|
spring-security-web | ||||||||
| PREV NEXT | FRAMES NO FRAMES | ||||||||
Authentication object as part of the contract.AccessDeniedException in the request for rendering.
ExceptionTranslationFilter to handle an
AccessDeniedException.AccessDeniedHandler.Authentication object in the SecurityContextHolder, and
populates it with one if needed.servletPath + pathInfo) of an HttpServletRequest.ExceptionTranslationFilter to commence an authentication scheme.SecurityContextHolder does not contain an
Authentication object and Spring Security wishes to provide an implementation with an
opportunity to authenticate the request using remember-me capabilities.
ExceptionTraslationFilter to commence authentication via the BasicAuthenticationFilter.SecurityContextHolder.AuthenticationManager
and which will ignore failed authentication attempts, allowing the request to proceed down the filter chain.
AuthenticationManager and
use the supplied AuthenticationEntryPoint to handle authentication failures.
ChannelDecisionManager.ChannelProcessor to launch a web channel.FilterInvocation provides the appropriate level of channel
security based on the requested list of ConfigAttributes.
FilterInvocation provides the appropriate level of channel
security based on the requested list of ConfigAttributes.
Throwable instances.
servletPath and
pathInfo, which do not contain path parameters (as defined in
RFC 2396).HttpServletRequest.SecurityFilterChain.AuthenticationEntryPoint which selects a concrete AuthenticationEntryPoint based on a
RequestMatcher evaluation.Throwable.
SecurityEnforcementFilter to commence authentication via the DigestAuthenticationFilter.SecurityContextHolder.DefaultSavedRequest.
requiresAuthentication
method to determine whether the request is for authentication and should be handled by this filter.
Subject using
JaasApiIntegrationFilter.obtainSubject(ServletRequest).
Enumeration around a Java 2 collection Iterator.AccessDeniedException and AuthenticationException thrown within the
filter chain.FilterInvocationSecurityMetadataSource.Throwable.
Filter requests to a list of Spring-managed filter beans.SecurityMetadataSource implementations
that are designed to perform lookups keyed on FilterInvocations.HttpFirewall interface.flushBuffer()
getDateHeader().
SecurityContextHolder.createEmptyContext() to obtain a new context (there should be
no context present in the holder when this method is called).
alwaysUseDefaultTargetUrl property is set to true.
SecurityFilterChains instead
getOutputStream().close() or
getOutputStream().flush()
credentialsRequestHeader is set, this
will be read and used as the credentials value.
principalRequestHeader from the request.
SecurityContextHolder.
ServletRequest was received on.
HttpSession id the authentication request was received from.
Authentication (which is a subclass of Principal), or
null if unavailable.
getWriter().close() or
getWriter().flush()
RedirectStrategy with the URL returned by the determineTargetUrl method.
SecurityContextRepository.loadContext(HttpRequestResponseHolder),
allowing the method to swap the request for a wrapped version, as well as returning the SecurityContext
value.HttpSessionEventPublisher when an HttpSession is created by the containerHttpSessionEventPublisher when a HttpSession is created in the containerRequestCache which stores the SavedRequest in the HttpSession.SecurityContextRepository implementation which stores the security context in the HttpSession
between requests.Throwables and ThrowableCauseExtractors.
HttpServletRequest.isSecure() responses.SessionManagementFilter when an invalid session Id is submitted and
detected in the SessionManagementFilter.InvocationTargetException instances.
saveContext() because of this wrapper.
GrantedAuthority.getAuthority().
HttpServletRequest.isUserInRole(String)) into GrantedAuthoritys and stores these in the authentication
details object.MappableAttributesRetriever
Filter which attempts to obtain a JAAS Subject
and continue the FilterChain running as that
Subject.ExceptionTranslationFilter to commence a form login
authentication via the UsernamePasswordAuthenticationFilter.LogoutHandler.
LogoutFilter, to handle redirection or
forwarding to the appropriate destination.servletPath + pathInfo + queryString) against
the compiled pattern.
NonceExpiredException with the specified
message.
NonceExpiredException with the specified
message and root cause.
NullRememberMeServices that does nothing.Subject to run as or null if no
Subject is available.
defaultFailureUrl if set, otherwise returns a 401 error code.
handle() method to forward or redirect to the target URL, and
then calls clearAuthenticationAttributes() to remove any leftover session data.
