org.acegisecurity.ui.basicauth
Class BasicProcessingFilter

java.lang.Object
  extended by org.acegisecurity.ui.basicauth.BasicProcessingFilter
All Implemented Interfaces:
javax.servlet.Filter, org.springframework.beans.factory.InitializingBean

public class BasicProcessingFilter
extends java.lang.Object
implements javax.servlet.Filter, org.springframework.beans.factory.InitializingBean

Processes a HTTP request's BASIC authorization headers, putting the result into the SecurityContextHolder.

For a detailed background on what this filter is designed to process, refer to RFC 1945, Section 11.1. Any realm name presented in the HTTP request is ignored.

In summary, this filter is responsible for processing any request that has a HTTP request header of Authorization with an authentication scheme of Basic and a Base64-encoded username:password token. For example, to authenticate user "Aladdin" with password "open sesame" the following header would be presented:

Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==.

This filter can be used to provide BASIC authentication services to both remoting protocol clients (such as Hessian and SOAP) as well as standard user agents (such as Internet Explorer and Netscape).

If authentication is successful, the resulting Authentication object will be placed into the SecurityContextHolder.

If authentication fails and ignoreFailure is false (the default), an AuthenticationEntryPoint implementation is called. Usually this should be BasicProcessingFilterEntryPoint, which will prompt the user to authenticate again via BASIC authentication.

Basic authentication is an attractive protocol because it is simple and widely deployed. However, it still transmits a password in clear text and as such is undesirable in many situations. Digest authentication is also provided by Acegi Security and should be used instead of Basic authentication wherever possible. See DigestProcessingFilter.

Note that if a rememberMeServices is set, this filter will automatically send back remember-me details to the client. Therefore, subsequent requests will not need to present a BASIC authentication header as they will be authenticated using the remember-me mechanism.

Do not use this class directly. Instead configure web.xml to use the FilterToBeanProxy.

Version:
$Id: BasicProcessingFilter.java 2277 2007-12-02 02:15:18Z benalex $
Author:
Ben Alex

Constructor Summary
BasicProcessingFilter()
           
 
Method Summary
 void afterPropertiesSet()
           
 void destroy()
           
 void doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain)
           
 AuthenticationEntryPoint getAuthenticationEntryPoint()
           
 AuthenticationManager getAuthenticationManager()
           
 void init(javax.servlet.FilterConfig arg0)
           
 boolean isIgnoreFailure()
           
 void setAuthenticationDetailsSource(AuthenticationDetailsSource authenticationDetailsSource)
           
 void setAuthenticationEntryPoint(AuthenticationEntryPoint authenticationEntryPoint)
           
 void setAuthenticationManager(AuthenticationManager authenticationManager)
           
 void setIgnoreFailure(boolean ignoreFailure)
           
 void setRememberMeServices(RememberMeServices rememberMeServices)
           
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

BasicProcessingFilter

public BasicProcessingFilter()
Method Detail

afterPropertiesSet

public void afterPropertiesSet()
                        throws java.lang.Exception
Specified by:
afterPropertiesSet in interface org.springframework.beans.factory.InitializingBean
Throws:
java.lang.Exception

destroy

public void destroy()
Specified by:
destroy in interface javax.servlet.Filter

doFilter

public void doFilter(javax.servlet.ServletRequest request,
                     javax.servlet.ServletResponse response,
                     javax.servlet.FilterChain chain)
              throws java.io.IOException,
                     javax.servlet.ServletException
Specified by:
doFilter in interface javax.servlet.Filter
Throws:
java.io.IOException
javax.servlet.ServletException

getAuthenticationEntryPoint

public AuthenticationEntryPoint getAuthenticationEntryPoint()

getAuthenticationManager

public AuthenticationManager getAuthenticationManager()

init

public void init(javax.servlet.FilterConfig arg0)
          throws javax.servlet.ServletException
Specified by:
init in interface javax.servlet.Filter
Throws:
javax.servlet.ServletException

isIgnoreFailure

public boolean isIgnoreFailure()

setAuthenticationDetailsSource

public void setAuthenticationDetailsSource(AuthenticationDetailsSource authenticationDetailsSource)

setAuthenticationEntryPoint

public void setAuthenticationEntryPoint(AuthenticationEntryPoint authenticationEntryPoint)

setAuthenticationManager

public void setAuthenticationManager(AuthenticationManager authenticationManager)

setIgnoreFailure

public void setIgnoreFailure(boolean ignoreFailure)

setRememberMeServices

public void setRememberMeServices(RememberMeServices rememberMeServices)


Copyright © 2004-2012 Interface21, Inc. All Rights Reserved.