public class PortletProcessingInterceptor
extends java.lang.Object
implements org.springframework.web.portlet.HandlerInterceptor, org.springframework.beans.factory.InitializingBean
This interceptor is responsible for processing portlet authentication requests. This
is the portlet equivalent of the AuthenticationProcessingFilter
used for
traditional servlet-based web applications. It is applied to both ActionRequest
s
and RenderRequest
s alike. If authentication is successful, the resulting
Authentication
object will be placed into the SecurityContext
, which
is guaranteed to have already been created by an earlier interceptor. If authentication
fails, the AuthenticationException
will be placed into the
APPLICATION_SCOPE
of the PortletSession
with the attribute defined
by AbstractProcessingFilter.SPRING_SECURITY_LAST_EXCEPTION_KEY
.
Some portals do not properly provide the identity of the current user via the
getRemoteUser()
or getUserPrincipal()
methods of the
PortletRequest
. In these cases they sometimes make it available in the
USER_INFO
map provided as one of the attributes of the request. If this is
the case in your portal, you can specify a list of USER_INFO
attributes
to check for the username via the userNameAttributes
property of this bean.
You can also completely override the getPrincipalFromRequest(PortletRequest)
and getCredentialsFromRequest(PortletRequest)
methods to suit the particular
behavior of your portal.
This interceptor will put the PortletRequest
object into the
details
property of the
Authentication
object that is sent
as a request to the AuthenticationManager
. This is done so that the request
is available to classes like ContainerPortletAuthoritiesPopulator
that need
access to information from the portlet container. The PortletAuthenticationProvider
will replace this with the USER_INFO
map in the resulting Authentication
object.
AbstractProcessingFilter
,
AuthenticationProcessingFilter
Constructor and Description |
---|
PortletProcessingInterceptor() |
Modifier and Type | Method and Description |
---|---|
void |
afterActionCompletion(javax.portlet.ActionRequest request,
javax.portlet.ActionResponse response,
java.lang.Object handler,
java.lang.Exception ex) |
void |
afterEventCompletion(javax.portlet.EventRequest request,
javax.portlet.EventResponse response,
java.lang.Object handler,
java.lang.Exception ex) |
void |
afterPropertiesSet() |
void |
afterRenderCompletion(javax.portlet.RenderRequest request,
javax.portlet.RenderResponse response,
java.lang.Object handler,
java.lang.Exception ex) |
void |
afterResourceCompletion(javax.portlet.ResourceRequest request,
javax.portlet.ResourceResponse response,
java.lang.Object handler,
java.lang.Exception ex) |
protected java.lang.Object |
getCredentialsFromRequest(javax.portlet.PortletRequest request)
This method attempts to extract a credentials from the portlet request.
|
protected java.lang.Object |
getPrincipalFromRequest(javax.portlet.PortletRequest request)
This method attempts to extract a principal from the portlet request.
|
protected void |
onPreAuthentication(javax.portlet.PortletRequest request,
javax.portlet.PortletResponse response)
Callback for custom processing prior to the authentication attempt.
|
protected void |
onSuccessfulAuthentication(javax.portlet.PortletRequest request,
javax.portlet.PortletResponse response,
Authentication authResult)
Callback for custom processing after a successful authentication attempt.
|
protected void |
onUnsuccessfulAuthentication(javax.portlet.PortletRequest request,
javax.portlet.PortletResponse response,
AuthenticationException failed)
Callback for custom processing after an unsuccessful authentication attempt.
|
void |
postHandleRender(javax.portlet.RenderRequest request,
javax.portlet.RenderResponse response,
java.lang.Object handler,
org.springframework.web.portlet.ModelAndView modelAndView) |
void |
postHandleResource(javax.portlet.ResourceRequest request,
javax.portlet.ResourceResponse response,
java.lang.Object handler,
org.springframework.web.portlet.ModelAndView modelAndView) |
boolean |
preHandleAction(javax.portlet.ActionRequest request,
javax.portlet.ActionResponse response,
java.lang.Object handler) |
boolean |
preHandleEvent(javax.portlet.EventRequest request,
javax.portlet.EventResponse response,
java.lang.Object handler) |
boolean |
preHandleRender(javax.portlet.RenderRequest request,
javax.portlet.RenderResponse response,
java.lang.Object handler) |
boolean |
preHandleResource(javax.portlet.ResourceRequest request,
javax.portlet.ResourceResponse response,
java.lang.Object handler) |
void |
setAuthenticationDetailsSource(AuthenticationDetailsSource authenticationDetailsSource) |
void |
setAuthenticationManager(AuthenticationManager authenticationManager) |
void |
setUseAuthTypeAsCredentials(boolean useAuthTypeAsCredentials)
It true, the "authType" proerty of the PortletRequest will be used as the credentials.