RememberMeServices
autoLogin method and the AuthenticationManager.
AuthenticationManager rejects the authentication object returned from the
RememberMeServices autoLogin method.
HttpServletRequest which requires authentication.HttpServletRequestWrapper.HttpSession events and publisher classes.RememberMeServices implementation based on Barry Jaspan's
Improved Persistent Login Cookie
Best Practice.PersistentTokenBasedRememberMeServices to store the persistent
login tokens for a user.PortMapper implementations provide callers with information
about which HTTP ports are associated with which HTTPS ports on the system,
and vice versa.PortMapper that obtains HTTP:HTTPS pairs from the application context.PortResolver determines the port a web request was received
on.PortResolver that obtains the port from ServletRequest.getServerPort().Authentication implementation for pre-authenticated
authentication.HttpServletRequest.Pattern instance to match against the request.
ThrowableCauseExtractor for the specified type.
Authentication object in the SecurityContext, and populates the context with
a remember-me authentication token if a RememberMeServices implementation so requests.SecurityContext when a sendError(), sendRedirect,
getOutputStream().close(), getOutputStream().flush(), getWriter().close(), or
getWriter().flush() happens.DefaultSavedRequest which may have been stored in
the session by the ExceptionTranslationFilter.AuthenticationException for use in view rendering.
HttpServletRequest.isSecure() responses.Filter which populates the ServletRequest with a request wrapper
which implements the servlet API security methods.HttpServletRequestWrapper, which uses the
SecurityContext-defined Authentication object to implement the servlet API security
methods SecurityContextHolderAwareRequestWrapper.isUserInRole(String) and HttpServletRequestWrapper.getRemoteUser().SecurityContextHolder.SecurityContextHolder with information obtained from
the configured SecurityContextRepository prior to the request and stores it back in the repository
once the request has completed and clearing the context holder.SecurityContext between requests.HttpServletRequest.sendError()
sendError()
sendRedirect()
HttpSessionCreatedEvent to the application
appContext.
HttpSessionDestroyedEvent to the application
appContext.
SessionAuthenticationStrategy.SessionAuthenticationStrategy to perform any session-related activity such as
activating session-fixation protection mechanisms or checking for multiple concurrent logins.true, will always redirect to the value of defaultTargetUrl
(defaults to false).
AbstractAuthenticationProcessingFilter.successfulAuthentication(HttpServletRequest, HttpServletResponse,
Authentication), which may be useful in certain environment (such as
Tapestry applications).
true, any AuthenticationException raised by the AuthenticationManager will be
swallowed, and the request will be allowed to proceed, potentially using alternative authentication mechanisms.
createEmptySubject.
true, indicates that it is permitted to store the target
URL and exception information in a new HttpSession (the default).
alwaysUseDefaultTargetUrl property is set to true.
List<SecurityFilterChain> instead.
HttpSession to be invalidated when this LogoutHandler is invoked.
UserDetails for the authenticated user.
extractAttributes method instead
loginFormUrl using the RequestDispatcher,
instead of a 302 redirect.
UserDetails object obtained for
the user when processing a remember-me cookie to automatically log in a user.
true the Referer header will be used (if available).
SessionManagementFilter.defaultFailureUrl property when the onAuthenticationFailure method is called.AbstractAuthenticationTargetUrlRequestHandler
base class logic.WebAttributes directly.
AuthenticationFailureHandler
X509Certificate.getSubjectDN()).AbstractAuthenticationProcessingFilter.successfulAuthentication(HttpServletRequest, HttpServletResponse, FilterChain, Authentication) instead.
Authentication instance returned by the
authentication manager into the secure context.
ChannelDecisionManager is able to process the passed
ConfigAttribute.
ChannelProcessor is able to process the passed
ConfigAttribute.
GrantedAuthority list that will be assigned to the principal
when they assume the identity of a different principal.GrantedAuthority used by
SwitchUserFilterThrowable instances.ThrowableAnalyzer instance.
Throwable type.AuthenticationDetailsSource which builds the details object from
an HttpServletRequest object, creating a WebAuthenticationDetails.WebXmlMappableAttributesRetriever.getMappableAttributes().
|
spring-security-web | ||||||||
| PREV NEXT | FRAMES NO FRAMES | ||||||||