public class ChannelProcessingFilter
extends org.springframework.web.filter.GenericFilterBean
Internally uses a FilterInvocation
to represent the request, allowing a
FilterInvocationSecurityMetadataSource
to be used to lookup the attributes which apply.
Delegates the actual channel security decisions and necessary actions to the configured
ChannelDecisionManager
. If a response is committed by the ChannelDecisionManager
,
the filter chain will not proceed.
The most common usage is to ensure that a request takes place over HTTPS, where the
ChannelDecisionManagerImpl
is configured with a SecureChannelProcessor
and an
InsecureChannelProcessor
. A typical configuration would be
<bean id="channelProcessingFilter" class="org.springframework.security.web.access.channel.ChannelProcessingFilter"> <property name="channelDecisionManager" ref="channelDecisionManager"/> <property name="securityMetadataSource"> <security:filter-security-metadata-source path-type="regex"> <security:intercept-url pattern="\A/secure/.*\Z" access="REQUIRES_SECURE_CHANNEL"/> <security:intercept-url pattern="\A/login.jsp.*\Z" access="REQUIRES_SECURE_CHANNEL"/> <security:intercept-url pattern="\A/.*\Z" access="ANY_CHANNEL"/> </security:filter-security-metadata-source> </property> </bean> <bean id="channelDecisionManager" class="org.springframework.security.web.access.channel.ChannelDecisionManagerImpl"> <property name="channelProcessors"> <list> <ref bean="secureChannelProcessor"/> <ref bean="insecureChannelProcessor"/> </list> </property> </bean> <bean id="secureChannelProcessor" class="org.springframework.security.web.access.channel.SecureChannelProcessor"/> <bean id="insecureChannelProcessor" class="org.springframework.security.web.access.channel.InsecureChannelProcessor"/>which would force the login form and any access to the
/secure
path to be made over HTTPS.Constructor and Description |
---|
ChannelProcessingFilter() |
Modifier and Type | Method and Description |
---|---|
void |
afterPropertiesSet() |
void |
doFilter(javax.servlet.ServletRequest req,
javax.servlet.ServletResponse res,
javax.servlet.FilterChain chain) |
protected ChannelDecisionManager |
getChannelDecisionManager() |
protected FilterInvocationSecurityMetadataSource |
getSecurityMetadataSource() |
void |
setChannelDecisionManager(ChannelDecisionManager channelDecisionManager) |
void |
setSecurityMetadataSource(FilterInvocationSecurityMetadataSource filterInvocationSecurityMetadataSource) |
public void afterPropertiesSet()
afterPropertiesSet
in interface org.springframework.beans.factory.InitializingBean
afterPropertiesSet
in class org.springframework.web.filter.GenericFilterBean
public void doFilter(javax.servlet.ServletRequest req, javax.servlet.ServletResponse res, javax.servlet.FilterChain chain) throws IOException, javax.servlet.ServletException
IOException
javax.servlet.ServletException
protected ChannelDecisionManager getChannelDecisionManager()
protected FilterInvocationSecurityMetadataSource getSecurityMetadataSource()
public void setChannelDecisionManager(ChannelDecisionManager channelDecisionManager)
public void setSecurityMetadataSource(FilterInvocationSecurityMetadataSource filterInvocationSecurityMetadataSource)
Copyright © 2019. All rights reserved.