Java Reference
In-Depth Information
This request will be intercepted by the Spring Security filter and delegated to the
Spring-managed filter chain. Once SCIF is done with the preprocessing of the request, it's
APF turn to act on it. The APF is configured in the root application context, as shown in
Listing 6-7.
Listing 6-7. applicationContext-security.xml
<?xml version="1.0" encoding="UTF-8"?>
<!—Other beans -->
<bean id="authenticationProcessingFilter" class=" å
<property name="authenticationManager" ref="authenticationManager"/>
<property name="authenticationFailureUrl" value="/"/>
<property name="defaultTargetUrl" value="/secure/app/"/>
<property name="filterProcessesUrl" value="/j_spring_security_check"/>
The first decision that APF needs to make is whether the incoming request needs
authentication. For this it depends on the property filterProcessesUrl . APF will extract
the URI using the HttpServletRequest.getRequestURI method. In this case, the method
returns /eInsureWeb/j_spring_security_check . This returned value is then compared to
the context root and filterProcessUrl combination to determine whether this URL has to
be processed for authentication. You may want to customize the names of the two text
fields in Listing 6-5. I have used the default values. To use custom values, you will need to
configure the properties passwordParameter and usernameParameter of the authentication
processing filter.
Now, in the scenario under consideration, the APF determines that the incoming
request does need authentication. So, it will attempt to carry out the actual authentica-
tion. For this it will use the authenticationManager property. The authentication managers
are pluggable helpers that carry out the actual authentication; they implement the
AuthenticationManager interface. This interface defines a single method named
authenticate . This method accepts an Authentication object containing the user's
Search WWH ::

Custom Search