Java Reference
In-Depth Information
Spring Security offers a variety of authentication-processing choices. The
BasicProcessingFilter
supports HTTP basic authentication with the user information
stored in the request header.
CasProcessingFilter
is used for identity verification with
JA-SIG's Central Authentication Service (CAS) SSO solution. You can read more about
DigestProcessingFilter
for HTTP digest authentication, whereas
X509ProcessingFilter
processes authentication with X.509 certificates.
In this topic, I will concentrate on the simpler HTTP form-based authentication sup-
ported by
AuthenticationProcessingFilter
. This will help you grasp the key concepts
easily and apply them to different situations. With Spring Security, this would primarily
involve configuration. The sole responsibility of this filter is to invoke the underlying
authentication provider. It inherits from the
AbstractProcessingFilter
, which imple-
ments the core workflow associated with authentication. The
SpringSecurityFilter
implements the
javax.servlet.Filter
interface. It implements the
doFilter
method
defined by this interface and delegates the actual processing to an abstract method
doFilterHttp
, which should be implemented by all subclasses.
Before proceeding, I will introduce the sign-on page, as shown in Listing 6-5.
Listing 6-5.
/WEB-INF/jsp/login.jsp
<%@ taglib prefix="form" uri="
http://www.springframework.org/tags/form"
%>
<html>
<head>
<title>Login</title>
</head>
<body>
<form action="j_spring_security_check" method="POST">
<form:errors path="*" cssClass="errorBox" />
<table>
<tr>
<td>User:</td>
<td>
<input type='text' name='j_username' />
</td>
</tr>
<tr>
<td>Password:</td>
<td>
<input type='password' name='j_password' />
<
/
td>
</tr>
