Package org.springframework.security.oauth2.server.authorization.web

Class OAuth2AuthorizationEndpointFilter

java.lang.Object
org.springframework.web.filter.GenericFilterBean
org.springframework.web.filter.OncePerRequestFilter
org.springframework.security.oauth2.server.authorization.web.OAuth2AuthorizationEndpointFilter
All Implemented Interfaces:
jakarta.servlet.Filter, org.springframework.beans.factory.Aware, org.springframework.beans.factory.BeanNameAware, org.springframework.beans.factory.DisposableBean, org.springframework.beans.factory.InitializingBean, org.springframework.context.EnvironmentAware, org.springframework.core.env.EnvironmentCapable, org.springframework.web.context.ServletContextAware
public final class OAuth2AuthorizationEndpointFilter extends org.springframework.web.filter.OncePerRequestFilter
A Filter for the OAuth 2.0 Authorization Code Grant, which handles the processing of the OAuth 2.0 Authorization Request and Consent.
Since:
0.0.1
See Also:

  • Field Summary

    Fields inherited from class org.springframework.web.filter.OncePerRequestFilter

    ALREADY_FILTERED_SUFFIX

    Fields inherited from class org.springframework.web.filter.GenericFilterBean

    logger

  • Constructor Summary

    Constructors
    Constructor
    Description
    OAuth2AuthorizationEndpointFilter(org.springframework.security.authentication.AuthenticationManager authenticationManager)
    Constructs an OAuth2AuthorizationEndpointFilter using the provided parameters.
    OAuth2AuthorizationEndpointFilter(org.springframework.security.authentication.AuthenticationManager authenticationManager, String authorizationEndpointUri)
    Constructs an OAuth2AuthorizationEndpointFilter using the provided parameters.

  • Method Summary

    Modifier and Type
    Method
    Description
    protected void
    doFilterInternal(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, jakarta.servlet.FilterChain filterChain)
     
    void
    setAuthenticationConverter(org.springframework.security.web.authentication.AuthenticationConverter authenticationConverter)
    Sets the AuthenticationConverter used when attempting to extract an Authorization Request (or Consent) from HttpServletRequest to an instance of OAuth2AuthorizationCodeRequestAuthenticationToken or OAuth2AuthorizationConsentAuthenticationToken used for authenticating the request.
    void
    setAuthenticationDetailsSource(org.springframework.security.authentication.AuthenticationDetailsSource<jakarta.servlet.http.HttpServletRequest,?> authenticationDetailsSource)
    Sets the AuthenticationDetailsSource used for building an authentication details instance from HttpServletRequest.
    void
    setAuthenticationFailureHandler(org.springframework.security.web.authentication.AuthenticationFailureHandler authenticationFailureHandler)
    Sets the AuthenticationFailureHandler used for handling an OAuth2AuthorizationCodeRequestAuthenticationException and returning the Error Response.
    void
    setAuthenticationSuccessHandler(org.springframework.security.web.authentication.AuthenticationSuccessHandler authenticationSuccessHandler)
    Sets the AuthenticationSuccessHandler used for handling an OAuth2AuthorizationCodeRequestAuthenticationToken and returning the Authorization Response.
    void
    setConsentPage(String consentPage)
    Specify the URI to redirect Resource Owners to if consent is required.
    void
    setSessionAuthenticationStrategy(org.springframework.security.web.authentication.session.SessionAuthenticationStrategy sessionAuthenticationStrategy)
    Sets the SessionAuthenticationStrategy used for handling an OAuth2AuthorizationCodeRequestAuthenticationToken before calling the AuthenticationSuccessHandler.

