java.lang.Object |
↳ |
org.springframework.web.filter.GenericFilterBean |
|
↳ |
org.springframework.security.web.access.channel.ChannelProcessingFilter |
Class Overview
Ensures a web request is delivered over the required channel.
Internally uses a FilterInvocation
to represent the request, allowing a
FilterInvocationSecurityMetadataSource
to be used to lookup the attributes which apply.
Delegates the actual channel security decisions and necessary actions to the configured
ChannelDecisionManager
. If a response is committed by the ChannelDecisionManager
,
the filter chain will not proceed.
The most common usage is to ensure that a request takes place over HTTPS, where the
ChannelDecisionManagerImpl
is configured with a SecureChannelProcessor
and an
InsecureChannelProcessor
. A typical configuration would be
<bean id="channelProcessingFilter" class="org.springframework.security.web.access.channel.ChannelProcessingFilter">
<property name="channelDecisionManager" ref="channelDecisionManager"/>
<property name="securityMetadataSource">
<security:filter-security-metadata-source path-type="regex">
<security:intercept-url pattern="\A/secure/.*\Z" access="REQUIRES_SECURE_CHANNEL"/>
<security:intercept-url pattern="\A/login.jsp.*\Z" access="REQUIRES_SECURE_CHANNEL"/>
<security:intercept-url pattern="\A/.*\Z" access="ANY_CHANNEL"/>
</security:filter-security-metadata-source>
</property>
</bean>
<bean id="channelDecisionManager" class="org.springframework.security.web.access.channel.ChannelDecisionManagerImpl">
<property name="channelProcessors">
<list>
<ref bean="secureChannelProcessor"/>
<ref bean="insecureChannelProcessor"/>
</list>
</property>
</bean>
<bean id="secureChannelProcessor"
class="org.springframework.security.web.access.channel.SecureChannelProcessor"/>
<bean id="insecureChannelProcessor"
class="org.springframework.security.web.access.channel.InsecureChannelProcessor"/>
which would force the login form and any access to the
/secure
path to be made over HTTPS.
Summary
[Expand]
Inherited Fields |
From class
org.springframework.web.filter.GenericFilterBean
protected
final
Log |
logger |
|
|
[Expand]
Inherited Methods |
From class
org.springframework.web.filter.GenericFilterBean
final
void
|
addRequiredProperty(String arg0)
|
void
|
afterPropertiesSet()
|
void
|
destroy()
|
final
FilterConfig
|
getFilterConfig()
|
final
String
|
getFilterName()
|
final
ServletContext
|
getServletContext()
|
final
void
|
init(FilterConfig arg0)
|
void
|
initBeanWrapper(BeanWrapper arg0)
|
void
|
initFilterBean()
|
final
void
|
setBeanName(String arg0)
|
final
void
|
setFilterConfig(FilterConfig arg0)
|
final
void
|
setServletContext(ServletContext arg0)
|
|
From class
java.lang.Object
Object
|
clone()
|
boolean
|
equals(Object arg0)
|
void
|
finalize()
|
final
Class<?>
|
getClass()
|
int
|
hashCode()
|
final
void
|
notify()
|
final
void
|
notifyAll()
|
String
|
toString()
|
final
void
|
wait()
|
final
void
|
wait(long arg0, int arg1)
|
final
void
|
wait(long arg0)
|
|
From interface
javax.servlet.Filter
abstract
void
|
destroy()
|
abstract
void
|
doFilter(ServletRequest arg0, ServletResponse arg1, FilterChain arg2)
|
abstract
void
|
init(FilterConfig arg0)
|
|
From interface
org.springframework.beans.factory.BeanNameAware
abstract
void
|
setBeanName(String arg0)
|
|
From interface
org.springframework.beans.factory.DisposableBean
|
From interface
org.springframework.beans.factory.InitializingBean
abstract
void
|
afterPropertiesSet()
|
|
From interface
org.springframework.web.context.ServletContextAware
abstract
void
|
setServletContext(ServletContext arg0)
|
|
Public Constructors
public
ChannelProcessingFilter
()
Public Methods
public
void
afterPropertiesSet
()
public
void
doFilter
(ServletRequest req, ServletResponse res, FilterChain chain)
Protected Methods