Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
Spring Security Framework
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.springframework.security.ui.openid
Class OpenIDAuthenticationProcessingFilter

java.lang.Object
  extended by org.springframework.security.ui.SpringSecurityFilter
      extended by org.springframework.security.ui.AbstractProcessingFilter
          extended by org.springframework.security.ui.openid.OpenIDAuthenticationProcessingFilter
All Implemented Interfaces:
Filter, InitializingBean, ApplicationEventPublisherAware, MessageSourceAware, Ordered
public class OpenIDAuthenticationProcessingFilter
extends AbstractProcessingFilter

Since:
2.0
Version:
$Id$
Author:
Robin Bramley, Opsera Ltd, Ray Krueger

Field Summary
static String DEFAULT_CLAIMED_IDENTITY_FIELD
           
 
Fields inherited from class org.springframework.security.ui.AbstractProcessingFilter
authenticationDetailsSource, eventPublisher, messages, SPRING_SECURITY_LAST_EXCEPTION_KEY, SPRING_SECURITY_SAVED_REQUEST_KEY
 
Fields inherited from class org.springframework.security.ui.SpringSecurityFilter
logger
 
Fields inherited from interface org.springframework.core.Ordered
HIGHEST_PRECEDENCE, LOWEST_PRECEDENCE
 
Constructor Summary
OpenIDAuthenticationProcessingFilter()
           
 
Method Summary
 void afterPropertiesSet()
           
 Authentication attemptAuthentication(HttpServletRequest req)
          Performs actual authentication.
protected  String buildReturnToUrl(HttpServletRequest request)
           
protected  String determineFailureUrl(HttpServletRequest request, AuthenticationException failed)
           
 String getClaimedIdentityFieldName()
           
 OpenIDConsumer getConsumer()
           
 String getDefaultFilterProcessesUrl()
          Specifies the default filterProcessesUrl for the implementation.
 int getOrder()
           
 Map getRealmMapping()
          Maps the return_to url to a realm.
For example http://www.example.com/j_spring_openid_security_check -> http://www.example.com/realm
If no mapping is provided then the returnToUrl will be parsed to extract the protocol, hostname and port followed by a trailing slash.
This means that http://www.example.com/j_spring_openid_security_check will automatically become http://www.example.com:80/
protected  boolean isAuthenticated(HttpServletRequest request)
           
protected  boolean isOpenIdRequest(HttpServletRequest request)
          The OpenIdAuthenticationProcessingFilter will ignore the request coming in if this method returns false.
protected  String lookupRealm(String returnToUrl)
           
protected  String obtainUsername(HttpServletRequest req)
           
protected  void onUnsuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response, AuthenticationException failed)
           
 void setClaimedIdentityFieldName(String claimedIdentityFieldName)
           
 void setConsumer(OpenIDConsumer consumer)
           
 void setRealmMapping(Map realmMapping)
          Maps the return_to url to a realm.
For example http://www.example.com/j_spring_openid_security_check -> http://www.example.com/realm
If no mapping is provided then the returnToUrl will be parsed to extract the protocol, hostname and port followed by a trailing slash.
This means that http://www.example.com/j_spring_openid_security_check will automatically become http://www.example.com:80/
protected  void unsuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response, AuthenticationException failed)
           
 
Methods inherited from class org.springframework.security.ui.AbstractProcessingFilter
determineTargetUrl, doFilterHttp, getAllowSessionCreation, getAuthenticationDetailsSource, getAuthenticationFailureUrl, getAuthenticationManager, getDefaultTargetUrl, getExceptionMappings, getFilterProcessesUrl, getRememberMeServices, getTargetUrlResolver, obtainFullSavedRequestUrl, onPreAuthentication, onSuccessfulAuthentication, requiresAuthentication, sendRedirect, setAllowSessionCreation, setAlwaysUseDefaultTargetUrl, setApplicationEventPublisher, setAuthenticationDetailsSource, setAuthenticationFailureUrl, setAuthenticationManager, setContinueChainBeforeSuccessfulAuthentication, setDefaultTargetUrl, setExceptionMappings, setFilterProcessesUrl, setInvalidateSessionOnSuccessfulAuthentication, setMessageSource, setMigrateInvalidatedSessionAttributes, setRememberMeServices, setServerSideRedirect, setSessionRegistry, setTargetUrlResolver, setUseRelativeContext, successfulAuthentication
 
