BasicAuthenticationFilter

Class Overview

Processes a HTTP request's BASIC authorization headers, putting the result into the SecurityContextHolder.

For a detailed background on what this filter is designed to process, refer to RFC 1945, Section 11.1. Any realm name presented in the HTTP request is ignored.

In summary, this filter is responsible for processing any request that has a HTTP request header of Authorization with an authentication scheme of Basic and a Base64-encoded username:password token. For example, to authenticate user "Aladdin" with password "open sesame" the following header would be presented:

 Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
 

This filter can be used to provide BASIC authentication services to both remoting protocol clients (such as Hessian and SOAP) as well as standard user agents (such as Internet Explorer and Netscape).

If authentication is successful, the resulting Authentication object will be placed into the SecurityContextHolder.

If authentication fails and ignoreFailure is false (the default), an AuthenticationEntryPoint implementation is called (unless the ignoreFailure property is set to true). Usually this should be BasicAuthenticationEntryPoint, which will prompt the user to authenticate again via BASIC authentication.

Basic authentication is an attractive protocol because it is simple and widely deployed. However, it still transmits a password in clear text and as such is undesirable in many situations. Digest authentication is also provided by Spring Security and should be used instead of Basic authentication wherever possible. See DigestAuthenticationFilter.

Note that if a RememberMeServices is set, this filter will automatically send back remember-me details to the client. Therefore, subsequent requests will not need to present a BASIC authentication header as they will be authenticated using the remember-me mechanism.

Summary

[Expand] Inherited Fields
From class org.springframework.web.filter.GenericFilterBean protected final Log logger

[Expand] Inherited Methods
From class org.springframework.web.filter.GenericFilterBean final void addRequiredProperty(String arg0) void afterPropertiesSet() void destroy() final FilterConfig getFilterConfig() final String getFilterName() final ServletContext getServletContext() final void init(FilterConfig arg0) void initBeanWrapper(BeanWrapper arg0) void initFilterBean() final void setBeanName(String arg0) final void setFilterConfig(FilterConfig arg0) final void setServletContext(ServletContext arg0)
From class java.lang.Object Object clone() boolean equals(Object arg0) void finalize() final Class<?> getClass() int hashCode() final void notify() final void notifyAll() String toString() final void wait() final void wait(long arg0, int arg1) final void wait(long arg0)
From interface javax.servlet.Filter abstract void destroy() abstract void doFilter(ServletRequest arg0, ServletResponse arg1, FilterChain arg2) abstract void init(FilterConfig arg0)
From interface org.springframework.beans.factory.BeanNameAware abstract void setBeanName(String arg0)
From interface org.springframework.beans.factory.DisposableBean abstract void destroy()
From interface org.springframework.beans.factory.InitializingBean abstract void afterPropertiesSet()
From interface org.springframework.web.context.ServletContextAware abstract void setServletContext(ServletContext arg0)