Exploring Crosscutting Design Patterns - Pro Java EE Spring Patterns

Java Reference

In-Depth Information

This request will be intercepted by the Spring Security filter and delegated to the

Spring-managed filter chain. Once SCIF is done with the preprocessing of the request, it's

APF turn to act on it. The APF is configured in the root application context, as shown in

Listing 6-7.

Listing 6-7. applicationContext-security.xml

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN"

<beans>

<!—Other beans -->

<bean id="authenticationProcessingFilter" class="org.springframework.security.ui. å

webapp.AuthenticationProcessingFilter">

</bean>

</beans>

The first decision that APF needs to make is whether the incoming request needs

authentication. For this it depends on the property filterProcessesUrl . APF will extract

the URI using the HttpServletRequest.getRequestURI method. In this case, the method

returns /eInsureWeb/j_spring_security_check . This returned value is then compared to

the context root and filterProcessUrl combination to determine whether this URL has to

be processed for authentication. You may want to customize the names of the two text

fields in Listing 6-5. I have used the default values. To use custom values, you will need to

configure the properties passwordParameter and usernameParameter of the authentication

processing filter.

Now, in the scenario under consideration, the APF determines that the incoming

request does need authentication. So, it will attempt to carry out the actual authentica-

tion. For this it will use the authenticationManager property. The authentication managers

are pluggable helpers that carry out the actual authentication; they implement the

AuthenticationManager interface. This interface defines a single method named

authenticate . This method accepts an Authentication object containing the user's

Search WWH ::

Custom Search

Home