtain the password from the login request.. |
void |
setPostOnly(boolean postOnly)
Defines whether only HTTP POST requests will be allowed by this filter. |
void |
setUsernameParameter(String usernameParameter)
Sets the parameter name which will be used to obtain the username from the login request. |
| Methods inherited from class org.springframework.web.filter.GenericFilterBean |
|---|
addRequiredProperty, destroy, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setServletContext |
| Methods inherited from class java.lang.Object |
|---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
| Field Detail |
|---|
public static final String SPRING_SECURITY_FORM_USERNAME_KEY
public static final String SPRING_SECURITY_FORM_PASSWORD_KEY
public static final String SPRING_SECURITY_LAST_USERNAME_KEY
| Constructor Detail |
|---|
public UsernamePasswordAuthenticationFilter()
| Method Detail |
|---|
public org.springframework.security.core.Authentication attemptAuthentication(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
throws org.springframework.security.core.AuthenticationException
AbstractAuthenticationProcessingFilterThe implementation should do one of the following:
attemptAuthentication in class AbstractAuthenticationProcessingFilterrequest - from which to extract parameters and perform the authenticationresponse - the response, which may be needed if the implementation has to do a redirect as part of a
multi-stage authentication process (such as OpenID).
org.springframework.security.core.AuthenticationException - if authentication fails.protected String obtainPassword(javax.servlet.http.HttpServletRequest request)
This might be used for example if a postcode/zipcode was required in addition to the
password. A delimiter such as a pipe (|) should be used to separate the password and extended value(s). The
AuthenticationDao will need to generate the expected password in a corresponding manner.
request - so that request attributes can be retrieved
Authentication request token to the
AuthenticationManagerprotected String obtainUsername(javax.servlet.http.HttpServletRequest request)
request - so that request attributes can be retrieved
Authentication request token to the
AuthenticationManager
protected void setDetails(javax.servlet.http.HttpServletRequest request,
org.springframework.security.authentication.UsernamePasswordAuthenticationToken authRequest)
request - that an authentication request is being created forauthRequest - the authentication request object that should have its details setpublic void setUsernameParameter(String usernameParameter)
usernameParameter - the parameter name. Defaults to "j_username".public void setPasswordParameter(String passwordParameter)
passwordParameter - the parameter name. Defaults to "j_password".public void setPostOnly(boolean postOnly)
Defaults to true but may be overridden by subclasses.
public final String getUsernameParameter()
public final String getPasswordParameter()
|
spring-security-web | ||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | ||||||||