public class

ChannelProcessingFilter

extends GenericFilterBean
java.lang.Object
   ↳ org.springframework.web.filter.GenericFilterBean
     ↳ org.springframework.security.web.access.channel.ChannelProcessingFilter

Class Overview

Ensures a web request is delivered over the required channel.

Internally uses a FilterInvocation to represent the request, allowing a FilterInvocationSecurityMetadataSource to be used to lookup the attributes which apply.

Delegates the actual channel security decisions and necessary actions to the configured ChannelDecisionManager. If a response is committed by the ChannelDecisionManager, the filter chain will not proceed.

The most common usage is to ensure that a request takes place over HTTPS, where the ChannelDecisionManagerImpl is configured with a SecureChannelProcessor and an InsecureChannelProcessor. A typical configuration would be


<bean id="channelProcessingFilter" class="org.springframework.security.web.access.channel.ChannelProcessingFilter">
  <property name="channelDecisionManager" ref="channelDecisionManager"/>
  <property name="securityMetadataSource">
    <security:filter-security-metadata-source path-type="regex">
      <security:intercept-url pattern="\A/secure/.*\Z" access="REQUIRES_SECURE_CHANNEL"/>
      <security:intercept-url pattern="\A/login.jsp.*\Z" access="REQUIRES_SECURE_CHANNEL"/>
      <security:intercept-url pattern="\A/.*\Z" access="ANY_CHANNEL"/>
    </security:filter-security-metadata-source>
  </property>
</bean>

<bean id="channelDecisionManager" class="org.springframework.security.web.access.channel.ChannelDecisionManagerImpl">
  <property name="channelProcessors">
    <list>
    <ref bean="secureChannelProcessor"/>
    <ref bean="insecureChannelProcessor"/>
    </list>
  </property>
</bean>

<bean id="secureChannelProcessor"
  class="org.springframework.security.web.access.channel.SecureChannelProcessor"/>
<bean id="insecureChannelProcessor"
  class="org.springframework.security.web.access.channel.InsecureChannelProcessor"/>

 
which would force the login form and any access to the /secure path to be made over HTTPS.

Summary

[Expand]
Inherited Fields
From class org.springframework.web.filter.GenericFilterBean
Public Constructors
ChannelProcessingFilter()
Public Methods
void afterPropertiesSet()
void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
void setChannelDecisionManager(ChannelDecisionManager channelDecisionManager)
void setSecurityMetadataSource(FilterInvocationSecurityMetadataSource filterInvocationSecurityMetadataSource)
Protected Methods
ChannelDecisionManager getChannelDecisionManager()
FilterInvocationSecurityMetadataSource getSecurityMetadataSource()
[Expand]
Inherited Methods
From class org.springframework.web.filter.GenericFilterBean
From class java.lang.Object
From interface javax.servlet.Filter
From interface org.springframework.beans.factory.BeanNameAware
From interface org.springframework.beans.factory.DisposableBean
From interface org.springframework.beans.factory.InitializingBean
From interface org.springframework.web.context.ServletContextAware

Public Constructors

public ChannelProcessingFilter ()

Public Methods

public void afterPropertiesSet ()

public void doFilter (ServletRequest req, ServletResponse res, FilterChain chain)

Throws
IOException
ServletException

public void setChannelDecisionManager (ChannelDecisionManager channelDecisionManager)

public void setSecurityMetadataSource (FilterInvocationSecurityMetadataSource filterInvocationSecurityMetadataSource)

Protected Methods

protected ChannelDecisionManager getChannelDecisionManager ()

protected FilterInvocationSecurityMetadataSource getSecurityMetadataSource ()