Class EmbeddedLoginAuthenticationFilter
- java.lang.Object
-
- org.springframework.web.filter.GenericFilterBean
-
- org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
-
- org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
-
- com.broadleafcommerce.auth.user.session.FormLoginAuthenticationFilter
-
- com.broadleafcommerce.auth.user.session.embedded.EmbeddedLoginAuthenticationFilter
-
- All Implemented Interfaces:
javax.servlet.Filter
,org.springframework.beans.factory.Aware
,org.springframework.beans.factory.BeanNameAware
,org.springframework.beans.factory.DisposableBean
,org.springframework.beans.factory.InitializingBean
,org.springframework.context.ApplicationEventPublisherAware
,org.springframework.context.EnvironmentAware
,org.springframework.context.MessageSourceAware
,org.springframework.core.env.EnvironmentCapable
,org.springframework.web.context.ServletContextAware
public class EmbeddedLoginAuthenticationFilter extends FormLoginAuthenticationFilter
Processes an authentication form submission from an embedded login form.This is distinguished from universal log in supported by
FormLoginAuthenticationFilter
via the request path:/embedded/login
instead of/login
.- Author:
- Nathan Moore (nathandmoore)
- See Also:
for the equivalent when using Universal Login
-
-
Field Summary
-
Fields inherited from class org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
SPRING_SECURITY_FORM_PASSWORD_KEY, SPRING_SECURITY_FORM_USERNAME_KEY
-
-
Constructor Summary
Constructors Constructor Description EmbeddedLoginAuthenticationFilter(org.springframework.security.authentication.AuthenticationManager authenticationManager, org.springframework.security.web.authentication.AuthenticationSuccessHandler successHandler, org.springframework.security.web.authentication.AuthenticationFailureHandler failureHandler, org.springframework.security.web.authentication.session.SessionAuthenticationStrategy sessionAuthenticationStrategy, StatelessUtil util, UserLockoutService userLockoutService, AuthorizationServerService<AuthorizationServer> authorizationServerService, AuthorizedClientService<AuthorizedClient> authorizedClientService)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description org.springframework.security.core.Authentication
attemptAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
protected EmbeddedLoginAuthenticationToken
buildAuthToken(String clientId, String username, String password)
Creates aUsernamePasswordAuthenticationToken
from the authentication request.protected AuthorizationServerService<AuthorizationServer>
getAuthorizationServerService()
protected AuthorizedClientService<AuthorizedClient>
getAuthorizedClientService()
protected void
validateThatEmbeddedLoginIsAllowed(javax.servlet.http.HttpServletRequest request)
Checks whether the auth server for the specified client allows embedded login.-
Methods inherited from class com.broadleafcommerce.auth.user.session.FormLoginAuthenticationFilter
getUserLockoutService, getUtil, obtainClientId, tryAuthenticate, unsuccessfulAuthentication
-
Methods inherited from class org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
getPasswordParameter, getUsernameParameter, obtainPassword, obtainUsername, setDetails, setPasswordParameter, setPostOnly, setUsernameParameter
-
Methods inherited from class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
afterPropertiesSet, doFilter, getAllowSessionCreation, getAuthenticationManager, getFailureHandler, getRememberMeServices, getSuccessHandler, requiresAuthentication, setAllowSessionCreation, setApplicationEventPublisher, setAuthenticationDetailsSource, setAuthenticationFailureHandler, setAuthenticationManager, setAuthenticationSuccessHandler, setContinueChainBeforeSuccessfulAuthentication, setFilterProcessesUrl, setMessageSource, setRememberMeServices, setRequiresAuthenticationRequestMatcher, setSessionAuthenticationStrategy, successfulAuthentication
-
-
-
-
Constructor Detail
-
EmbeddedLoginAuthenticationFilter
public EmbeddedLoginAuthenticationFilter(org.springframework.security.authentication.AuthenticationManager authenticationManager, org.springframework.security.web.authentication.AuthenticationSuccessHandler successHandler, org.springframework.security.web.authentication.AuthenticationFailureHandler failureHandler, org.springframework.security.web.authentication.session.SessionAuthenticationStrategy sessionAuthenticationStrategy, StatelessUtil util, UserLockoutService userLockoutService, AuthorizationServerService<AuthorizationServer> authorizationServerService, AuthorizedClientService<AuthorizedClient> authorizedClientService)
-
-
Method Detail
-
attemptAuthentication
public org.springframework.security.core.Authentication attemptAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws org.springframework.security.core.AuthenticationException
- Overrides:
attemptAuthentication
in classFormLoginAuthenticationFilter
- Throws:
org.springframework.security.core.AuthenticationException
-
validateThatEmbeddedLoginIsAllowed
protected void validateThatEmbeddedLoginIsAllowed(javax.servlet.http.HttpServletRequest request)
Checks whether the auth server for the specified client allows embedded login.- Parameters:
request
-HttpServletRequest
- Throws:
EmbeddedLoginNotAllowedException
- when the authorization server does not allow embedded login
-
buildAuthToken
protected EmbeddedLoginAuthenticationToken buildAuthToken(String clientId, String username, String password)
Description copied from class:FormLoginAuthenticationFilter
Creates aUsernamePasswordAuthenticationToken
from the authentication request.- Overrides:
buildAuthToken
in classFormLoginAuthenticationFilter
- Parameters:
clientId
- ID of the client from which a user is trying to authenticateusername
- Provided username of the user trying to authenticatepassword
- Provided password of the user trying ot authenticate- Returns:
- A
UsernamePasswordAuthenticationToken
representing the authentication request data.
-
getAuthorizationServerService
protected AuthorizationServerService<AuthorizationServer> getAuthorizationServerService()
-
getAuthorizedClientService
protected AuthorizedClientService<AuthorizedClient> getAuthorizedClientService()
-
-