|
spring-security-web | ||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | ||||||||
java.lang.Objectorg.springframework.security.access.intercept.AbstractSecurityInterceptor
org.springframework.security.web.access.intercept.FilterSecurityInterceptor
public class FilterSecurityInterceptor
Performs security handling of HTTP resources via a filter implementation.
The SecurityMetadataSource required by this security interceptor is of type FilterInvocationSecurityMetadataSource.
Refer to AbstractSecurityInterceptor for details on the workflow.
| Field Summary |
|---|
| Fields inherited from class org.springframework.security.access.intercept.AbstractSecurityInterceptor |
|---|
logger, messages |
| Constructor Summary | |
|---|---|
FilterSecurityInterceptor()
|
|
| Method Summary | |
|---|---|
void |
destroy()
Not used (we rely on IoC container lifecycle services instead) |
void |
doFilter(javax.servlet.ServletRequest request,
javax.servlet.ServletResponse response,
javax.servlet.FilterChain chain)
Method that is actually called by the filter chain. |
Class<?> |
getSecureObjectClass()
|
FilterInvocationSecurityMetadataSource |
getSecurityMetadataSource()
|
void |
init(javax.servlet.FilterConfig arg0)
Not used (we rely on IoC container lifecycle services instead) |
void |
invoke(FilterInvocation fi)
|
boolean |
isObserveOncePerRequest()
Indicates whether once-per-request handling will be observed. |
org.springframework.security.access.SecurityMetadataSource |
obtainSecurityMetadataSource()
|
void |
setObserveOncePerRequest(boolean observeOncePerRequest)
|
void |
setSecurityMetadataSource(FilterInvocationSecurityMetadataSource newSource)
|
| Methods inherited from class org.springframework.security.access.intercept.AbstractSecurityInterceptor |
|---|
afterInvocation, afterPropertiesSet, beforeInvocation, finallyInvocation, getAccessDecisionManager, getAfterInvocationManager, getAuthenticationManager, getRunAsManager, isAlwaysReauthenticate, isRejectPublicInvocations, isValidateConfigAttributes, setAccessDecisionManager, setAfterInvocationManager, setAlwaysReauthenticate, setApplicationEventPublisher, setAuthenticationManager, setMessageSource, setPublishAuthorizationSuccess, setRejectPublicInvocations, setRunAsManager, setValidateConfigAttributes |
| Methods inherited from class java.lang.Object |
|---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
| Constructor Detail |
|---|
public FilterSecurityInterceptor()
| Method Detail |
|---|
public void init(javax.servlet.FilterConfig arg0)
throws javax.servlet.ServletException
init in interface javax.servlet.Filterarg0 - ignored
javax.servlet.ServletException - never thrownpublic void destroy()
destroy in interface javax.servlet.Filter
public void doFilter(javax.servlet.ServletRequest request,
javax.servlet.ServletResponse response,
javax.servlet.FilterChain chain)
throws IOException,
javax.servlet.ServletException
invoke(FilterInvocation) method.
doFilter in interface javax.servlet.Filterrequest - the servlet requestresponse - the servlet responsechain - the filter chain
IOException - if the filter chain fails
javax.servlet.ServletException - if the filter chain failspublic FilterInvocationSecurityMetadataSource getSecurityMetadataSource()
public org.springframework.security.access.SecurityMetadataSource obtainSecurityMetadataSource()
obtainSecurityMetadataSource in class org.springframework.security.access.intercept.AbstractSecurityInterceptorpublic void setSecurityMetadataSource(FilterInvocationSecurityMetadataSource newSource)
public Class<?> getSecureObjectClass()
getSecureObjectClass in class org.springframework.security.access.intercept.AbstractSecurityInterceptor
public void invoke(FilterInvocation fi)
throws IOException,
javax.servlet.ServletException
IOException
javax.servlet.ServletExceptionpublic boolean isObserveOncePerRequest()
true,
meaning the FilterSecurityInterceptor will only execute once-per-request. Sometimes users may wish
it to execute more than once per request, such as when JSP forwards are being used and filter security is
desired on each included fragment of the HTTP request.
true (the default) if once-per-request is honoured, otherwise false if
FilterSecurityInterceptor will enforce authorizations for each and every fragment of the
HTTP request.public void setObserveOncePerRequest(boolean observeOncePerRequest)
|
spring-security-web | ||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | ||||||||