Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.springframework.security.oauth.provider
Class ProtectedResourceProcessingFilter

java.lang.Object
  extended by org.springframework.security.oauth.provider.OAuthProviderProcessingFilter
      extended by org.springframework.security.oauth.provider.ProtectedResourceProcessingFilter
All Implemented Interfaces:
javax.servlet.Filter, org.springframework.beans.factory.InitializingBean, org.springframework.context.MessageSourceAware, org.springframework.core.Ordered
public class ProtectedResourceProcessingFilter
extends OAuthProviderProcessingFilter

Processing filter for requests to protected resources. This filter attempts to load the OAuth authentication request into the security context using a presented access token. Default behavior of this filter allows the request to continue even if OAuth credentials are not presented (allowing another filter to potentially load a different authentication request into the security context). If the protected resource is available ONLY via OAuth access token, set requireOAuthCredentials to true.

Author:
Ryan Heaton

Field Summary
static int FILTER_CHAIN_ORDER
           
 
Fields inherited from class org.springframework.security.oauth.provider.OAuthProviderProcessingFilter
messages, OAUTH_PROCESSING_HANDLED
 
Fields inherited from interface org.springframework.core.Ordered
HIGHEST_PRECEDENCE, LOWEST_PRECEDENCE
 
Constructor Summary
ProtectedResourceProcessingFilter()
           
 
Method Summary
protected  boolean allowMethod(java.lang.String method)
          Whether to allow the specified HTTP method.
 int getOrder()
          The protected resource filtering happens after the access token filtering.
 boolean isAllowAllMethods()
          Whether to allow all methods.
protected  void onValidSignature(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, javax.servlet.FilterChain chain)
          Logic executed on valid signature.
protected  boolean requiresAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, javax.servlet.FilterChain filterChain)
          Whether this filter is configured to process the specified request.
 void setAllowAllMethods(boolean allowAllMethods)
          Whether to allow all methods.
 void setFilterProcessesUrl(java.lang.String filterProcessesUrl)
          The URL for which this filter will be applied.
protected  void validateOAuthParams(ConsumerDetails consumerDetails, java.util.Map<java.lang.String,java.lang.String> oauthParams)
          Validates the OAuth parameters for the given consumer.
 
Methods inherited from class org.springframework.security.oauth.provider.OAuthProviderProcessingFilter
afterPropertiesSet, createDetails, destroy, doFilter, fail, getAuthenticationEntryPoint, getConsumerDetailsService, getFilterProcessesUrl, getNonceServices, getProviderSupport, getSignatureMethodFactory, getTokenServices, init, isIgnoreMissingCredentials, onNewTimestamp, resetPreviousAuthentication, setAllowedMethods, setAuthenticationEntryPoint, setConsumerDetailsService, setIgnoreMissingCredentials, setMessageSource, setNonceServices, setProviderSupport, setSignatureMethodFactory, setTokenServices, skipProcessing, validateSignature
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

FILTER_CHAIN_ORDER

public static final int FILTER_CHAIN_ORDER
Constructor Detail

ProtectedResourceProcessingFilter

public ProtectedResourceProcessingFilter()
Method Detail

allowMethod

protected boolean allowMethod(java.lang.String method)
Description copied from class: OAuthProviderProcessingFilter
Whether to allow the specified HTTP method.

Overrides:
allowMethod in class OAuthProviderProcessingFilter
Parameters:
method - The HTTP method to check for allowing.
Returns:
Whether to allow the specified method.

onValidSignature

protected void onValidSignature(javax.servlet.http.HttpServletRequest request,
                                javax.servlet.http.HttpServletResponse response,
                                javax.servlet.FilterChain chain)
                         throws java.io.IOException,
                                javax.servlet.ServletException
Description copied from class: OAuthProviderProcessingFilter
Logic executed on valid signature. The security context can be assumed to hold a verified, authenticated ConsumerAuthentication.

Default implementation continues the chain.

Specified by:
onValidSignature in class OAuthProviderProcessingFilter
Parameters:
request - The request.
response - The response
chain - The filter chain.
Throws:
java.io.IOException
javax.servlet.ServletException

validateOAuthParams

protected void validateOAuthParams(ConsumerDetails consumerDetails,
                                   java.util.Map<java.lang.String,java.lang.String> oauthParams)
                            throws InvalidOAuthParametersException
Description copied from class: OAuthProviderProcessingFilter
Validates the OAuth parameters for the given consumer. Base implementation validates only those parameters that are required for all OAuth requests. This includes the nonce and timestamp, but not the signature.

Overrides:
validateOAuthParams in class OAuthProviderProcessingFilter
Parameters:
consumerDetails - The consumer details.
oauthParams - The OAuth parameters to validate.
Throws:
InvalidOAuthParametersException - If the OAuth parameters are invalid.

requiresAuthentication

protected boolean requiresAuthentication(javax.servlet.http.HttpServletRequest request,
                                         javax.servlet.http.HttpServletResponse response,
                                         javax.servlet.FilterChain filterChain)
Description copied from class: OAuthProviderProcessingFilter
Whether this filter is configured to process the specified request.

Overrides:
requiresAuthentication in class OAuthProviderProcessingFilter
Parameters:
request - The request.
response - The response
filterChain - The filter chain
Returns:
Whether this filter is configured to process the specified request.

setFilterProcessesUrl

public void setFilterProcessesUrl(java.lang.String filterProcessesUrl)
Description copied from class: OAuthProviderProcessingFilter
The URL for which this filter will be applied.

Overrides:
setFilterProcessesUrl in class OAuthProviderProcessingFilter
Parameters:
filterProcessesUrl - The URL for which this filter will be applied.

getOrder

public int getOrder()
The protected resource filtering happens after the access token filtering.

Returns:
The order after the access token.

isAllowAllMethods

public boolean isAllowAllMethods()
Whether to allow all methods.

Returns:
Whether to allow all methods.

setAllowAllMethods

public void setAllowAllMethods(boolean allowAllMethods)
Whether to allow all methods.

Parameters:
allowAllMethods - Whether to allow all methods.
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2008. All Rights Reserved.