Spring Security offers a variety of authentication-processing choices. The
BasicProcessingFilter supports HTTP basic authentication with the user information
stored in the request header. CasProcessingFilter is used for identity verification with
JA-SIG's Central Authentication Service (CAS) SSO solution. You can read more about
DigestProcessingFilter for HTTP digest authentication, whereas X509ProcessingFilter
processes authentication with X.509 certificates.
In this topic, I will concentrate on the simpler HTTP form-based authentication sup-
ported by AuthenticationProcessingFilter . This will help you grasp the key concepts
easily and apply them to different situations. With Spring Security, this would primarily
involve configuration. The sole responsibility of this filter is to invoke the underlying
authentication provider. It inherits from the AbstractProcessingFilter , which imple-
ments the core workflow associated with authentication. The SpringSecurityFilter
implements the javax.servlet.Filter interface. It implements the doFilter method
defined by this interface and delegates the actual processing to an abstract method
doFilterHttp , which should be implemented by all subclasses.
Before proceeding, I will introduce the sign-on page, as shown in Listing 6-5.
Listing 6-5. /WEB-INF/jsp/login.jsp
<%@ taglib prefix="form" uri=" http://www.springframework.org/tags/form" %>
<form action="j_spring_security_check" method="POST">
<form:errors path="*" cssClass="errorBox" />
<td> <input type='text' name='j_username' />
<td> <input type='password' name='j_password' /> < / td>