OpenIDAuthenticationFilter

Class Overview

Filter which processes OpenID authentication requests.

The OpenID authentication involves two stages.

Submission of OpenID identity

The user's OpenID identity is submitted via a login form, just as it would be for a normal form login. At this stage the filter will extract the identity from the submitted request (by default, the parameter is called openid_identifier, as recommended by the OpenID 2.0 Specification). It then passes the identity to the configured OpenIDConsumer, which returns the URL to which the request should be redirected for authentication. A "return_to" URL is also supplied, which matches the URL processed by this filter, to allow the filter to handle the request once the user has been successfully authenticated. The OpenID server will then authenticate the user and redirect back to the application.

Processing the Redirect from the OpenID Server

Once the user has been authenticated externally, the redirected request will be passed to the OpenIDConsumer again for validation. The returned OpenIDAuthentication will be passed to the AuthenticationManager where it should (normally) be processed by an OpenIDAuthenticationProvider in order to load the authorities for the user.

Summary

Constants
String	DEFAULT_CLAIMED_IDENTITY_FIELD

[Expand] Inherited Constants
From class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter String SPRING_SECURITY_LAST_EXCEPTION_KEY This constant is deprecated. Use the value in WebAttributes directly.

[Expand] Inherited Fields
From class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter protected AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource protected ApplicationEventPublisher eventPublisher protected MessageSourceAccessor messages
From class org.springframework.web.filter.GenericFilterBean protected final Log logger

Public Constructors
	OpenIDAuthenticationFilter()

Public Methods
void	afterPropertiesSet()
Authentication	attemptAuthentication(HttpServletRequest request, HttpServletResponse response) Authentication has two phases.
void	setClaimedIdentityFieldName(String claimedIdentityFieldName) The name of the request parameter containing the OpenID identity, as submitted from the initial login form.
void	setConsumer(OpenIDConsumer consumer)
void	setRealmMapping(Map<String, String> realmMapping) Maps the return_to url to a realm, for example: http://www.example.com/j_spring_openid_security_check -> http://www.example.com/realm If no mapping is provided then the returnToUrl will be parsed to extract the protocol, hostname and port followed by a trailing slash.
void	setReturnToUrlParameters(Set<String> returnToUrlParameters) Specifies any extra parameters submitted along with the identity field which should be appended to the return_to URL which is assembled by buildReturnToUrl(HttpServletRequest).

Protected Methods
String	buildReturnToUrl(HttpServletRequest request) Builds the return_to URL that will be sent to the OpenID service provider.
String	lookupRealm(String returnToUrl)
String	obtainUsername(HttpServletRequest req) Reads the claimedIdentityFieldName from the submitted request.

[Expand] Inherited Methods
From class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter void afterPropertiesSet() abstract Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) Performs actual authentication. void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) Invokes the requiresAuthentication method to determine whether the request is for authentication and should be handled by this filter. boolean getAllowSessionCreation() AuthenticationManager getAuthenticationManager() AuthenticationFailureHandler getFailureHandler() String getFilterProcessesUrl() RememberMeServices getRememberMeServices() AuthenticationSuccessHandler getSuccessHandler() boolean requiresAuthentication(HttpServletRequest request, HttpServletResponse response) Indicates whether this filter should attempt to process a login request for the current invocation. void setAllowSessionCreation(boolean allowSessionCreation) void setApplicationEventPublisher(ApplicationEventPublisher eventPublisher) void setAuthenticationDetailsSource(AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource) void setAuthenticationFailureHandler(AuthenticationFailureHandler failureHandler) void setAuthenticationManager(AuthenticationManager authenticationManager) void setAuthenticationSuccessHandler(AuthenticationSuccessHandler successHandler) Sets the strategy used to handle a successful authentication. void setContinueChainBeforeSuccessfulAuthentication(boolean continueChainBeforeSuccessfulAuthentication) Indicates if the filter chain should be continued prior to delegation to successfulAuthentication(HttpServletRequest, HttpServletResponse, Authentication), which may be useful in certain environment (such as Tapestry applications). void setFilterProcessesUrl(String filterProcessesUrl) void setMessageSource(MessageSource messageSource) void setRememberMeServices(RememberMeServices rememberMeServices) void setSessionAuthenticationStrategy(SessionAuthenticationStrategy sessionStrategy) The session handling strategy which will be invoked immediately after an authentication request is successfully processed by the AuthenticationManager. void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, FilterChain chain, Authentication authResult) Default behaviour for successful authentication. void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, Authentication authResult) This method is deprecated. since 3.1. Use successfulAuthentication(HttpServletRequest, HttpServletResponse, FilterChain, Authentication) instead. void unsuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response, AuthenticationException failed) Default behaviour for unsuccessful authentication.
From class org.springframework.web.filter.GenericFilterBean final void addRequiredProperty(String arg0) void afterPropertiesSet() void destroy() final FilterConfig getFilterConfig() final String getFilterName() final ServletContext getServletContext() final void init(FilterConfig arg0) void initBeanWrapper(BeanWrapper arg0) void initFilterBean() final void setBeanName(String arg0) final void setFilterConfig(FilterConfig arg0) final void setServletContext(ServletContext arg0)
From class java.lang.Object Object clone() boolean equals(Object arg0) void finalize() final Class<?> getClass() int hashCode() final void notify() final void notifyAll() String toString() final void wait() final void wait(long arg0, int arg1) final void wait(long arg0)
From interface javax.servlet.Filter abstract void destroy() abstract void doFilter(ServletRequest arg0, ServletResponse arg1, FilterChain arg2) abstract void init(FilterConfig arg0)
From interface org.springframework.beans.factory.BeanNameAware abstract void setBeanName(String arg0)
From interface org.springframework.beans.factory.DisposableBean abstract void destroy()
From interface org.springframework.beans.factory.InitializingBean abstract void afterPropertiesSet()
From interface org.springframework.context.ApplicationEventPublisherAware abstract void setApplicationEventPublisher(ApplicationEventPublisher arg0)
From interface org.springframework.context.MessageSourceAware abstract void setMessageSource(MessageSource arg0)
From interface org.springframework.web.context.ServletContextAware abstract void setServletContext(ServletContext arg0)

 http://www.example.com/j_spring_openid_security_check -> http://www.example.com/realm