Docjar: A Java Source and Docuemnt Enginecom.*    java.*    javax.*    org.*    all    new    plug-in

Quick Search    Search Deep

org.acegisecurity.ui.basicauth
Class BasicProcessingFilter  view BasicProcessingFilter download BasicProcessingFilter.java

java.lang.Object
  extended byorg.acegisecurity.ui.basicauth.BasicProcessingFilter
All Implemented Interfaces:
javax.servlet.Filter, org.springframework.beans.factory.InitializingBean

public class BasicProcessingFilter
extends java.lang.Object
implements javax.servlet.Filter, org.springframework.beans.factory.InitializingBean

Processes a HTTP request's BASIC authorization headers, putting the result into the SecurityContextHolder.

For a detailed background on what this filter is designed to process, refer to RFC 1945, Section 11.1. Any realm name presented in the HTTP request is ignored.

In summary, this filter is responsible for processing any request that has a HTTP request header of Authorization with an authentication scheme of Basic and a Base64-encoded username:password token. For example, to authenticate user "Aladdin" with password "open sesame" the following header would be presented:

Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==.

This filter can be used to provide BASIC authentication services to both remoting protocol clients (such as Hessian and SOAP) as well as standard user agents (such as Internet Explorer and Netscape).

If authentication is successful, the resulting org.acegisecurity.Authentication object will be placed into the SecurityContextHolder.

If authentication fails, an org.acegisecurity.intercept.web.AuthenticationEntryPoint implementation is called. Usually this should be BasicProcessingFilterEntryPoint, which will prompt the user to authenticate again via BASIC authentication.

Basic authentication is an attractive protocol because it is simple and widely deployed. However, it still transmits a password in clear text and as such is undesirable in many situations. Digest authentication is also provided by Acegi Security and should be used instead of Basic authentication wherever possible. See org.acegisecurity.ui.digestauth.DigestProcessingFilter.

Do not use this class directly. Instead configure web.xml to use the org.acegisecurity.util.FilterToBeanProxy.

Version:
$Id: BasicProcessingFilter.java,v 1.16 2005/11/17 00:56:48 benalex Exp $

Field Summary
private  org.acegisecurity.intercept.web.AuthenticationEntryPoint authenticationEntryPoint
           
private  org.acegisecurity.AuthenticationManager authenticationManager
           
private static org.apache.commons.logging.Log logger
           
 
Constructor Summary
BasicProcessingFilter()
           
 
Method Summary
 void afterPropertiesSet()
          Invoked by a BeanFactory after it has set all bean properties supplied (and satisfied BeanFactoryAware and ApplicationContextAware).
 void destroy()
          Called by the web container to indicate to a filter that it is being taken out of service.
 void doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain)
          The doFilter method of the Filter is called by the container each time a request/response pair is passed through the chain due to a client request for a resource at the end of the chain.
 org.acegisecurity.intercept.web.AuthenticationEntryPoint getAuthenticationEntryPoint()
           
 org.acegisecurity.AuthenticationManager getAuthenticationManager()
           
 void init(javax.servlet.FilterConfig arg0)
          Called by the web container to indicate to a filter that it is being placed into service.
 void setAuthenticationEntryPoint(org.acegisecurity.intercept.web.AuthenticationEntryPoint authenticationEntryPoint)
           
 void setAuthenticationManager(org.acegisecurity.AuthenticationManager authenticationManager)
           
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

logger

private static final org.apache.commons.logging.Log logger

authenticationEntryPoint

private org.acegisecurity.intercept.web.AuthenticationEntryPoint authenticationEntryPoint

authenticationManager

private org.acegisecurity.AuthenticationManager authenticationManager
Constructor Detail

BasicProcessingFilter

public BasicProcessingFilter()
Method Detail

setAuthenticationEntryPoint

public void setAuthenticationEntryPoint(org.acegisecurity.intercept.web.AuthenticationEntryPoint authenticationEntryPoint)

getAuthenticationEntryPoint

public org.acegisecurity.intercept.web.AuthenticationEntryPoint getAuthenticationEntryPoint()

setAuthenticationManager

public void setAuthenticationManager(org.acegisecurity.AuthenticationManager authenticationManager)

getAuthenticationManager

public org.acegisecurity.AuthenticationManager getAuthenticationManager()

afterPropertiesSet

public void afterPropertiesSet()
                        throws java.lang.Exception
Description copied from interface: org.springframework.beans.factory.InitializingBean
Invoked by a BeanFactory after it has set all bean properties supplied (and satisfied BeanFactoryAware and ApplicationContextAware).

This method allows the bean instance to perform initialization only possible when all bean properties have been set and to throw an exception in the event of misconfiguration.

Specified by:
afterPropertiesSet in interface org.springframework.beans.factory.InitializingBean

destroy

public void destroy()
Description copied from interface: javax.servlet.Filter
Called by the web container to indicate to a filter that it is being taken out of service. This method is only called once all threads within the filter's doFilter method have exited or after a timeout period has passed. After the web container calls this method, it will not call the doFilter method again on this instance of the filter.

This method gives the filter an opportunity to clean up any resources that are being held (for example, memory, file handles, threads) and make sure that any persistent state is synchronized with the filter's current state in memory.

Specified by:
destroy in interface javax.servlet.Filter

doFilter

public void doFilter(javax.servlet.ServletRequest request,
                     javax.servlet.ServletResponse response,
                     javax.servlet.FilterChain chain)
              throws java.io.IOException,
                     javax.servlet.ServletException
Description copied from interface: javax.servlet.Filter
The doFilter method of the Filter is called by the container each time a request/response pair is passed through the chain due to a client request for a resource at the end of the chain. The FilterChain passed in to this method allows the Filter to pass on the request and response to the next entity in the chain.

A typical implementation of this method would follow the following pattern:-
1. Examine the request
2. Optionally wrap the request object with a custom implementation to filter content or headers for input filtering
3. Optionally wrap the response object with a custom implementation to filter content or headers for output filtering
4. a) Either invoke the next entity in the chain using the FilterChain object (chain.doFilter()),
4. b) or not pass on the request/response pair to the next entity in the filter chain to block the request processing
5. Directly set headers on the response after invocation of the next entity in the filter chain.

Specified by:
doFilter in interface javax.servlet.Filter

init

public void init(javax.servlet.FilterConfig arg0)
          throws javax.servlet.ServletException
Description copied from interface: javax.servlet.Filter
Called by the web container to indicate to a filter that it is being placed into service. The servlet container calls the init method exactly once after instantiating the filter. The init method must complete successfully before the filter is asked to do any filtering work.

The web container cannot place the filter into service if the init method either
1.Throws a ServletException
2.Does not return within a time period defined by the web container

Specified by:
init in interface javax.servlet.Filter