public abstract class AjaxSecurityFilter
extends org.springframework.web.filter.OncePerRequestFilter
Constructor and Description |
---|
AjaxSecurityFilter() |
Modifier and Type | Method and Description |
---|---|
protected void |
doFilterInternal(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
javax.servlet.FilterChain filterChain) |
protected abstract Principal |
getPrincipal(javax.servlet.http.HttpServletRequest request)
There can be many methods, session, cookie etc..
|
protected boolean |
isAjaxRequest(javax.servlet.http.HttpServletRequest request) |
protected abstract boolean |
isRequestValid(javax.servlet.http.HttpServletRequest request)
Check if the request is valid based on the user logged in, or authentication/authorized to use this service.
|
void |
setAjaxRequestTokens(String ajaxRequestTokens)
Allow us to configure the filter to test HTTP Headers for specific type of requests marked for Ajax,
The filter does not assume to be a broker in the Authentication process itself, it simply checks if the user is an authenticated user according to the system and in accordance to the request. |
void |
setLoginPageRedirectUrl(String loginPageRedirectUrl)
If supplied, it will redirect on failure to the provided Authorization page.
|
void |
setRejectIfNotAjax(boolean rejectIfNotAjax)
Will check header for types of ajaxRequestTokens; if it does not match and this is set to true, then the request will be rejected
|
doFilter, getAlreadyFilteredAttributeName, isAsyncDispatch, isAsyncStarted, shouldNotFilter, shouldNotFilterAsyncDispatch, shouldNotFilterErrorDispatch
public void setAjaxRequestTokens(String ajaxRequestTokens)
ajaxRequestTokens
X-Requested-With=XMLHttpRequest,DwrRequest=AJAX
This configuration tests the request for 2 header names:
'X-Requested-With' and 'DwrRequest'. If either header name exists and
contains the corresponding value, this request is determined to be an
ajax request.ajaxRequestTokens
- a string containing name/value pairs separated by commas. Each
pair is of the form: "name=value".public void setRejectIfNotAjax(boolean rejectIfNotAjax)
rejectIfNotAjax
true
rejectIfNotAjax
- @default falsepublic void setLoginPageRedirectUrl(String loginPageRedirectUrl)
HttpServletResponse.sendRedirect(String)
loginPageRedirectUrl
- @default null @nullable trueprotected void doFilterInternal(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, javax.servlet.FilterChain filterChain) throws javax.servlet.ServletException, IOException
doFilterInternal
in class org.springframework.web.filter.OncePerRequestFilter
javax.servlet.ServletException
IOException
protected abstract boolean isRequestValid(javax.servlet.http.HttpServletRequest request) throws org.springframework.security.access.AuthorizationServiceException
org.springframework.security.access.AuthorizationServiceException
protected abstract Principal getPrincipal(javax.servlet.http.HttpServletRequest request)
request
- protected boolean isAjaxRequest(javax.servlet.http.HttpServletRequest request)
request
- the request objectCopyright © 2018. All rights reserved.