+ * Note that if a {@link #rememberMeServices} is set, this filter will + * automatically send back remember-me details to the client. Therefore, + * subsequent requests will not need to present a BASIC authentication header + * as they will be authenticated using the remember-me mechanism. + *
+ * + *
* Do not use this class directly. Instead configure
* web.xml to use the {@link
* org.acegisecurity.util.FilterToBeanProxy}.
@@ -113,18 +121,14 @@ public class BasicProcessingFilter implements Filter, InitializingBean {
//~ Instance fields ========================================================
+ private AuthenticationDetailsSource authenticationDetailsSource = new AuthenticationDetailsSourceImpl();
private AuthenticationEntryPoint authenticationEntryPoint;
private AuthenticationManager authenticationManager;
+ private RememberMeServices rememberMeServices;
private boolean ignoreFailure = false;
- private AuthenticationDetailsSource authenticationDetailsSource = new AuthenticationDetailsSourceImpl();
//~ Methods ================================================================
- public void setAuthenticationDetailsSource(AuthenticationDetailsSource authenticationDetailsSource) {
- Assert.notNull(authenticationDetailsSource, "AuthenticationDetailsSource required");
- this.authenticationDetailsSource = authenticationDetailsSource;
- }
-
public void afterPropertiesSet() throws Exception {
Assert.notNull(this.authenticationManager,
"An AuthenticationManager is required");
@@ -145,6 +149,7 @@ public class BasicProcessingFilter implements Filter, InitializingBean {
}
HttpServletRequest httpRequest = (HttpServletRequest) request;
+ HttpServletResponse httpResponse = (HttpServletResponse) response;
String header = httpRequest.getHeader("Authorization");
@@ -175,7 +180,8 @@ public class BasicProcessingFilter implements Filter, InitializingBean {
|| !existingAuth.isAuthenticated()) {
UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username,
password);
- authRequest.setDetails(authenticationDetailsSource.buildDetails((HttpServletRequest) request));
+ authRequest.setDetails(authenticationDetailsSource.buildDetails(
+ (HttpServletRequest) request));
Authentication authResult;
@@ -190,6 +196,10 @@ public class BasicProcessingFilter implements Filter, InitializingBean {
SecurityContextHolder.getContext().setAuthentication(null);
+ if (rememberMeServices != null) {
+ rememberMeServices.loginFail(httpRequest, httpResponse);
+ }
+
if (ignoreFailure) {
chain.doFilter(request, response);
} else {
@@ -207,6 +217,11 @@ public class BasicProcessingFilter implements Filter, InitializingBean {
}
SecurityContextHolder.getContext().setAuthentication(authResult);
+
+ if (rememberMeServices != null) {
+ rememberMeServices.loginSuccess(httpRequest, httpResponse,
+ authResult);
+ }
}
}
@@ -227,6 +242,13 @@ public class BasicProcessingFilter implements Filter, InitializingBean {
return ignoreFailure;
}
+ public void setAuthenticationDetailsSource(
+ AuthenticationDetailsSource authenticationDetailsSource) {
+ Assert.notNull(authenticationDetailsSource,
+ "AuthenticationDetailsSource required");
+ this.authenticationDetailsSource = authenticationDetailsSource;
+ }
+
public void setAuthenticationEntryPoint(
AuthenticationEntryPoint authenticationEntryPoint) {
this.authenticationEntryPoint = authenticationEntryPoint;
@@ -240,4 +262,8 @@ public class BasicProcessingFilter implements Filter, InitializingBean {
public void setIgnoreFailure(boolean ignoreFailure) {
this.ignoreFailure = ignoreFailure;
}
+
+ public void setRememberMeServices(RememberMeServices rememberMeServices) {
+ this.rememberMeServices = rememberMeServices;
+ }
}