Package com.broadleafcommerce.auth.user.session.embedded

Class EmbeddedLoginAuthenticationFilter

java.lang.Object

org.springframework.web.filter.GenericFilterBean

org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter

com.broadleafcommerce.auth.user.session.FormLoginAuthenticationFilter

com.broadleafcommerce.auth.user.session.embedded.EmbeddedLoginAuthenticationFilter

All Implemented Interfaces:

javax.servlet.Filter, org.springframework.beans.factory.Aware, org.springframework.beans.factory.BeanNameAware, org.springframework.beans.factory.DisposableBean, org.springframework.beans.factory.InitializingBean, org.springframework.context.ApplicationEventPublisherAware, org.springframework.context.EnvironmentAware, org.springframework.context.MessageSourceAware, org.springframework.core.env.EnvironmentCapable, org.springframework.web.context.ServletContextAware

public class EmbeddedLoginAuthenticationFilter
extends FormLoginAuthenticationFilter

Processes an authentication form submission from an embedded login form.

This is distinguished from universal log in supported by FormLoginAuthenticationFilter via the request path: /embedded/login instead of /login.

Author:

Nathan Moore (nathandmoore)

See Also:

for the equivalent when using Universal Login

Field Summary

Fields inherited from class org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter

SPRING_SECURITY_FORM_PASSWORD_KEY, SPRING_SECURITY_FORM_USERNAME_KEY

Fields inherited from class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

authenticationDetailsSource, eventPublisher, messages

Fields inherited from class org.springframework.web.filter.GenericFilterBean

logger

Constructor Summary

Constructors

Constructor

Description

EmbeddedLoginAuthenticationFilter(org.springframework.security.authentication.AuthenticationManager authenticationManager, org.springframework.security.web.authentication.AuthenticationSuccessHandler successHandler, org.springframework.security.web.authentication.AuthenticationFailureHandler failureHandler, org.springframework.security.web.authentication.session.SessionAuthenticationStrategy sessionAuthenticationStrategy, StatelessUtil util, UserLockoutService userLockoutService, AuthorizationServerService<AuthorizationServer> authorizationServerService, AuthorizedClientService<AuthorizedClient> authorizedClientService)

Method Summary

Modifier and Type	Method	Description
org.springframework.security.core.Authentication	attemptAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
protected EmbeddedLoginAuthenticationToken	buildAuthToken(String clientId, String username, String password)	Creates a UsernamePasswordAuthenticationToken from the authentication request.
protected AuthorizationServerService<AuthorizationServer>	getAuthorizationServerService()
protected AuthorizedClientService<AuthorizedClient>	getAuthorizedClientService()
protected void	validateThatEmbeddedLoginIsAllowed(javax.servlet.http.HttpServletRequest request)	Checks whether the auth server for the specified client allows embedded login.

Methods inherited from class com.broadleafcommerce.auth.user.session.FormLoginAuthenticationFilter

getUserLockoutService, getUtil, obtainClientId, tryAuthenticate, unsuccessfulAuthentication

Methods inherited from class org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter

getPasswordParameter, getUsernameParameter, obtainPassword, obtainUsername, setDetails, setPasswordParameter, setPostOnly, setUsernameParameter

Methods inherited from class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

afterPropertiesSet, doFilter, getAllowSessionCreation, getAuthenticationManager, getFailureHandler, getRememberMeServices, getSuccessHandler, requiresAuthentication, setAllowSessionCreation, setApplicationEventPublisher, setAuthenticationDetailsSource, setAuthenticationFailureHandler, setAuthenticationManager, setAuthenticationSuccessHandler, setContinueChainBeforeSuccessfulAuthentication, setFilterProcessesUrl, setMessageSource, setRememberMeServices, setRequiresAuthenticationRequestMatcher, setSessionAuthenticationStrategy, successfulAuthentication

Methods inherited from class org.springframework.web.filter.GenericFilterBean

addRequiredProperty, createEnvironment, destroy, getEnvironment, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

EmbeddedLoginAuthenticationFilter

public EmbeddedLoginAuthenticationFilter(org.springframework.security.authentication.AuthenticationManager authenticationManager,
                                         org.springframework.security.web.authentication.AuthenticationSuccessHandler successHandler,
                                         org.springframework.security.web.authentication.AuthenticationFailureHandler failureHandler,
                                         org.springframework.security.web.authentication.session.SessionAuthenticationStrategy sessionAuthenticationStrategy,
                                         StatelessUtil util,
                                         UserLockoutService userLockoutService,
                                         AuthorizationServerService<AuthorizationServer> authorizationServerService,
                                         AuthorizedClientService<AuthorizedClient> authorizedClientService)

Method Detail

attemptAuthentication

public org.springframework.security.core.Authentication attemptAuthentication(javax.servlet.http.HttpServletRequest request,
                                                                              javax.servlet.http.HttpServletResponse response)
                                                                       throws org.springframework.security.core.AuthenticationException

Overrides:

attemptAuthentication in class FormLoginAuthenticationFilter

Throws:

org.springframework.security.core.AuthenticationException

validateThatEmbeddedLoginIsAllowed

protected void validateThatEmbeddedLoginIsAllowed(javax.servlet.http.HttpServletRequest request)

Checks whether the auth server for the specified client allows embedded login.

Parameters:

request - HttpServletRequest

Throws:

EmbeddedLoginNotAllowedException - when the authorization server does not allow embedded login

buildAuthToken

protected EmbeddedLoginAuthenticationToken buildAuthToken(String clientId,
                                                          String username,
                                                          String password)

Description copied from class: FormLoginAuthenticationFilter

Creates a UsernamePasswordAuthenticationToken from the authentication request.

Overrides:

buildAuthToken in class FormLoginAuthenticationFilter

Parameters:

clientId - ID of the client from which a user is trying to authenticate

username - Provided username of the user trying to authenticate

password - Provided password of the user trying ot authenticate

Returns:

A UsernamePasswordAuthenticationToken representing the authentication request data.

getAuthorizationServerService

protected AuthorizationServerService<AuthorizationServer> getAuthorizationServerService()

getAuthorizedClientService

protected AuthorizedClientService<AuthorizedClient> getAuthorizedClientService()