|
void |
setUserNameAttributes(java.util.List userNameAttributes) |
public void afterPropertiesSet() throws java.lang.Exception
afterPropertiesSet
in interface org.springframework.beans.factory.InitializingBean
java.lang.Exception
public boolean preHandleAction(javax.portlet.ActionRequest request, javax.portlet.ActionResponse response, java.lang.Object handler) throws java.lang.Exception
preHandleAction
in interface org.springframework.web.portlet.HandlerInterceptor
java.lang.Exception
public boolean preHandleRender(javax.portlet.RenderRequest request, javax.portlet.RenderResponse response, java.lang.Object handler) throws java.lang.Exception
preHandleRender
in interface org.springframework.web.portlet.HandlerInterceptor
java.lang.Exception
public void postHandleRender(javax.portlet.RenderRequest request, javax.portlet.RenderResponse response, java.lang.Object handler, org.springframework.web.portlet.ModelAndView modelAndView) throws java.lang.Exception
postHandleRender
in interface org.springframework.web.portlet.HandlerInterceptor
java.lang.Exception
public void afterActionCompletion(javax.portlet.ActionRequest request, javax.portlet.ActionResponse response, java.lang.Object handler, java.lang.Exception ex) throws java.lang.Exception
afterActionCompletion
in interface org.springframework.web.portlet.HandlerInterceptor
java.lang.Exception
public void afterRenderCompletion(javax.portlet.RenderRequest request, javax.portlet.RenderResponse response, java.lang.Object handler, java.lang.Exception ex) throws java.lang.Exception
afterRenderCompletion
in interface org.springframework.web.portlet.HandlerInterceptor
java.lang.Exception
protected java.lang.Object getPrincipalFromRequest(javax.portlet.PortletRequest request)
PortletRequest should return the name
of the user in the getRemoteUser()
method. It should also provide a
java.security.Principal
object from the getUserPrincipal()
method. We will first try these to come up with a valid username.
Unfortunately, some portals do not properly return these values for authenticated
users. So, if neither of those succeeds and if the userNameAttributes
property has been populated, then we will search through the USER_INFO
map from the request to see if we can find a valid username.
This method can be overridden by subclasses to provide special handling
for portals with weak support for the JSR 168 spec.
request
- the portlet request objectprotected java.lang.Object getCredentialsFromRequest(javax.portlet.PortletRequest request)
This method can be overridden by subclasses to provide special handling for portals with weak support for the JSR 168 spec. If that is done, be sure the value is non-null for authenticated users and null for non-authenticated users.
request
- the portlet request objectprotected void onPreAuthentication(javax.portlet.PortletRequest request, javax.portlet.PortletResponse response) throws AuthenticationException, java.io.IOException
request
- the portlet request to be authenticatedresponse
- the portlet response to be authenticatedAuthenticationException
- to indicate that authentication attempt is not valid and should be terminatedjava.io.IOException
protected void onSuccessfulAuthentication(javax.portlet.PortletRequest request, javax.portlet.PortletResponse response, Authentication authResult) throws java.io.IOException
request
- the portlet request that was authenticatedresponse
- the portlet response that was authenticatedauthResult
- the resulting Authentication objectjava.io.IOException
protected void onUnsuccessfulAuthentication(javax.portlet.PortletRequest request, javax.portlet.PortletResponse response, AuthenticationException failed) throws java.io.IOException
request
- the portlet request that failed authenticationresponse
- the portlet response that failed authenticationfailed
- the AuthenticationException that occurredjava.io.IOException
public void setAuthenticationManager(AuthenticationManager authenticationManager)
public void setUserNameAttributes(java.util.List userNameAttributes)
public void setAuthenticationDetailsSource(AuthenticationDetailsSource authenticationDetailsSource)
public void setUseAuthTypeAsCredentials(boolean useAuthTypeAsCredentials)
useAuthTypeAsCredentials
- public void afterEventCompletion(javax.portlet.EventRequest request, javax.portlet.EventResponse response, java.lang.Object handler, java.lang.Exception ex) throws java.lang.Exception
afterEventCompletion
in interface org.springframework.web.portlet.HandlerInterceptor
java.lang.Exception
public boolean preHandleEvent(javax.portlet.EventRequest request, javax.portlet.EventResponse response, java.lang.Object handler) throws java.lang.Exception
preHandleEvent
in interface org.springframework.web.portlet.HandlerInterceptor
java.lang.Exception
public void afterResourceCompletion(javax.portlet.ResourceRequest request, javax.portlet.ResourceResponse response, java.lang.Object handler, java.lang.Exception ex) throws java.lang.Exception
afterResourceCompletion
in interface org.springframework.web.portlet.HandlerInterceptor
java.lang.Exception
public void postHandleResource(javax.portlet.ResourceRequest request, javax.portlet.ResourceResponse response, java.lang.Object handler, org.springframework.web.portlet.ModelAndView modelAndView) throws java.lang.Exception
postHandleResource
in interface org.springframework.web.portlet.HandlerInterceptor
java.lang.Exception
public boolean preHandleResource(javax.portlet.ResourceRequest request, javax.portlet.ResourceResponse response, java.lang.Object handler) throws java.lang.Exception
preHandleResource
in interface org.springframework.web.portlet.HandlerInterceptor
java.lang.Exception