java.lang.Object | |||
↳ | org.springframework.web.filter.GenericFilterBean | ||
↳ | org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter | ||
↳ | org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter |
Processes an authentication form submission. Called AuthenticationProcessingFilter
prior to Spring Security
3.0.
Login forms must present two parameters to this filter: a username and
password. The default parameter names to use are contained in the
static fields SPRING_SECURITY_FORM_USERNAME_KEY
and SPRING_SECURITY_FORM_PASSWORD_KEY
.
The parameter names can also be changed by setting the usernameParameter
and passwordParameter
properties.
This filter by default responds to the URL /j_spring_security_check
.
Constants | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
String | SPRING_SECURITY_FORM_PASSWORD_KEY | ||||||||||
String | SPRING_SECURITY_FORM_USERNAME_KEY | ||||||||||
String | SPRING_SECURITY_LAST_USERNAME_KEY |
This constant is deprecated.
If you want to retain the username, cache it in a customized AuthenticationFailureHandler
|
[Expand]
Inherited Constants | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
From class
org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
|
[Expand]
Inherited Fields | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
From class
org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
| |||||||||||
From class
org.springframework.web.filter.GenericFilterBean
|
Public Constructors | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Public Methods | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Performs actual authentication.
| |||||||||||
Sets the parameter name which will be used to obtain the password from the login request..
| |||||||||||
Defines whether only HTTP POST requests will be allowed by this filter.
| |||||||||||
Sets the parameter name which will be used to obtain the username from the login request.
|
Protected Methods | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Enables subclasses to override the composition of the password, such as by including additional values
and a separator.
| |||||||||||
Enables subclasses to override the composition of the username, such as by including additional values
and a separator.
| |||||||||||
Provided so that subclasses may configure what is put into the authentication request's details
property.
|
[Expand]
Inherited Methods | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
From class
org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
| |||||||||||
From class
org.springframework.web.filter.GenericFilterBean
| |||||||||||
From class
java.lang.Object
| |||||||||||
From interface
javax.servlet.Filter
| |||||||||||
From interface
org.springframework.beans.factory.BeanNameAware
| |||||||||||
From interface
org.springframework.beans.factory.DisposableBean
| |||||||||||
From interface
org.springframework.beans.factory.InitializingBean
| |||||||||||
From interface
org.springframework.context.ApplicationEventPublisherAware
| |||||||||||
From interface
org.springframework.context.MessageSourceAware
| |||||||||||
From interface
org.springframework.web.context.ServletContextAware
|
This constant is deprecated.
If you want to retain the username, cache it in a customized AuthenticationFailureHandler
Performs actual authentication.
The implementation should do one of the following:
request | from which to extract parameters and perform the authentication |
---|---|
response | the response, which may be needed if the implementation has to do a redirect as part of a multi-stage authentication process (such as OpenID). |
AuthenticationException |
---|
Sets the parameter name which will be used to obtain the password from the login request..
passwordParameter | the parameter name. Defaults to "j_password". |
---|
Defines whether only HTTP POST requests will be allowed by this filter. If set to true, and an authentication request is received which is not a POST request, an exception will be raised immediately and authentication will not be attempted. The unsuccessfulAuthentication() method will be called as if handling a failed authentication.
Defaults to true but may be overridden by subclasses.
Sets the parameter name which will be used to obtain the username from the login request.
usernameParameter | the parameter name. Defaults to "j_username". |
---|
Enables subclasses to override the composition of the password, such as by including additional values and a separator.
This might be used for example if a postcode/zipcode was required in addition to the
password. A delimiter such as a pipe (|) should be used to separate the password and extended value(s). The
AuthenticationDao
will need to generate the expected password in a corresponding manner.
request | so that request attributes can be retrieved |
---|
Authentication
request token to the
AuthenticationManager
Enables subclasses to override the composition of the username, such as by including additional values and a separator.
request | so that request attributes can be retrieved |
---|
Authentication
request token to the
AuthenticationManager
Provided so that subclasses may configure what is put into the authentication request's details property.
request | that an authentication request is being created for |
---|---|
authRequest | the authentication request object that should have its details set |