JsonUsernamePasswordAuthenticationFilter (JavaDocs for devon4j-security)

java.lang.Object
- org.springframework.web.filter.GenericFilterBean
- - org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
  - - com.devonfw.module.security.common.impl.rest.JsonUsernamePasswordAuthenticationFilter

All Implemented Interfaces:

javax.servlet.Filter, org.springframework.beans.factory.Aware, org.springframework.beans.factory.BeanNameAware, org.springframework.beans.factory.DisposableBean, org.springframework.beans.factory.InitializingBean, org.springframework.context.ApplicationEventPublisherAware, org.springframework.context.EnvironmentAware, org.springframework.context.MessageSourceAware, org.springframework.core.env.EnvironmentCapable, org.springframework.web.context.ServletContextAware
```
public class JsonUsernamePasswordAuthenticationFilter
extends org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
```
Processes authentication where credentials are sent as a JSON object.

The JSON object must contain two properties: a username and a password. The default properties' names to use are contained in the static fields UsernamePasswordAuthenticationFilter.SPRING_SECURITY_FORM_USERNAME_KEY and UsernamePasswordAuthenticationFilter.SPRING_SECURITY_FORM_PASSWORD_KEY. The JSON object properties' names can also be changed by setting the usernameParameter and passwordParameter properties. Assuming the default properties' names were not changed, if the credentials user/pass are to be sent, the following JSON object is expected:
```
 
     {
        "j_username": "user",
        "j_password": "pass",
    }
 
 
```
The URL this filter responds to is passed as a constructor parameter.

This authentication filter is intended for One Page Applications which handle a login page/dialog/pop-up on their own. This filter combined with:
- AuthenticationSuccessHandlerSendingOkHttpStatusCode
- SimpleUrlAuthenticationFailureHandler created using the default constructor (thus leaving the defaultFailureUrl unset)
- LogoutSuccessHandlerReturningOkHttpStatusCode
makes the login/logout API fully RESTful.

Nested Class Summary

Nested Classes
Modifier and Type Class and Description

private class JsonUsernamePasswordAuthenticationFilter.UsernameAndPasswordParser

Nested Classes
Modifier and Type	Class and Description
`private class`	`JsonUsernamePasswordAuthenticationFilter.UsernameAndPasswordParser`

Field Summary

Fields
Modifier and Type	Field and Description
`private com.fasterxml.jackson.databind.ObjectMapper`	`objectMapper`
`private String`	`passwordParameter`
`private boolean`	`postOnly`
`private String`	`usernameParameter`

Fields inherited from class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
authenticationDetailsSource, eventPublisher, messages

Fields inherited from class org.springframework.web.filter.GenericFilterBean
logger

Constructor Summary

Constructors
Constructor and Description
`JsonUsernamePasswordAuthenticationFilter(org.springframework.security.web.util.matcher.RequestMatcher requiresAuthenticationRequestMatcher)` The constructor.

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`org.springframework.security.core.Authentication`	`attemptAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)`
`String`	`getPasswordParameter()`
`String`	`getUsernameParameter()`
`boolean`	`isPostOnly()`
`void`	`setPasswordParameter(String passwordParameter)`
`void`	`setPostOnly(boolean postOnly)`
`void`	`setUsernameParameter(String usernameParameter)`

Methods inherited from class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
afterPropertiesSet, doFilter, getAllowSessionCreation, getAuthenticationManager, getFailureHandler, getRememberMeServices, getSuccessHandler, requiresAuthentication, setAllowSessionCreation, setApplicationEventPublisher, setAuthenticationDetailsSource, setAuthenticationFailureHandler, setAuthenticationManager, setAuthenticationSuccessHandler, setContinueChainBeforeSuccessfulAuthentication, setFilterProcessesUrl, setMessageSource, setRememberMeServices, setRequiresAuthenticationRequestMatcher, setSessionAuthenticationStrategy, successfulAuthentication, unsuccessfulAuthentication

Methods inherited from class org.springframework.web.filter.GenericFilterBean
addRequiredProperty, createEnvironment, destroy, getEnvironment, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

usernameParameter
```
private String usernameParameter
```

passwordParameter
```
private String passwordParameter
```

postOnly
```
private boolean postOnly
```

objectMapper

private com.fasterxml.jackson.databind.ObjectMapper objectMapper

Constructor Detail
- JsonUsernamePasswordAuthenticationFilter
```
public JsonUsernamePasswordAuthenticationFilter(org.springframework.security.web.util.matcher.RequestMatcher requiresAuthenticationRequestMatcher)
```
  The constructor.
  
  Parameters:
  
  requiresAuthenticationRequestMatcher - the RequestMatcher used to determine if authentication is required. Cannot be null.

Method Detail

attemptAuthentication

public org.springframework.security.core.Authentication attemptAuthentication(javax.servlet.http.HttpServletRequest request,
                                                                              javax.servlet.http.HttpServletResponse response)
                                                                       throws org.springframework.security.core.AuthenticationException,
                                                                              IOException,
                                                                              javax.servlet.ServletException

Specified by:: attemptAuthentication in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
Throws:: org.springframework.security.core.AuthenticationException; IOException; javax.servlet.ServletException

getUsernameParameter
```
public String getUsernameParameter()
```
Returns:

Value of usernameParameter

setUsernameParameter
```
public void setUsernameParameter(String usernameParameter)
```
Parameters:

usernameParameter - new value for usernameParameter

getPasswordParameter
```
public String getPasswordParameter()
```
Returns:

Value of passwordParameter

setPasswordParameter
```
public void setPasswordParameter(String passwordParameter)
```
Parameters:

passwordParameter - new value for passwordParameter

isPostOnly
```
public boolean isPostOnly()
```
Returns:

value of postOnly

setPostOnly
```
public void setPostOnly(boolean postOnly)
```
Parameters:

postOnly - new value for postOnly

Class JsonUsernamePasswordAuthenticationFilter

Nested Class Summary

Field Summary

Fields inherited from class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

Fields inherited from class org.springframework.web.filter.GenericFilterBean

Constructor Summary

Method Summary

Methods inherited from class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

Methods inherited from class org.springframework.web.filter.GenericFilterBean

Methods inherited from class java.lang.Object

Field Detail

usernameParameter

passwordParameter

postOnly

objectMapper

Constructor Detail

JsonUsernamePasswordAuthenticationFilter

Method Detail

attemptAuthentication

getUsernameParameter

setUsernameParameter

getPasswordParameter

setPasswordParameter

isPostOnly

setPostOnly