public class TokenEndpointAuthenticationFilter extends Object implements javax.servlet.Filter
An optional authentication filter for the TokenEndpoint
. It sits downstream of another filter (usually
BasicAuthenticationFilter
) for the client, and creates an OAuth2Authentication
for the Spring
SecurityContext
if the request also contains user credentials, e.g. as typically would be the case in a
password grant. This filter is only required if the TokenEndpoint (or one of it's dependencies) needs to know about
the authenticated user. In a vanilla password grant this isn't normally necessary because the token granter
will also authenticate the user.
If this filter is used the Spring Security context will contain an OAuth2Authentication encapsulating (as the authorization request) the form parameters coming into the filter and the client id from the already authenticated client authentication, and the authenticated user token extracted from the request and validated using the authentication manager.
Constructor and Description |
---|
TokenEndpointAuthenticationFilter(org.springframework.security.authentication.AuthenticationManager authenticationManager,
OAuth2RequestFactory oAuth2RequestFactory) |
Modifier and Type | Method and Description |
---|---|
void |
destroy() |
void |
doFilter(javax.servlet.ServletRequest req,
javax.servlet.ServletResponse res,
javax.servlet.FilterChain chain) |
protected org.springframework.security.core.Authentication |
extractCredentials(javax.servlet.http.HttpServletRequest request)
If the incoming request contains user credentials in headers or parameters then extract them here into an
Authentication token that can be validated later.
|
void |
init(javax.servlet.FilterConfig filterConfig) |
protected void |
onSuccessfulAuthentication(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
org.springframework.security.core.Authentication authResult) |
protected void |
onUnsuccessfulAuthentication(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
org.springframework.security.core.AuthenticationException failed) |
void |
setAuthenticationDetailsSource(org.springframework.security.authentication.AuthenticationDetailsSource<javax.servlet.http.HttpServletRequest,?> authenticationDetailsSource)
A source of authentication details for requests that result in authentication.
|
void |
setAuthenticationEntryPoint(org.springframework.security.web.AuthenticationEntryPoint authenticationEntryPoint)
An authentication entry point that can handle unsuccessful authentication.
|
public TokenEndpointAuthenticationFilter(org.springframework.security.authentication.AuthenticationManager authenticationManager, OAuth2RequestFactory oAuth2RequestFactory)
authenticationManager
- an AuthenticationManager for the incoming requestpublic void setAuthenticationEntryPoint(org.springframework.security.web.AuthenticationEntryPoint authenticationEntryPoint)
OAuth2AuthenticationEntryPoint
.authenticationEntryPoint
- the authenticationEntryPoint to setpublic void setAuthenticationDetailsSource(org.springframework.security.authentication.AuthenticationDetailsSource<javax.servlet.http.HttpServletRequest,?> authenticationDetailsSource)
authenticationDetailsSource
- the authenticationDetailsSource to setpublic void doFilter(javax.servlet.ServletRequest req, javax.servlet.ServletResponse res, javax.servlet.FilterChain chain) throws IOException, javax.servlet.ServletException
doFilter
in interface javax.servlet.Filter
IOException
javax.servlet.ServletException
protected void onSuccessfulAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, org.springframework.security.core.Authentication authResult) throws IOException
IOException
protected void onUnsuccessfulAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, org.springframework.security.core.AuthenticationException failed) throws IOException
IOException
protected org.springframework.security.core.Authentication extractCredentials(javax.servlet.http.HttpServletRequest request)
request
- the incoming request, possibly with user credentialspublic void init(javax.servlet.FilterConfig filterConfig) throws javax.servlet.ServletException
init
in interface javax.servlet.Filter
javax.servlet.ServletException
public void destroy()
destroy
in interface javax.servlet.Filter
Copyright © 2019. All rights reserved.