Class EmbeddedLoginAuthenticationFilter
java.lang.Object
org.springframework.web.filter.GenericFilterBean
org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
com.broadleafcommerce.auth.user.session.FormLoginAuthenticationFilter
com.broadleafcommerce.auth.user.session.embedded.EmbeddedLoginAuthenticationFilter
- All Implemented Interfaces:
javax.servlet.Filter
,org.springframework.beans.factory.Aware
,org.springframework.beans.factory.BeanNameAware
,org.springframework.beans.factory.DisposableBean
,org.springframework.beans.factory.InitializingBean
,org.springframework.context.ApplicationEventPublisherAware
,org.springframework.context.EnvironmentAware
,org.springframework.context.MessageSourceAware
,org.springframework.core.env.EnvironmentCapable
,org.springframework.web.context.ServletContextAware
Processes an authentication form submission from an embedded login form.
This is distinguished from universal log in supported by FormLoginAuthenticationFilter
via the request path: /embedded/login
instead of /login
.
- Author:
- Nathan Moore (nathandmoore)
- See Also:
-
Field Summary
Fields inherited from class org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
SPRING_SECURITY_FORM_PASSWORD_KEY, SPRING_SECURITY_FORM_USERNAME_KEY
Fields inherited from class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
authenticationDetailsSource, eventPublisher, messages
Fields inherited from class org.springframework.web.filter.GenericFilterBean
logger
-
Constructor Summary
ConstructorDescriptionEmbeddedLoginAuthenticationFilter
(org.springframework.security.authentication.AuthenticationManager authenticationManager, org.springframework.security.web.authentication.AuthenticationSuccessHandler successHandler, org.springframework.security.web.authentication.AuthenticationFailureHandler failureHandler, org.springframework.security.web.authentication.session.SessionAuthenticationStrategy sessionAuthenticationStrategy, StatelessUtil util, UserLockoutService userLockoutService, AuthorizationServerService<AuthorizationServer> authorizationServerService, AuthorizedClientService<AuthorizedClient> authorizedClientService) -
Method Summary
Modifier and TypeMethodDescriptionorg.springframework.security.core.Authentication
attemptAuthentication
(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) protected EmbeddedLoginAuthenticationToken
buildAuthToken
(String clientId, String username, String password) Creates aUsernamePasswordAuthenticationToken
from the authentication request.protected AuthorizationServerService<AuthorizationServer>
protected AuthorizedClientService<AuthorizedClient>
protected void
validateThatEmbeddedLoginIsAllowed
(javax.servlet.http.HttpServletRequest request) Checks whether the auth server for the specified client allows embedded login.Methods inherited from class com.broadleafcommerce.auth.user.session.FormLoginAuthenticationFilter
checkIfUserPasswordIsExpired, getUserLockoutService, getUserPasswordProperties, getUserService, getUtil, obtainClientId, setUserPasswordProperties, setUserService, tryAuthenticate, unsuccessfulAuthentication
Methods inherited from class org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
getPasswordParameter, getUsernameParameter, obtainPassword, obtainUsername, setDetails, setPasswordParameter, setPostOnly, setUsernameParameter
Methods inherited from class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
afterPropertiesSet, doFilter, getAllowSessionCreation, getAuthenticationManager, getFailureHandler, getRememberMeServices, getSuccessHandler, requiresAuthentication, setAllowSessionCreation, setApplicationEventPublisher, setAuthenticationDetailsSource, setAuthenticationFailureHandler, setAuthenticationManager, setAuthenticationSuccessHandler, setContinueChainBeforeSuccessfulAuthentication, setFilterProcessesUrl, setMessageSource, setRememberMeServices, setRequiresAuthenticationRequestMatcher, setSecurityContextRepository, setSessionAuthenticationStrategy, successfulAuthentication
Methods inherited from class org.springframework.web.filter.GenericFilterBean
addRequiredProperty, createEnvironment, destroy, getEnvironment, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext
-
Constructor Details
-
EmbeddedLoginAuthenticationFilter
public EmbeddedLoginAuthenticationFilter(org.springframework.security.authentication.AuthenticationManager authenticationManager, org.springframework.security.web.authentication.AuthenticationSuccessHandler successHandler, org.springframework.security.web.authentication.AuthenticationFailureHandler failureHandler, org.springframework.security.web.authentication.session.SessionAuthenticationStrategy sessionAuthenticationStrategy, StatelessUtil util, UserLockoutService userLockoutService, AuthorizationServerService<AuthorizationServer> authorizationServerService, AuthorizedClientService<AuthorizedClient> authorizedClientService)
-
-
Method Details
-
attemptAuthentication
public org.springframework.security.core.Authentication attemptAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws org.springframework.security.core.AuthenticationException - Overrides:
attemptAuthentication
in classFormLoginAuthenticationFilter
- Throws:
org.springframework.security.core.AuthenticationException
-
validateThatEmbeddedLoginIsAllowed
protected void validateThatEmbeddedLoginIsAllowed(javax.servlet.http.HttpServletRequest request) Checks whether the auth server for the specified client allows embedded login.- Parameters:
request
-HttpServletRequest
- Throws:
EmbeddedLoginNotAllowedException
- when the authorization server does not allow embedded login
-
buildAuthToken
protected EmbeddedLoginAuthenticationToken buildAuthToken(String clientId, String username, String password) Description copied from class:FormLoginAuthenticationFilter
Creates aUsernamePasswordAuthenticationToken
from the authentication request.- Overrides:
buildAuthToken
in classFormLoginAuthenticationFilter
- Parameters:
clientId
- ID of the client from which a user is trying to authenticateusername
- Provided username of the user trying to authenticatepassword
- Provided password of the user trying ot authenticate- Returns:
- A
UsernamePasswordAuthenticationToken
representing the authentication request data.
-
getAuthorizationServerService
-
getAuthorizedClientService
-