    Methods inherited from class org.springframework.web.filter.OncePerRequestFilter

    doFilter, doFilterNestedErrorDispatch, getAlreadyFilteredAttributeName, isAsyncDispatch, isAsyncStarted, shouldNotFilter, shouldNotFilterAsyncDispatch, shouldNotFilterErrorDispatch

    Methods inherited from class org.springframework.web.filter.GenericFilterBean

    addRequiredProperty, afterPropertiesSet, createEnvironment, destroy, getEnvironment, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Constructor Details

    • OAuth2AuthorizationEndpointFilter

      public OAuth2AuthorizationEndpointFilter(org.springframework.security.authentication.AuthenticationManager authenticationManager)
      Constructs an OAuth2AuthorizationEndpointFilter using the provided parameters.
      Parameters:
      authenticationManager - the authentication manager

    • OAuth2AuthorizationEndpointFilter

      public OAuth2AuthorizationEndpointFilter(org.springframework.security.authentication.AuthenticationManager authenticationManager, String authorizationEndpointUri)
      Constructs an OAuth2AuthorizationEndpointFilter using the provided parameters.
      Parameters:
      authenticationManager - the authentication manager
      authorizationEndpointUri - the endpoint URI for authorization requests

  • Method Details

    • doFilterInternal

      protected void doFilterInternal(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, jakarta.servlet.FilterChain filterChain) throws jakarta.servlet.ServletException, IOException
      Specified by:
      doFilterInternal in class org.springframework.web.filter.OncePerRequestFilter
      Throws:
      jakarta.servlet.ServletException
      IOException

    • setAuthenticationDetailsSource

      public void setAuthenticationDetailsSource(org.springframework.security.authentication.AuthenticationDetailsSource<jakarta.servlet.http.HttpServletRequest,?> authenticationDetailsSource)
      Sets the AuthenticationDetailsSource used for building an authentication details instance from HttpServletRequest.
      Parameters:
      authenticationDetailsSource - the AuthenticationDetailsSource used for building an authentication details instance from HttpServletRequest
      Since:
      0.3.1

    • setAuthenticationConverter

      public void setAuthenticationConverter(org.springframework.security.web.authentication.AuthenticationConverter authenticationConverter)
      Sets the AuthenticationConverter used when attempting to extract an Authorization Request (or Consent) from HttpServletRequest to an instance of OAuth2AuthorizationCodeRequestAuthenticationToken or OAuth2AuthorizationConsentAuthenticationToken used for authenticating the request.
      Parameters:
      authenticationConverter - the AuthenticationConverter used when attempting to extract an Authorization Request (or Consent) from HttpServletRequest

    • setAuthenticationSuccessHandler

      public void setAuthenticationSuccessHandler(org.springframework.security.web.authentication.AuthenticationSuccessHandler authenticationSuccessHandler)
      Sets the AuthenticationSuccessHandler used for handling an OAuth2AuthorizationCodeRequestAuthenticationToken and returning the Authorization Response.
      Parameters:
      authenticationSuccessHandler - the AuthenticationSuccessHandler used for handling an OAuth2AuthorizationCodeRequestAuthenticationToken

    • setAuthenticationFailureHandler

      public void setAuthenticationFailureHandler(org.springframework.security.web.authentication.AuthenticationFailureHandler authenticationFailureHandler)
      Sets the AuthenticationFailureHandler used for handling an OAuth2AuthorizationCodeRequestAuthenticationException and returning the Error Response.
      Parameters:
      authenticationFailureHandler - the AuthenticationFailureHandler used for handling an OAuth2AuthorizationCodeRequestAuthenticationException

    • setSessionAuthenticationStrategy

      public void setSessionAuthenticationStrategy(org.springframework.security.web.authentication.session.SessionAuthenticationStrategy sessionAuthenticationStrategy)
      Sets the SessionAuthenticationStrategy used for handling an OAuth2AuthorizationCodeRequestAuthenticationToken before calling the AuthenticationSuccessHandler. If OpenID Connect is enabled, the default implementation tracks OpenID Connect sessions using a SessionRegistry.
      Parameters:
      sessionAuthenticationStrategy - the SessionAuthenticationStrategy used for handling an OAuth2AuthorizationCodeRequestAuthenticationToken
      Since:
      1.1

    • setConsentPage

      public void setConsentPage(String consentPage)
      Specify the URI to redirect Resource Owners to if consent is required. A default consent page will be generated when this attribute is not specified.
      Parameters:
      consentPage - the URI of the custom consent page to redirect to if consent is required (e.g. "/oauth2/consent")