Package com.broadleafcommerce.auth.user.session.embedded

Class EmbeddedLoginAuthenticationFilter

java.lang.Object
org.springframework.web.filter.GenericFilterBean
org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
com.broadleafcommerce.auth.user.session.FormLoginAuthenticationFilter
com.broadleafcommerce.auth.user.session.embedded.EmbeddedLoginAuthenticationFilter
All Implemented Interfaces:
javax.servlet.Filter, org.springframework.beans.factory.Aware, org.springframework.beans.factory.BeanNameAware, org.springframework.beans.factory.DisposableBean, org.springframework.beans.factory.InitializingBean, org.springframework.context.ApplicationEventPublisherAware, org.springframework.context.EnvironmentAware, org.springframework.context.MessageSourceAware, org.springframework.core.env.EnvironmentCapable, org.springframework.web.context.ServletContextAware
public class EmbeddedLoginAuthenticationFilter extends FormLoginAuthenticationFilter
Processes an authentication form submission from an embedded login form.

This is distinguished from universal log in supported by FormLoginAuthenticationFilter via the request path: /embedded/login instead of /login.

Author:
Nathan Moore (nathandmoore)
See Also:

  • Field Summary

    Fields inherited from class org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter

    SPRING_SECURITY_FORM_PASSWORD_KEY, SPRING_SECURITY_FORM_USERNAME_KEY

    Fields inherited from class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

    authenticationDetailsSource, eventPublisher, messages

    Fields inherited from class org.springframework.web.filter.GenericFilterBean

    logger

  • Constructor Summary

    Constructors
    Constructor
    Description
    EmbeddedLoginAuthenticationFilter(org.springframework.security.authentication.AuthenticationManager authenticationManager, org.springframework.security.web.authentication.AuthenticationSuccessHandler successHandler, org.springframework.security.web.authentication.AuthenticationFailureHandler failureHandler, org.springframework.security.web.authentication.session.SessionAuthenticationStrategy sessionAuthenticationStrategy, StatelessUtil util, UserLockoutService userLockoutService, AuthorizationServerService<AuthorizationServer> authorizationServerService, AuthorizedClientService<AuthorizedClient> authorizedClientService)
     

  • Method Summary

    Modifier and Type
    Method
    Description
    org.springframework.security.core.Authentication
    attemptAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
     
    protected EmbeddedLoginAuthenticationToken
    buildAuthToken(String clientId, String username, String password)
    Creates a UsernamePasswordAuthenticationToken from the authentication request.
    protected AuthorizationServerService<AuthorizationServer>
    getAuthorizationServerService()
     
    protected AuthorizedClientService<AuthorizedClient>
    getAuthorizedClientService()
     
    protected void
    validateThatEmbeddedLoginIsAllowed(javax.servlet.http.HttpServletRequest request)
    Checks whether the auth server for the specified client allows embedded login.

    Methods inherited from class com.broadleafcommerce.auth.user.session.FormLoginAuthenticationFilter

    checkIfUserPasswordIsExpired, getUserLockoutService, getUserPasswordProperties, getUserService, getUtil, obtainClientId, setUserPasswordProperties, setUserService, tryAuthenticate, unsuccessfulAuthentication

    Methods inherited from class org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter

    getPasswordParameter, getUsernameParameter, obtainPassword, obtainUsername, setDetails, setPasswordParameter, setPostOnly, setUsernameParameter

    Methods inherited from class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

    afterPropertiesSet, doFilter, getAllowSessionCreation, getAuthenticationManager, getFailureHandler, getRememberMeServices, getSuccessHandler, requiresAuthentication, setAllowSessionCreation, setApplicationEventPublisher, setAuthenticationDetailsSource, setAuthenticationFailureHandler, setAuthenticationManager, setAuthenticationSuccessHandler, setContinueChainBeforeSuccessfulAuthentication, setFilterProcessesUrl, setMessageSource, setRememberMeServices, setRequiresAuthenticationRequestMatcher, setSecurityContextRepository, setSessionAuthenticationStrategy, successfulAuthentication

    Methods inherited from class org.springframework.web.filter.GenericFilterBean

    addRequiredProperty, createEnvironment, destroy, getEnvironment, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Constructor Details

    • EmbeddedLoginAuthenticationFilter

      public EmbeddedLoginAuthenticationFilter(org.springframework.security.authentication.AuthenticationManager authenticationManager, org.springframework.security.web.authentication.AuthenticationSuccessHandler successHandler, org.springframework.security.web.authentication.AuthenticationFailureHandler failureHandler, org.springframework.security.web.authentication.session.SessionAuthenticationStrategy sessionAuthenticationStrategy, StatelessUtil util, UserLockoutService userLockoutService, AuthorizationServerService<AuthorizationServer> authorizationServerService, AuthorizedClientService<AuthorizedClient> authorizedClientService)

  • Method Details

    • attemptAuthentication

      public org.springframework.security.core.Authentication attemptAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws org.springframework.security.core.AuthenticationException
      Overrides:
      attemptAuthentication in class FormLoginAuthenticationFilter
      Throws:
      org.springframework.security.core.AuthenticationException

    • validateThatEmbeddedLoginIsAllowed

      protected void validateThatEmbeddedLoginIsAllowed(javax.servlet.http.HttpServletRequest request)
      Checks whether the auth server for the specified client allows embedded login.
      Parameters:
      request - HttpServletRequest
      Throws:
      EmbeddedLoginNotAllowedException - when the authorization server does not allow embedded login

    • buildAuthToken

      protected EmbeddedLoginAuthenticationToken buildAuthToken(String clientId, String username, String password)
      Description copied from class: FormLoginAuthenticationFilter
      Creates a UsernamePasswordAuthenticationToken from the authentication request.
      Overrides:
      buildAuthToken in class FormLoginAuthenticationFilter
      Parameters:
      clientId - ID of the client from which a user is trying to authenticate
      username - Provided username of the user trying to authenticate
      password - Provided password of the user trying ot authenticate
      Returns:
      A UsernamePasswordAuthenticationToken representing the authentication request data.

    • getAuthorizationServerService

      protected AuthorizationServerService<AuthorizationServer> getAuthorizationServerService()

    • getAuthorizedClientService

      protected AuthorizedClientService<AuthorizedClient> getAuthorizedClientService()