Class FormLoginAuthenticationFilter
- java.lang.Object
-
- org.springframework.web.filter.GenericFilterBean
-
- org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
-
- org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
-
- com.broadleafcommerce.auth.user.session.FormLoginAuthenticationFilter
-
- All Implemented Interfaces:
javax.servlet.Filter
,org.springframework.beans.factory.Aware
,org.springframework.beans.factory.BeanNameAware
,org.springframework.beans.factory.DisposableBean
,org.springframework.beans.factory.InitializingBean
,org.springframework.context.ApplicationEventPublisherAware
,org.springframework.context.EnvironmentAware
,org.springframework.context.MessageSourceAware
,org.springframework.core.env.EnvironmentCapable
,org.springframework.web.context.ServletContextAware
- Direct Known Subclasses:
EmbeddedLoginAuthenticationFilter
public class FormLoginAuthenticationFilter extends org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
Processes an authentication form submission for an OAuth2 Authorization Server for Universal Login.Login forms must present three parameters to this filter: an OAuth2 clientId, username, and password. The default parameter names to use are contained in the static fields
OAuth2Utils.CLIENT_ID
,UsernamePasswordAuthenticationFilter.SPRING_SECURITY_FORM_USERNAME_KEY
andUsernamePasswordAuthenticationFilter.SPRING_SECURITY_FORM_PASSWORD_KEY
. The parameter names for username/password can also be changed by setting theusernameParameter
andpasswordParameter
properties.This filter by default responds to the URL
/login
.- Author:
- Nick Crum (ncrum)
- See Also:
for embedded login.
-
-
Field Summary
-
Fields inherited from class org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
SPRING_SECURITY_FORM_PASSWORD_KEY, SPRING_SECURITY_FORM_USERNAME_KEY
-
-
Constructor Summary
Constructors Constructor Description FormLoginAuthenticationFilter(org.springframework.security.authentication.AuthenticationManager authenticationManager, org.springframework.security.web.authentication.AuthenticationSuccessHandler successHandler, org.springframework.security.web.authentication.AuthenticationFailureHandler failureHandler, org.springframework.security.web.authentication.session.SessionAuthenticationStrategy sessionAuthenticationStrategy, StatelessUtil util, UserLockoutService userLockoutService)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description org.springframework.security.core.Authentication
attemptAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
protected org.springframework.security.authentication.UsernamePasswordAuthenticationToken
buildAuthToken(String clientId, String username, String password)
Creates aUsernamePasswordAuthenticationToken
from the authentication request.protected UserLockoutService
getUserLockoutService()
protected StatelessUtil
getUtil()
protected String
obtainClientId(javax.servlet.http.HttpServletRequest request)
Enables subclasses to override the composition of the clientIdprotected org.springframework.security.core.Authentication
tryAuthenticate(org.springframework.security.core.Authentication authRequest, String clientId, String username)
protected void
unsuccessfulAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, org.springframework.security.core.AuthenticationException failed)
-
Methods inherited from class org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
getPasswordParameter, getUsernameParameter, obtainPassword, obtainUsername, setDetails, setPasswordParameter, setPostOnly, setUsernameParameter
-
Methods inherited from class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
afterPropertiesSet, doFilter, getAllowSessionCreation, getAuthenticationManager, getFailureHandler, getRememberMeServices, getSuccessHandler, requiresAuthentication, setAllowSessionCreation, setApplicationEventPublisher, setAuthenticationDetailsSource, setAuthenticationFailureHandler, setAuthenticationManager, setAuthenticationSuccessHandler, setContinueChainBeforeSuccessfulAuthentication, setFilterProcessesUrl, setMessageSource, setRememberMeServices, setRequiresAuthenticationRequestMatcher, setSessionAuthenticationStrategy, successfulAuthentication
-
-
-
-
Constructor Detail
-
FormLoginAuthenticationFilter
public FormLoginAuthenticationFilter(org.springframework.security.authentication.AuthenticationManager authenticationManager, org.springframework.security.web.authentication.AuthenticationSuccessHandler successHandler, org.springframework.security.web.authentication.AuthenticationFailureHandler failureHandler, org.springframework.security.web.authentication.session.SessionAuthenticationStrategy sessionAuthenticationStrategy, StatelessUtil util, UserLockoutService userLockoutService)
-
-
Method Detail
-
attemptAuthentication
public org.springframework.security.core.Authentication attemptAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws org.springframework.security.core.AuthenticationException
- Overrides:
attemptAuthentication
in classorg.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
- Throws:
org.springframework.security.core.AuthenticationException
-
unsuccessfulAuthentication
protected void unsuccessfulAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, org.springframework.security.core.AuthenticationException failed) throws IOException, javax.servlet.ServletException
- Overrides:
unsuccessfulAuthentication
in classorg.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
- Throws:
IOException
javax.servlet.ServletException
-
buildAuthToken
protected org.springframework.security.authentication.UsernamePasswordAuthenticationToken buildAuthToken(String clientId, String username, String password)
Creates aUsernamePasswordAuthenticationToken
from the authentication request.- Parameters:
clientId
- ID of the client from which a user is trying to authenticateusername
- Provided username of the user trying to authenticatepassword
- Provided password of the user trying ot authenticate- Returns:
- A
UsernamePasswordAuthenticationToken
representing the authentication request data.
-
tryAuthenticate
protected org.springframework.security.core.Authentication tryAuthenticate(org.springframework.security.core.Authentication authRequest, String clientId, String username)
-
obtainClientId
protected String obtainClientId(javax.servlet.http.HttpServletRequest request)
Enables subclasses to override the composition of the clientId- Parameters:
request
- so that request attributes can be retrieved- Returns:
- the clientId that will be presented in the
Authentication
request token to theAuthenticationManager
-
getUtil
protected StatelessUtil getUtil()
-
getUserLockoutService
protected UserLockoutService getUserLockoutService()
-
-