Minor Javadoc improvement.

This commit is contained in:
Luke Taylor 2008-09-12 14:57:21 +00:00
parent d291def963
commit 5e4634d216
1 changed files with 17 additions and 16 deletions

View File

@ -122,7 +122,8 @@ import javax.servlet.http.HttpSession;
* The behaviour is turned off by default. Additionally there is a property <tt>migrateInvalidatedSessionAttributes</tt> * The behaviour is turned off by default. Additionally there is a property <tt>migrateInvalidatedSessionAttributes</tt>
* which tells if on session invalidation we are to migrate all session attributes from the old session to a newly * which tells if on session invalidation we are to migrate all session attributes from the old session to a newly
* created one. This is turned on by default, but not used unless <tt>invalidateSessionOnSuccessfulAuthentication</tt> * created one. This is turned on by default, but not used unless <tt>invalidateSessionOnSuccessfulAuthentication</tt>
* is true. * is true. If you are using this feature in combination with concurrent session control, you should set the
* <tt>sessionRegistry</tt> property to make sure that the session information is updated consistently.
* *
* @author Ben Alex * @author Ben Alex
* @version $Id$ * @version $Id$
@ -147,14 +148,14 @@ public abstract class AbstractProcessingFilter extends SpringSecurityFilter impl
private Properties exceptionMappings = new Properties(); private Properties exceptionMappings = new Properties();
/** /**
* Delay use of NullRememberMeServices until initialization so that namespace has a chance to inject * Delay use of NullRememberMeServices until initialization so that namespace has a chance to inject
* the RememberMeServices implementation into custom implementations. * the RememberMeServices implementation into custom implementations.
*/ */
private RememberMeServices rememberMeServices = null; private RememberMeServices rememberMeServices = null;
private TargetUrlResolver targetUrlResolver = new TargetUrlResolverImpl(); private TargetUrlResolver targetUrlResolver = new TargetUrlResolverImpl();
/** Where to redirect the browser to if authentication fails */ /** Where to redirect the browser to if authentication fails */
private String authenticationFailureUrl; private String authenticationFailureUrl;
@ -210,22 +211,22 @@ public abstract class AbstractProcessingFilter extends SpringSecurityFilter impl
private boolean migrateInvalidatedSessionAttributes = true; private boolean migrateInvalidatedSessionAttributes = true;
private boolean allowSessionCreation = true; private boolean allowSessionCreation = true;
private boolean serverSideRedirect = false; private boolean serverSideRedirect = false;
private SessionRegistry sessionRegistry; private SessionRegistry sessionRegistry;
//~ Methods ======================================================================================================== //~ Methods ========================================================================================================
public void afterPropertiesSet() throws Exception { public void afterPropertiesSet() throws Exception {
Assert.hasLength(filterProcessesUrl, "filterProcessesUrl must be specified"); Assert.hasLength(filterProcessesUrl, "filterProcessesUrl must be specified");
Assert.isTrue(UrlUtils.isValidRedirectUrl(filterProcessesUrl), filterProcessesUrl + " isn't a valid redirect URL"); Assert.isTrue(UrlUtils.isValidRedirectUrl(filterProcessesUrl), filterProcessesUrl + " isn't a valid redirect URL");
Assert.hasLength(defaultTargetUrl, "defaultTargetUrl must be specified"); Assert.hasLength(defaultTargetUrl, "defaultTargetUrl must be specified");
Assert.isTrue(UrlUtils.isValidRedirectUrl(defaultTargetUrl), defaultTargetUrl + " isn't a valid redirect URL"); Assert.isTrue(UrlUtils.isValidRedirectUrl(defaultTargetUrl), defaultTargetUrl + " isn't a valid redirect URL");
Assert.isTrue(UrlUtils.isValidRedirectUrl(authenticationFailureUrl), authenticationFailureUrl + " isn't a valid redirect URL"); Assert.isTrue(UrlUtils.isValidRedirectUrl(authenticationFailureUrl), authenticationFailureUrl + " isn't a valid redirect URL");
