org.springframework.security.providers.anonymous
Class AnonymousProcessingFilter
java.lang.Object
org.springframework.security.ui.SpringSecurityFilter
org.springframework.security.providers.anonymous.AnonymousProcessingFilter
- All Implemented Interfaces:
- javax.servlet.Filter, org.springframework.beans.factory.InitializingBean, org.springframework.core.Ordered
public class AnonymousProcessingFilter
- extends SpringSecurityFilter
- implements org.springframework.beans.factory.InitializingBean
Detects if there is no Authentication
object in the SecurityContextHolder
, and
populates it with one if needed.
- Version:
- $Id: AnonymousProcessingFilter.java 2800 2008-03-25 14:51:34Z luke_t $
- Author:
- Ben Alex
Fields inherited from interface org.springframework.core.Ordered |
HIGHEST_PRECEDENCE, LOWEST_PRECEDENCE |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait |
AnonymousProcessingFilter
public AnonymousProcessingFilter()
afterPropertiesSet
public void afterPropertiesSet()
throws java.lang.Exception
- Specified by:
afterPropertiesSet
in interface org.springframework.beans.factory.InitializingBean
- Throws:
java.lang.Exception
applyAnonymousForThisRequest
protected boolean applyAnonymousForThisRequest(javax.servlet.http.HttpServletRequest request)
- Enables subclasses to determine whether or not an anonymous authentication token should be setup for
this request. This is useful if anonymous authentication should be allowed only for specific IP subnet ranges
etc.
- Parameters:
request
- to assist the method determine request details
- Returns:
true
if the anonymous token should be setup for this request (provided that the request
doesn't already have some other Authentication
inside it), or false
if no
anonymous token should be setup for this request
createAuthentication
protected Authentication createAuthentication(javax.servlet.http.HttpServletRequest request)
doFilterHttp
protected void doFilterHttp(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
javax.servlet.FilterChain chain)
throws java.io.IOException,
javax.servlet.ServletException
- Specified by:
doFilterHttp
in class SpringSecurityFilter
- Throws:
java.io.IOException
javax.servlet.ServletException
getOrder
public int getOrder()
- Specified by:
getOrder
in interface org.springframework.core.Ordered
getKey
public java.lang.String getKey()
getUserAttribute
public UserAttribute getUserAttribute()
isRemoveAfterRequest
public boolean isRemoveAfterRequest()
setAuthenticationDetailsSource
public void setAuthenticationDetailsSource(AuthenticationDetailsSource authenticationDetailsSource)
setKey
public void setKey(java.lang.String key)
setRemoveAfterRequest
public void setRemoveAfterRequest(boolean removeAfterRequest)
- Controls whether the filter will remove the Anonymous token after the request is complete. Generally
this is desired to avoid the expense of a session being created by
HttpSessionContextIntegrationFilter
simply to
store the Anonymous authentication token.Defaults to true
, being the most optimal and
appropriate option (ie AnonymousProcessingFilter
will clear the token at the end of each request,
thus avoiding the session creation overhead in a typical configuration.
- Parameters:
removeAfterRequest
- DOCUMENT ME!
setUserAttribute
public void setUserAttribute(UserAttribute userAttributeDefinition)