📄 abstractprocessingfilter.java
字号:
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */package org.acegisecurity.ui;import org.acegisecurity.AcegiMessageSource;import org.acegisecurity.Authentication;import org.acegisecurity.AuthenticationException;import org.acegisecurity.AuthenticationManager;import org.acegisecurity.context.SecurityContextHolder;import org.acegisecurity.event.authentication.InteractiveAuthenticationSuccessEvent;import org.acegisecurity.ui.rememberme.NullRememberMeServices;import org.acegisecurity.ui.rememberme.RememberMeServices;import org.acegisecurity.ui.savedrequest.SavedRequest;import org.apache.commons.logging.Log;import org.apache.commons.logging.LogFactory;import org.springframework.beans.factory.InitializingBean;import org.springframework.context.ApplicationEventPublisher;import org.springframework.context.ApplicationEventPublisherAware;import org.springframework.context.MessageSource;import org.springframework.context.MessageSourceAware;import org.springframework.context.support.MessageSourceAccessor;import org.springframework.util.Assert;import java.io.IOException;import java.util.Properties;import javax.servlet.Filter;import javax.servlet.FilterChain;import javax.servlet.FilterConfig;import javax.servlet.ServletException;import javax.servlet.ServletRequest;import javax.servlet.ServletResponse;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;/** * Abstract processor of browser-based HTTP-based authentication requests. * <p> * This filter is responsible for processing authentication requests. If * authentication is successful, the resulting {@link Authentication} object * will be placed into the <code>SecurityContext</code>, which is guaranteed * to have already been created by an earlier filter. * </p> * <p> * If authentication fails, the <code>AuthenticationException</code> will be * placed into the <code>HttpSession</code> with the attribute defined by * {@link #ACEGI_SECURITY_LAST_EXCEPTION_KEY}. * </p> * <p> * To use this filter, it is necessary to specify the following properties: * </p> * <ul> * <li><code>defaultTargetUrl</code> indicates the URL that should be used * for redirection if the <code>HttpSession</code> attribute named * {@link #ACEGI_SAVED_REQUEST_KEY} does not indicate the target URL once * authentication is completed successfully. eg: <code>/</code>. The * <code>defaultTargetUrl</code> will be treated as relative to the web-app's * context path, and should include the leading <code>/</code>. * Alternatively, inclusion of a scheme name (eg http:// or https://) as the * prefix will denote a fully-qualified URL and this is also supported.</li> * <li><code>authenticationFailureUrl</code> indicates the URL that should be * used for redirection if the authentication request fails. eg: * <code>/login.jsp?login_error=1</code>.</li> * <li><code>filterProcessesUrl</code> indicates the URL that this filter * will respond to. This parameter varies by subclass.</li> * <li><code>alwaysUseDefaultTargetUrl</code> causes successful * authentication to always redirect to the <code>defaultTargetUrl</code>, * even if the <code>HttpSession</code> attribute named {@link * #ACEGI_SAVED_REQUEST_KEY} defines the intended target URL.</li> * </ul> * <p> * To configure this filter to redirect to specific pages as the result of * specific {@link AuthenticationException}s you can do the following. * Configure the <code>exceptionMappings</code> property in your application * xml. This property is a java.util.Properties object that maps a * fully-qualified exception class name to a redirection url target. For * example: * * <pre> * <property name="exceptionMappings"> * <props> * <prop> key="org.acegisecurity.BadCredentialsException">/bad_credentials.jsp</prop> * </props> * </property> * </pre> * * The example above would redirect all * {@link org.acegisecurity.BadCredentialsException}s thrown, to a page in the * web-application called /bad_credentials.jsp. * </p> * <p> * Any {@link AuthenticationException} thrown that cannot be matched in the * <code>exceptionMappings</code> will be redirected to the * <code>authenticationFailureUrl</code> * </p> * <p> * If authentication is successful, an {@link * org.acegisecurity.event.authentication.InteractiveAuthenticationSuccessEvent} * will be published to the application context. No events will be published if * authentication was unsuccessful, because this would generally be recorded via * an <code>AuthenticationManager</code>-specific application event. * </p> * * @author Ben Alex * @version $Id: AbstractProcessingFilter.java 1909 2007-06-19 04:08:19Z * vishalpuri $ */public abstract class AbstractProcessingFilter implements Filter, InitializingBean, ApplicationEventPublisherAware, MessageSourceAware { // ~ Static fields/initializers // ===================================================================================== public static final String ACEGI_SAVED_REQUEST_KEY = "ACEGI_SAVED_REQUEST_KEY"; public static final String ACEGI_SECURITY_LAST_EXCEPTION_KEY = "ACEGI_SECURITY_LAST_EXCEPTION"; // ~ Instance fields // ================================================================================================ protected ApplicationEventPublisher eventPublisher; protected AuthenticationDetailsSource authenticationDetailsSource = new AuthenticationDetailsSourceImpl(); private AuthenticationManager authenticationManager; protected final Log logger = LogFactory.getLog(this.getClass()); protected MessageSourceAccessor messages = AcegiMessageSource.getAccessor(); private Properties exceptionMappings = new Properties(); private RememberMeServices rememberMeServices = new NullRememberMeServices(); /** Where to redirect the browser to if authentication fails */ private String authenticationFailureUrl; /** * Where to redirect the browser to if authentication is successful but * ACEGI_SAVED_REQUEST_KEY is <code>null</code> */ private String defaultTargetUrl; /** * The URL destination that this filter intercepts and processes (usually * something like <code>/j_acegi_security_check</code>) */ private String filterProcessesUrl = getDefaultFilterProcessesUrl(); /** * If <code>true</code>, will always redirect to the value of * {@link #getDefaultTargetUrl} upon successful authentication, irrespective * of the page that caused the authentication request (defaults to * <code>false</code>). */ private boolean alwaysUseDefaultTargetUrl = false; /** * Indicates if the filter chain should be continued prior to delegation to * {@link #successfulAuthentication(HttpServletRequest, HttpServletResponse, * Authentication)}, which may be useful in certain environment (eg * Tapestry). Defaults to <code>false</code>. */ private boolean continueChainBeforeSuccessfulAuthentication = false; /** * Specifies the buffer size to use in the event of a directory. A buffer * size is used to ensure the response is not written back to the client * immediately. This provides a way for the <code>HttpSession</code> to be * updated before the browser redirect will be sent. Defaults to an 8 Kb * buffer. */ private int bufferSize = 8 * 1024; /** * If true, causes any redirection URLs to be calculated minus the protocol * and context path (defaults to false). */ private boolean useRelativeContext = false; // ~ Methods // ======================================================================================================== public void afterPropertiesSet() throws Exception { Assert.hasLength(filterProcessesUrl, "filterProcessesUrl must be specified"); Assert.hasLength(defaultTargetUrl, "defaultTargetUrl must be specified"); Assert.hasLength(authenticationFailureUrl, "authenticationFailureUrl must be specified"); Assert.notNull(authenticationManager, "authenticationManager must be specified"); Assert.notNull(this.rememberMeServices); } /** * Performs actual authentication. * * @param request from which to extract parameters and perform the * authentication * * @return the authenticated user * * @throws AuthenticationException if authentication fails */ public abstract Authentication attemptAuthentication(HttpServletRequest request) throws AuthenticationException; /** * Does nothing. We use IoC container lifecycle services instead. */ public void destroy() { } public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { if (!(request instanceof HttpServletRequest)) { throw new ServletException("Can only process HttpServletRequest"); } if (!(response instanceof HttpServletResponse)) { throw new ServletException("Can only process HttpServletResponse"); } HttpServletRequest httpRequest = (HttpServletRequest) request; HttpServletResponse httpResponse = (HttpServletResponse) response; if (requiresAuthentication(httpRequest, httpResponse)) { if (logger.isDebugEnabled()) { logger.debug("Request is to process authentication"); } Authentication authResult; try { onPreAuthentication(httpRequest, httpResponse); authResult = attemptAuthentication(httpRequest); } catch (AuthenticationException failed) { // Authentication failed unsuccessfulAuthentication(httpRequest, httpResponse, failed); return; } // Authentication success if (continueChainBeforeSuccessfulAuthentication) { chain.doFilter(request, response); } successfulAuthentication(httpRequest, httpResponse, authResult); return; } chain.doFilter(request, response); } public String getAuthenticationFailureUrl() { return authenticationFailureUrl; } public AuthenticationManager getAuthenticationManager() {⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -