public class ChannelProcessingFilter
extends org.springframework.web.filter.GenericFilterBean
Internally uses a FilterInvocation to represent the request, allowing a
FilterInvocationSecurityMetadataSource to be used to lookup the attributes
which apply.
Delegates the actual channel security decisions and necessary actions to the configured
ChannelDecisionManager. If a response is committed by the
ChannelDecisionManager, the filter chain will not proceed.
The most common usage is to ensure that a request takes place over HTTPS, where the
ChannelDecisionManagerImpl is configured with a SecureChannelProcessor
and an InsecureChannelProcessor. A typical configuration would be
<bean id="channelProcessingFilter" class="org.springframework.security.web.access.channel.ChannelProcessingFilter">
<property name="channelDecisionManager" ref="channelDecisionManager"/>
<property name="securityMetadataSource">
<security:filter-security-metadata-source request-matcher="regex">
<security:intercept-url pattern="\A/secure/.*\Z" access="REQUIRES_SECURE_CHANNEL"/>
<security:intercept-url pattern="\A/login.jsp.*\Z" access="REQUIRES_SECURE_CHANNEL"/>
<security:intercept-url pattern="\A/.*\Z" access="ANY_CHANNEL"/>
</security:filter-security-metadata-source>
</property>
</bean>
<bean id="channelDecisionManager" class="org.springframework.security.web.access.channel.ChannelDecisionManagerImpl">
<property name="channelProcessors">
<list>
<ref bean="secureChannelProcessor"/>
<ref bean="insecureChannelProcessor"/>
</list>
</property>
</bean>
<bean id="secureChannelProcessor"
class="org.springframework.security.web.access.channel.SecureChannelProcessor"/>
<bean id="insecureChannelProcessor"
class="org.springframework.security.web.access.channel.InsecureChannelProcessor"/>
which would force the login form and any access to the /secure path to be made
over HTTPS.| Constructor and Description |
|---|
ChannelProcessingFilter() |
| Modifier and Type | Method and Description |
|---|---|
void |
afterPropertiesSet() |
void |
doFilter(javax.servlet.ServletRequest req,
javax.servlet.ServletResponse res,
javax.servlet.FilterChain chain) |
protected ChannelDecisionManager |
getChannelDecisionManager() |
protected FilterInvocationSecurityMetadataSource |
getSecurityMetadataSource() |
void |
setChannelDecisionManager(ChannelDecisionManager channelDecisionManager) |
void |
setSecurityMetadataSource(FilterInvocationSecurityMetadataSource filterInvocationSecurityMetadataSource) |
public void afterPropertiesSet()
afterPropertiesSet in interface org.springframework.beans.factory.InitializingBeanafterPropertiesSet in class org.springframework.web.filter.GenericFilterBeanpublic void doFilter(javax.servlet.ServletRequest req,
javax.servlet.ServletResponse res,
javax.servlet.FilterChain chain)
throws java.io.IOException,
javax.servlet.ServletException
java.io.IOExceptionjavax.servlet.ServletExceptionprotected ChannelDecisionManager getChannelDecisionManager()
protected FilterInvocationSecurityMetadataSource getSecurityMetadataSource()
public void setChannelDecisionManager(ChannelDecisionManager channelDecisionManager)
public void setSecurityMetadataSource(FilterInvocationSecurityMetadataSource filterInvocationSecurityMetadataSource)