org.springframework.security.intercept.web

Class FilterSecurityInterceptor

java.lang.Object

org.springframework.security.intercept.AbstractSecurityInterceptor

org.springframework.security.intercept.web.FilterSecurityInterceptor

All Implemented Interfaces:

javax.servlet.Filter, org.springframework.beans.factory.InitializingBean, org.springframework.context.ApplicationEventPublisherAware, org.springframework.context.MessageSourceAware, org.springframework.core.Ordered

public class FilterSecurityInterceptor
extends AbstractSecurityInterceptor
implements javax.servlet.Filter, org.springframework.core.Ordered

Performs security handling of HTTP resources via a filter implementation.

The ObjectDefinitionSource required by this security interceptor is of type FilterInvocationDefinitionSource.

Refer to AbstractSecurityInterceptor for details on the workflow.

Version:

$Id$

Author:

Ben Alex

Field Summary

Fields inherited from class org.springframework.security.intercept.AbstractSecurityInterceptor

logger, messages

Fields inherited from interface org.springframework.core.Ordered

HIGHEST_PRECEDENCE, LOWEST_PRECEDENCE

Constructor Summary

Constructors

Constructor and Description
FilterSecurityInterceptor()

Method Summary

Methods

Modifier and Type	Method and Description
void	destroy() Not used (we rely on IoC container lifecycle services instead)
void	doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain) Method that is actually called by the filter chain.
FilterInvocationDefinitionSource	getObjectDefinitionSource()
int	getOrder()
java.lang.Class	getSecureObjectClass() Indicates the type of secure objects the subclass will be presenting to the abstract parent for processing.
void	init(javax.servlet.FilterConfig arg0) Not used (we rely on IoC container lifecycle services instead)
void	invoke(FilterInvocation fi)
boolean	isObserveOncePerRequest() Indicates whether once-per-request handling will be observed.
ObjectDefinitionSource	obtainObjectDefinitionSource()
void	setObjectDefinitionSource(FilterInvocationDefinitionSource newSource)
void	setObserveOncePerRequest(boolean observeOncePerRequest)

Methods inherited from class org.springframework.security.intercept.AbstractSecurityInterceptor

afterInvocation, afterPropertiesSet, beforeInvocation, getAccessDecisionManager, getAfterInvocationManager, getAuthenticationManager, getRunAsManager, isAlwaysReauthenticate, isRejectPublicInvocations, isValidateConfigAttributes, setAccessDecisionManager, setAfterInvocationManager, setAlwaysReauthenticate, setApplicationEventPublisher, setAuthenticationManager, setMessageSource, setRejectPublicInvocations, setRunAsManager, setValidateConfigAttributes

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

FilterSecurityInterceptor

public FilterSecurityInterceptor()

Method Detail

init

public void init(javax.servlet.FilterConfig arg0)
          throws javax.servlet.ServletException

Not used (we rely on IoC container lifecycle services instead)

Specified by:

init in interface javax.servlet.Filter

Parameters:

arg0 - ignored

Throws:

javax.servlet.ServletException - never thrown

destroy

public void destroy()

Not used (we rely on IoC container lifecycle services instead)

Specified by:

destroy in interface javax.servlet.Filter

doFilter

public void doFilter(javax.servlet.ServletRequest request,
            javax.servlet.ServletResponse response,
            javax.servlet.FilterChain chain)
              throws java.io.IOException,
                     javax.servlet.ServletException

Method that is actually called by the filter chain. Simply delegates to the invoke(FilterInvocation) method.

Specified by:

doFilter in interface javax.servlet.Filter

Parameters:

request - the servlet request

response - the servlet response

chain - the filter chain

Throws:

java.io.IOException - if the filter chain fails

javax.servlet.ServletException - if the filter chain fails

getObjectDefinitionSource

public FilterInvocationDefinitionSource getObjectDefinitionSource()

getSecureObjectClass

public java.lang.Class getSecureObjectClass()

Description copied from class: AbstractSecurityInterceptor

Indicates the type of secure objects the subclass will be presenting to the abstract parent for processing. This is used to ensure collaborators wired to the AbstractSecurityInterceptor all support the indicated secure object class.

Specified by:

getSecureObjectClass in class AbstractSecurityInterceptor

Returns:

the type of secure object the subclass provides services for

invoke

public void invoke(FilterInvocation fi)
            throws java.io.IOException,
                   javax.servlet.ServletException

Throws:

java.io.IOException

javax.servlet.ServletException

isObserveOncePerRequest

public boolean isObserveOncePerRequest()

Indicates whether once-per-request handling will be observed. By default this is true, meaning the FilterSecurityInterceptor will only execute once-per-request. Sometimes users may wish it to execute more than once per request, such as when JSP forwards are being used and filter security is desired on each included fragment of the HTTP request.

Returns:

true (the default) if once-per-request is honoured, otherwise false if FilterSecurityInterceptor will enforce authorizations for each and every fragment of the HTTP request.

obtainObjectDefinitionSource

public ObjectDefinitionSource obtainObjectDefinitionSource()

Specified by:

obtainObjectDefinitionSource in class AbstractSecurityInterceptor

setObjectDefinitionSource

public void setObjectDefinitionSource(FilterInvocationDefinitionSource newSource)

setObserveOncePerRequest

public void setObserveOncePerRequest(boolean observeOncePerRequest)

getOrder

public int getOrder()

Specified by:

getOrder in interface org.springframework.core.Ordered