public class AuthenticationProcessingFilter extends AbstractProcessingFilter
Login forms must present two parameters to this filter: a username and
password. The default parameter names to use are contained in the
static fields SPRING_SECURITY_FORM_USERNAME_KEY
and SPRING_SECURITY_FORM_PASSWORD_KEY
.
The parameter names can also be changed by setting the usernameParameter and passwordParameter
properties.
Modifier and Type | Field and Description |
---|---|
static java.lang.String |
SPRING_SECURITY_FORM_PASSWORD_KEY |
static java.lang.String |
SPRING_SECURITY_FORM_USERNAME_KEY |
static java.lang.String |
SPRING_SECURITY_LAST_USERNAME_KEY |
authenticationDetailsSource, eventPublisher, messages, SPRING_SECURITY_LAST_EXCEPTION_KEY, SPRING_SECURITY_SAVED_REQUEST_KEY
logger
Constructor and Description |
---|
AuthenticationProcessingFilter() |
Modifier and Type | Method and Description |
---|---|
Authentication |
attemptAuthentication(javax.servlet.http.HttpServletRequest request)
Performs actual authentication.
|
java.lang.String |
getDefaultFilterProcessesUrl()
This filter by default responds to
/j_spring_security_check . |
int |
getOrder() |
protected java.lang.String |
obtainPassword(javax.servlet.http.HttpServletRequest request)
Enables subclasses to override the composition of the password, such as by including additional values
and a separator.
|
protected java.lang.String |
obtainUsername(javax.servlet.http.HttpServletRequest request)
Enables subclasses to override the composition of the username, such as by including additional values
and a separator.
|
protected void |
setDetails(javax.servlet.http.HttpServletRequest request,
UsernamePasswordAuthenticationToken authRequest)
Provided so that subclasses may configure what is put into the authentication request's details
property.
|
void |
setPasswordParameter(java.lang.String passwordParameter)
Sets the parameter name which will be used to obtain the password from the login request..
|
void |
setUsernameParameter(java.lang.String usernameParameter)
Sets the parameter name which will be used to obtain the username from the login request.
|
afterPropertiesSet, determineFailureUrl, determineTargetUrl, doFilterHttp, getAllowSessionCreation, getAuthenticationDetailsSource, getAuthenticationFailureUrl, getAuthenticationManager, getDefaultTargetUrl, getExceptionMappings, getFilterProcessesUrl, getRememberMeServices, getTargetUrlResolver, obtainFullSavedRequestUrl, onPreAuthentication, onSuccessfulAuthentication, onUnsuccessfulAuthentication, requiresAuthentication, sendRedirect, setAllowSessionCreation, setAlwaysUseDefaultTargetUrl, setApplicationEventPublisher, setAuthenticationDetailsSource, setAuthenticationFailureUrl, setAuthenticationManager, setContinueChainBeforeSuccessfulAuthentication, setDefaultTargetUrl, setExceptionMappings, setFilterProcessesUrl, setInvalidateSessionOnSuccessfulAuthentication, setMessageSource, setMigrateInvalidatedSessionAttributes, setRememberMeServices, setServerSideRedirect, setSessionRegistry, setTargetUrlResolver, setUseRelativeContext, successfulAuthentication, unsuccessfulAuthentication
destroy, doFilter, init, toString
public static final java.lang.String SPRING_SECURITY_FORM_USERNAME_KEY
public static final java.lang.String SPRING_SECURITY_FORM_PASSWORD_KEY
public static final java.lang.String SPRING_SECURITY_LAST_USERNAME_KEY
public Authentication attemptAuthentication(javax.servlet.http.HttpServletRequest request) throws AuthenticationException
AbstractProcessingFilter
attemptAuthentication
in class AbstractProcessingFilter
request
- from which to extract parameters and perform the
authenticationAuthenticationException
- if authentication failspublic java.lang.String getDefaultFilterProcessesUrl()
/j_spring_security_check
.getDefaultFilterProcessesUrl
in class AbstractProcessingFilter
protected java.lang.String obtainPassword(javax.servlet.http.HttpServletRequest request)
This might be used for example if a postcode/zipcode was required in addition to the
password. A delimiter such as a pipe (|) should be used to separate the password and extended value(s). The
AuthenticationDao
will need to generate the expected password in a corresponding manner.
request
- so that request attributes can be retrievedAuthentication
request token to the
AuthenticationManager
protected java.lang.String obtainUsername(javax.servlet.http.HttpServletRequest request)
request
- so that request attributes can be retrievedAuthentication
request token to the
AuthenticationManager
protected void setDetails(javax.servlet.http.HttpServletRequest request, UsernamePasswordAuthenticationToken authRequest)
request
- that an authentication request is being created forauthRequest
- the authentication request object that should have its details setpublic void setUsernameParameter(java.lang.String usernameParameter)
usernameParameter
- the parameter name. Defaults to "j_username".public void setPasswordParameter(java.lang.String passwordParameter)
passwordParameter
- the parameter name. Defaults to "j_password".public int getOrder()