com.force.sdk.springsecurity
Class AuthenticationProcessingFilter
java.lang.Object
org.springframework.web.filter.GenericFilterBean
org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
com.force.sdk.springsecurity.AuthenticationProcessingFilter
- All Implemented Interfaces:
- javax.servlet.Filter, org.springframework.beans.factory.BeanNameAware, org.springframework.beans.factory.DisposableBean, org.springframework.beans.factory.InitializingBean, org.springframework.context.ApplicationEventPublisherAware, org.springframework.context.MessageSourceAware, org.springframework.web.context.ServletContextAware
public class AuthenticationProcessingFilter
- extends org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
This filter gets configured into the spring security filter chain as the FORM_LOGIN_FILTER.
There are two URLs of interest to this filter:
- The oauth access code callback (_auth)
- The application's configured login page url. This is configured in the login-url attribute of the fss:oauth element.
See @doclink force-security for more information.
- Author:
- Fiaz Hossain, John Simone
Fields inherited from class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter |
authenticationDetailsSource, eventPublisher, messages, SPRING_SECURITY_LAST_EXCEPTION_KEY |
Fields inherited from class org.springframework.web.filter.GenericFilterBean |
logger |
Method Summary |
void |
afterPropertiesSet()
|
org.springframework.security.core.Authentication |
attemptAuthentication(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
Called when the access code callback is received. |
void |
doFilter(javax.servlet.ServletRequest req,
javax.servlet.ServletResponse res,
javax.servlet.FilterChain chain)
The main purpose of this filter is to decide if this is a request for the application's configured login URL. |
void |
setAuthenticationEntryPoint(org.springframework.security.web.AuthenticationEntryPoint authenticationEntryPoint)
|
void |
setFilterProcessesUrl(String filterProcessesUrl)
|
void |
setOauthConnector(ForceOAuthConnector oauthConnector)
|
Methods inherited from class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter |
getAllowSessionCreation, getAuthenticationDetailsSource, getAuthenticationManager, getFilterProcessesUrl, getRememberMeServices, requiresAuthentication, setAllowSessionCreation, setApplicationEventPublisher, setAuthenticationDetailsSource, setAuthenticationFailureHandler, setAuthenticationManager, setAuthenticationSuccessHandler, setContinueChainBeforeSuccessfulAuthentication, setMessageSource, setRememberMeServices, setSessionAuthenticationStrategy, successfulAuthentication, unsuccessfulAuthentication |
Methods inherited from class org.springframework.web.filter.GenericFilterBean |
addRequiredProperty, destroy, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setServletContext |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
AuthenticationProcessingFilter
protected AuthenticationProcessingFilter()
setOauthConnector
public void setOauthConnector(ForceOAuthConnector oauthConnector)
setAuthenticationEntryPoint
public void setAuthenticationEntryPoint(org.springframework.security.web.AuthenticationEntryPoint authenticationEntryPoint)
setFilterProcessesUrl
public void setFilterProcessesUrl(String filterProcessesUrl)
- Overrides:
setFilterProcessesUrl
in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
doFilter
public void doFilter(javax.servlet.ServletRequest req,
javax.servlet.ServletResponse res,
javax.servlet.FilterChain chain)
throws IOException,
javax.servlet.ServletException
- The main purpose of this filter is to decide if this is a request for the application's configured login URL.
If it is then a redirect to the Force.com login page will be sent to begin the OAuth handshake.
- Specified by:
doFilter
in interface javax.servlet.Filter
- Overrides:
doFilter
in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
- Parameters:
req
- ServletRequest
res
- ServletResponse
chain
- FilterChain
- Throws:
IOException
- when an error occurs sending the redirect
javax.servlet.ServletException
- only thrown by parent class
afterPropertiesSet
public void afterPropertiesSet()
- Specified by:
afterPropertiesSet
in interface org.springframework.beans.factory.InitializingBean
- Overrides:
afterPropertiesSet
in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
attemptAuthentication
public org.springframework.security.core.Authentication attemptAuthentication(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
throws org.springframework.security.core.AuthenticationException
- Called when the access code callback is received. This will eventually trigger the
OAuthAuthenticationProvider
which is registered as a provider to the authentication manager.
- Specified by:
attemptAuthentication
in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
- Parameters:
request
- HttpServletRequest
response
- HttpServletResponse
- Returns:
Authentication
- Throws:
org.springframework.security.core.AuthenticationException
- when an error occurs
Copyright © 2011. All Rights Reserved.