public class BasicHeaderProcessor extends Object implements javax.servlet.Filter
Authorization HTTP header and authenticates
the request.
Implementations of BasicHeaderAuthenticator includes one that accepts the real password,
then one that checks the user's API token. We call them all from a single Filter like this,
as opposed to using a list of Filters, so that multiple filters don't end up trying
to authenticate the same header differently and fail.
| Constructor and Description |
|---|
BasicHeaderProcessor() |
| Modifier and Type | Method and Description |
|---|---|
protected List<? extends BasicHeaderAuthenticator> |
all() |
protected boolean |
authenticationIsRequired(String username)
If the request is already authenticated to the same user that the Authorization header claims,
for example through the HTTP session, then there's no need to re-authenticate the Authorization header,
so we skip that.
|
void |
destroy() |
void |
doFilter(javax.servlet.ServletRequest request,
javax.servlet.ServletResponse response,
javax.servlet.FilterChain chain) |
protected void |
fail(javax.servlet.http.HttpServletRequest req,
javax.servlet.http.HttpServletResponse rsp,
org.acegisecurity.BadCredentialsException failure) |
void |
init(javax.servlet.FilterConfig filterConfig) |
void |
setAuthenticationEntryPoint(org.acegisecurity.ui.AuthenticationEntryPoint authenticationEntryPoint) |
void |
setRememberMeServices(org.acegisecurity.ui.rememberme.RememberMeServices rememberMeServices) |
protected void |
success(javax.servlet.http.HttpServletRequest req,
javax.servlet.http.HttpServletResponse rsp,
javax.servlet.FilterChain chain,
org.acegisecurity.Authentication auth) |
public void init(javax.servlet.FilterConfig filterConfig)
throws javax.servlet.ServletException
init in interface javax.servlet.Filterjavax.servlet.ServletExceptionpublic void setAuthenticationEntryPoint(org.acegisecurity.ui.AuthenticationEntryPoint authenticationEntryPoint)
public void setRememberMeServices(org.acegisecurity.ui.rememberme.RememberMeServices rememberMeServices)
public void doFilter(javax.servlet.ServletRequest request,
javax.servlet.ServletResponse response,
javax.servlet.FilterChain chain)
throws IOException,
javax.servlet.ServletException
doFilter in interface javax.servlet.FilterIOExceptionjavax.servlet.ServletExceptionprotected boolean authenticationIsRequired(String username)
SecurityRealm.
This method returns false if we can take this short-cut.protected void success(javax.servlet.http.HttpServletRequest req,
javax.servlet.http.HttpServletResponse rsp,
javax.servlet.FilterChain chain,
org.acegisecurity.Authentication auth)
throws IOException,
javax.servlet.ServletException
IOExceptionjavax.servlet.ServletExceptionprotected void fail(javax.servlet.http.HttpServletRequest req,
javax.servlet.http.HttpServletResponse rsp,
org.acegisecurity.BadCredentialsException failure)
throws IOException,
javax.servlet.ServletException
IOExceptionjavax.servlet.ServletExceptionprotected List<? extends BasicHeaderAuthenticator> all()
public void destroy()
destroy in interface javax.servlet.FilterCopyright © 2004–2020. All rights reserved.