Assert.notNull(authenticationManager, "authenticationManager must be specified"); Assert.notNull(authenticationManager, "authenticationManager must be specified");
Assert.notNull(targetUrlResolver, "targetUrlResolver cannot be null"); Assert.notNull(targetUrlResolver, "targetUrlResolver cannot be null");
if (rememberMeServices == null) { if (rememberMeServices == null) {
rememberMeServices = new NullRememberMeServices(); rememberMeServices = new NullRememberMeServices();
} }
@ -279,7 +280,7 @@ public abstract class AbstractProcessingFilter extends SpringSecurityFilter impl
public static String obtainFullSavedRequestUrl(HttpServletRequest request) { public static String obtainFullSavedRequestUrl(HttpServletRequest request) {
SavedRequest savedRequest = getSavedRequest(request); SavedRequest savedRequest = getSavedRequest(request);
return savedRequest == null ? null : savedRequest.getFullRequestUrl(); return savedRequest == null ? null : savedRequest.getFullRequestUrl();
} }
@ -294,7 +295,7 @@ public abstract class AbstractProcessingFilter extends SpringSecurityFilter impl
return savedRequest; return savedRequest;
} }
protected void onPreAuthentication(HttpServletRequest request, HttpServletResponse response) protected void onPreAuthentication(HttpServletRequest request, HttpServletResponse response)
throws AuthenticationException, IOException { throws AuthenticationException, IOException {
} }
@ -387,7 +388,7 @@ public abstract class AbstractProcessingFilter extends SpringSecurityFilter impl
protected String determineTargetUrl(HttpServletRequest request) { protected String determineTargetUrl(HttpServletRequest request) {
// Don't attempt to obtain the url from the saved request if alwaysUsedefaultTargetUrl is set // Don't attempt to obtain the url from the saved request if alwaysUsedefaultTargetUrl is set
String targetUrl = alwaysUseDefaultTargetUrl ? null : String targetUrl = alwaysUseDefaultTargetUrl ? null :
targetUrlResolver.determineTargetUrl(getSavedRequest(request), request, SecurityContextHolder.getContext().getAuthentication()); targetUrlResolver.determineTargetUrl(getSavedRequest(request), request, SecurityContextHolder.getContext().getAuthentication());
if (targetUrl == null) { if (targetUrl == null) {
@ -424,11 +425,11 @@ public abstract class AbstractProcessingFilter extends SpringSecurityFilter impl
onUnsuccessfulAuthentication(request, response, failed); onUnsuccessfulAuthentication(request, response, failed);
rememberMeServices.loginFail(request, response); rememberMeServices.loginFail(request, response);
if (failureUrl == null) { if (failureUrl == null) {
response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Authentication Failed:" + failed.getMessage()); response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Authentication Failed:" + failed.getMessage());
} else if (serverSideRedirect){ } else if (serverSideRedirect){
request.getRequestDispatcher(failureUrl).forward(request, response); request.getRequestDispatcher(failureUrl).forward(request, response);
} else { } else {
sendRedirect(request, response, failureUrl); sendRedirect(request, response, failureUrl);
} }
@ -573,13 +574,13 @@ public abstract class AbstractProcessingFilter extends SpringSecurityFilter impl
* Tells if we are to do a server side include of the error URL instead of a 302 redirect. * Tells if we are to do a server side include of the error URL instead of a 302 redirect.
* *
* @param serverSideRedirect * @param serverSideRedirect
*/ */
public void setServerSideRedirect(boolean serverSideRedirect) { public void setServerSideRedirect(boolean serverSideRedirect) {
this.serverSideRedirect = serverSideRedirect; this.serverSideRedirect = serverSideRedirect;
} }
/** /**
* The session registry needs to be set if session fixation attack protection is in use (and concurrent * The session registry needs to be set if session fixation attack protection is in use (and concurrent
* session control is enabled). * session control is enabled).
*/ */
public void setSessionRegistry(SessionRegistry sessionRegistry) { public void setSessionRegistry(SessionRegistry sessionRegistry) {