org.springframework.security.ui.basicauth
Class BasicProcessingFilter

java.lang.Object
  org.springframework.security.ui.SpringSecurityFilter
      org.springframework.security.ui.basicauth.BasicProcessingFilter

All Implemented Interfaces:

Filter, InitializingBean, Ordered

public class BasicProcessingFilter
extends SpringSecurityFilter
implements InitializingBean

Processes a HTTP request's BASIC authorization headers, putting the result into the SecurityContextHolder.

For a detailed background on what this filter is designed to process, refer to RFC 1945, Section 11.1. Any realm name presented in the HTTP request is ignored.

In summary, this filter is responsible for processing any request that has a HTTP request header of Authorization with an authentication scheme of Basic and a Base64-encoded username:password token. For example, to authenticate user "Aladdin" with password "open sesame" the following header would be presented:

 Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
 

This filter can be used to provide BASIC authentication services to both remoting protocol clients (such as Hessian and SOAP) as well as standard user agents (such as Internet Explorer and Netscape).

If authentication is successful, the resulting Authentication object will be placed into the SecurityContextHolder.

If authentication fails and ignoreFailure is false (the default), an AuthenticationEntryPoint implementation is called (unless the ignoreFailure property is set to true). Usually this should be BasicProcessingFilterEntryPoint, which will prompt the user to authenticate again via BASIC authentication.

Basic authentication is an attractive protocol because it is simple and widely deployed. However, it still transmits a password in clear text and as such is undesirable in many situations. Digest authentication is also provided by Spring Security and should be used instead of Basic authentication wherever possible. See DigestProcessingFilter.

Note that if a RememberMeServices is set, this filter will automatically send back remember-me details to the client. Therefore, subsequent requests will not need to present a BASIC authentication header as they will be authenticated using the remember-me mechanism.

Version:

$Id$

Author:

Ben Alex

Field Summary

Fields inherited from class org.springframework.security.ui.SpringSecurityFilter

logger

Fields inherited from interface org.springframework.core.Ordered

HIGHEST_PRECEDENCE, LOWEST_PRECEDENCE

Constructor Summary

BasicProcessingFilter()

Method Summary

void	afterPropertiesSet()
void	doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
protected AuthenticationEntryPoint	getAuthenticationEntryPoint()
protected AuthenticationManager	getAuthenticationManager()
protected String	getCredentialsCharset(HttpServletRequest httpRequest)
int	getOrder()
protected boolean	isIgnoreFailure()
protected void	onSuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response, Authentication authResult)
protected void	onUnsuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response, AuthenticationException failed)
void	setAuthenticationDetailsSource(AuthenticationDetailsSource authenticationDetailsSource)
void	setAuthenticationEntryPoint(AuthenticationEntryPoint authenticationEntryPoint)
void	setAuthenticationManager(AuthenticationManager authenticationManager)
void	setCredentialsCharset(String credentialsCharset)
void	setIgnoreFailure(boolean ignoreFailure)
void	setRememberMeServices(RememberMeServices rememberMeServices)

Methods inherited from class org.springframework.security.ui.SpringSecurityFilter

destroy, doFilter, init, toString

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Constructor Detail

BasicProcessingFilter

public BasicProcessingFilter()

Method Detail

afterPropertiesSet

public void afterPropertiesSet()
                        throws Exception

Specified by:

afterPropertiesSet in interface InitializingBean

Throws:

Exception

doFilterHttp

public void doFilterHttp(HttpServletRequest request,
                         HttpServletResponse response,
                         FilterChain chain)
                  throws IOException,
                         ServletException

Specified by:

doFilterHttp in class SpringSecurityFilter

Throws:

IOException

ServletException

onSuccessfulAuthentication

protected void onSuccessfulAuthentication(HttpServletRequest request,
                                          HttpServletResponse response,
                                          Authentication authResult)
                                   throws IOException

Throws:

IOException

onUnsuccessfulAuthentication

protected void onUnsuccessfulAuthentication(HttpServletRequest request,
                                            HttpServletResponse response,
                                            AuthenticationException failed)
                                     throws IOException

Throws:

IOException

getAuthenticationEntryPoint

protected AuthenticationEntryPoint getAuthenticationEntryPoint()

setAuthenticationEntryPoint

public void setAuthenticationEntryPoint(AuthenticationEntryPoint authenticationEntryPoint)

getAuthenticationManager

protected AuthenticationManager getAuthenticationManager()

setAuthenticationManager

public void setAuthenticationManager(AuthenticationManager authenticationManager)

isIgnoreFailure

protected boolean isIgnoreFailure()

setIgnoreFailure

public void setIgnoreFailure(boolean ignoreFailure)

setAuthenticationDetailsSource

public void setAuthenticationDetailsSource(AuthenticationDetailsSource authenticationDetailsSource)

setRememberMeServices

public void setRememberMeServices(RememberMeServices rememberMeServices)

setCredentialsCharset

public void setCredentialsCharset(String credentialsCharset)

getCredentialsCharset

protected String getCredentialsCharset(HttpServletRequest httpRequest)

getOrder

public int getOrder()

Specified by:

getOrder in interface Ordered