Methods inherited from class org.springframework.security.ui.SpringSecurityFilter
destroy, doFilter, init, toString
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
 

Field Detail

DEFAULT_CLAIMED_IDENTITY_FIELD

public static final String DEFAULT_CLAIMED_IDENTITY_FIELD
See Also:
Constant Field Values
Constructor Detail

OpenIDAuthenticationProcessingFilter

public OpenIDAuthenticationProcessingFilter()
Method Detail

afterPropertiesSet

public void afterPropertiesSet()
                        throws Exception
Specified by:
afterPropertiesSet in interface InitializingBean
Overrides:
afterPropertiesSet in class AbstractProcessingFilter
Throws:
Exception

attemptAuthentication

public Authentication attemptAuthentication(HttpServletRequest req)
                                     throws AuthenticationException
Description copied from class: AbstractProcessingFilter
Performs actual authentication.

Specified by:
attemptAuthentication in class AbstractProcessingFilter
Parameters:
req - from which to extract parameters and perform the authentication
Returns:
the authenticated user
Throws:
AuthenticationException - if authentication fails

determineFailureUrl

protected String determineFailureUrl(HttpServletRequest request,
                                     AuthenticationException failed)
Overrides:
determineFailureUrl in class AbstractProcessingFilter

lookupRealm

protected String lookupRealm(String returnToUrl)

buildReturnToUrl

protected String buildReturnToUrl(HttpServletRequest request)

getClaimedIdentityFieldName

public String getClaimedIdentityFieldName()

getConsumer

public OpenIDConsumer getConsumer()

getDefaultFilterProcessesUrl

public String getDefaultFilterProcessesUrl()
Description copied from class: AbstractProcessingFilter
Specifies the default filterProcessesUrl for the implementation.

Specified by:
getDefaultFilterProcessesUrl in class AbstractProcessingFilter
Returns:
the default filterProcessesUrl

isAuthenticated

protected boolean isAuthenticated(HttpServletRequest request)

isOpenIdRequest

protected boolean isOpenIdRequest(HttpServletRequest request)
The OpenIdAuthenticationProcessingFilter will ignore the request coming in if this method returns false. The default functionality checks if the request scheme starts with http.
This method should be overridden in subclasses that wish to consider a different strategy

Parameters:
request - HttpServletRequest we're processing
Returns:
true if this request is determined to be an OpenID request.

obtainUsername

protected String obtainUsername(HttpServletRequest req)

onUnsuccessfulAuthentication

protected void onUnsuccessfulAuthentication(HttpServletRequest request,
                                            HttpServletResponse response,
                                            AuthenticationException failed)
                                     throws IOException
Overrides:
onUnsuccessfulAuthentication in class AbstractProcessingFilter
Throws:
IOException

setClaimedIdentityFieldName

public void setClaimedIdentityFieldName(String claimedIdentityFieldName)

setConsumer

public void setConsumer(OpenIDConsumer consumer)

unsuccessfulAuthentication

protected void unsuccessfulAuthentication(HttpServletRequest request,
                                          HttpServletResponse response,
                                          AuthenticationException failed)
                                   throws IOException
Overrides:
unsuccessfulAuthentication in class AbstractProcessingFilter
Throws:
IOException

getOrder

public int getOrder()

getRealmMapping

public Map getRealmMapping()
Maps the return_to url to a realm.
For example http://www.example.com/j_spring_openid_security_check -> http://www.example.com/realm
If no mapping is provided then the returnToUrl will be parsed to extract the protocol, hostname and port followed by a trailing slash.
This means that http://www.example.com/j_spring_openid_security_check will automatically become http://www.example.com:80/

Returns:
Map containing returnToUrl -> realm mappings

setRealmMapping

public void setRealmMapping(Map realmMapping)
Maps the return_to url to a realm.
For example http://www.example.com/j_spring_openid_security_check -> http://www.example.com/realm
If no mapping is provided then the returnToUrl will be parsed to extract the protocol, hostname and port followed by a trailing slash.
This means that http://www.example.com/j_spring_openid_security_check will automatically become http://www.example.com:80/

Parameters:
realmMapping - containing returnToUrl -> realm mappings
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
Spring Security Framework
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2004-2010 SpringSource, Inc. All Rights Reserved.