Spring Security has various predefined servlet filters already in place which can be used for various security checks. The working of filters while request reaches to the secured resource/item in a web application having Spring Security can be pictorially shown as in Figure 15-4 below.
Figure 15-4. Spring Security filters in action accomplishing appropriate security tasks
Table 15-1 below shows all the Spring Security filters available with the Spring Security module and what is the security related task it does for your web application security.
Table 15-1. Spring Security filters and its purpose
|According to protocol requirement (HTTP or HTTPS), it redirects it accordingly.
|Ensured user doesn’t have more than set number of sessions.
|Responsible for binding SecurityContext to the SecurityContextHolder at the beginning of a web request and any changes to it it is this filters responsibility to copy it to the web session when the request ends.
|Processes an authentication form submission containing two parameters namely username and password.
|Processes a CAS processing ticket, obtains proxy granting tickets, and processes proxy tickets to do the authentication.
|Processes a HTTP basic authorization headers and does the authentication.
|Processes a HTTP digest authorization headers and does the authentication.
|Populates the ServletRequest with a request wrapper which implements the servlet API security methods.
|Attempts to obtain a JAAS Subject and continue the FilterChain running as that Subject.
|Detects if there is no Authentication object in the SecurityContext, and populates the context with a remember-me authentication token.
|Detects if there is no Authentication object in the SecurityContextHolder, and populates it with one if needed.
|Translates exception raised during authentication and authorization. For example, if there is AuthenticationException, it translates and redirects the user to a login page.
|Entrusted with the responsibility of safe-guarding the Web URL and redirecting the accessing user if they don’t have the necessary access.
Page Visitors: 10981