Class OAuth2TokenEndpointFilter
java.lang.Object
org.springframework.web.filter.GenericFilterBean
org.springframework.web.filter.OncePerRequestFilter
org.springframework.security.oauth2.server.authorization.web.OAuth2TokenEndpointFilter
- All Implemented Interfaces:
jakarta.servlet.Filter
,org.springframework.beans.factory.Aware
,org.springframework.beans.factory.BeanNameAware
,org.springframework.beans.factory.DisposableBean
,org.springframework.beans.factory.InitializingBean
,org.springframework.context.EnvironmentAware
,org.springframework.core.env.EnvironmentCapable
,org.springframework.web.context.ServletContextAware
public final class OAuth2TokenEndpointFilter
extends org.springframework.web.filter.OncePerRequestFilter
A
Filter
for the OAuth 2.0 Token endpoint, which handles the processing of an
OAuth 2.0 Authorization Grant.
It converts the OAuth 2.0 Authorization Grant request to an Authentication
,
which is then authenticated by the AuthenticationManager
. If the authentication
succeeds, the AuthenticationManager
returns an
OAuth2AccessTokenAuthenticationToken
, which is returned in the OAuth 2.0 Access
Token response. In case of any error, an OAuth2Error
is returned in the OAuth
2.0 Error response.
By default, this Filter
responds to authorization grant requests at the
URI
/oauth2/token
and HttpMethod
POST
.
The default endpoint URI
/oauth2/token
may be overridden via the
constructor OAuth2TokenEndpointFilter(AuthenticationManager, String)
.
- Since:
- 0.0.1
- See Also:
-
Field Summary
Fields inherited from class org.springframework.web.filter.OncePerRequestFilter
ALREADY_FILTERED_SUFFIX
Fields inherited from class org.springframework.web.filter.GenericFilterBean
logger
-
Constructor Summary
ConstructorDescriptionOAuth2TokenEndpointFilter
(org.springframework.security.authentication.AuthenticationManager authenticationManager) Constructs anOAuth2TokenEndpointFilter
using the provided parameters.OAuth2TokenEndpointFilter
(org.springframework.security.authentication.AuthenticationManager authenticationManager, String tokenEndpointUri) Constructs anOAuth2TokenEndpointFilter
using the provided parameters. -
Method Summary
Modifier and TypeMethodDescriptionprotected void
doFilterInternal
(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, jakarta.servlet.FilterChain filterChain) void
setAuthenticationConverter
(org.springframework.security.web.authentication.AuthenticationConverter authenticationConverter) Sets theAuthenticationConverter
used when attempting to extract an Access Token Request fromHttpServletRequest
to an instance ofOAuth2AuthorizationGrantAuthenticationToken
used for authenticating the authorization grant.void
setAuthenticationDetailsSource
(org.springframework.security.authentication.AuthenticationDetailsSource<jakarta.servlet.http.HttpServletRequest, ?> authenticationDetailsSource) Sets theAuthenticationDetailsSource
used for building an authentication details instance fromHttpServletRequest
.void
setAuthenticationFailureHandler
(org.springframework.security.web.authentication.AuthenticationFailureHandler authenticationFailureHandler) Sets theAuthenticationFailureHandler
used for handling anOAuth2AuthenticationException
and returning theError Response
.void
setAuthenticationSuccessHandler
(org.springframework.security.web.authentication.AuthenticationSuccessHandler authenticationSuccessHandler) Sets theAuthenticationSuccessHandler
used for handling anOAuth2AccessTokenAuthenticationToken
and returning theAccess Token Response
.Methods inherited from class org.springframework.web.filter.OncePerRequestFilter
doFilter, doFilterNestedErrorDispatch, getAlreadyFilteredAttributeName, isAsyncDispatch, isAsyncStarted, shouldNotFilter, shouldNotFilterAsyncDispatch, shouldNotFilterErrorDispatch
Methods inherited from class org.springframework.web.filter.GenericFilterBean
addRequiredProperty, afterPropertiesSet, createEnvironment, destroy, getEnvironment, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext
-
Constructor Details
-
OAuth2TokenEndpointFilter
public OAuth2TokenEndpointFilter(org.springframework.security.authentication.AuthenticationManager authenticationManager) Constructs anOAuth2TokenEndpointFilter
using the provided parameters.- Parameters:
authenticationManager
- the authentication manager
-
OAuth2TokenEndpointFilter
public OAuth2TokenEndpointFilter(org.springframework.security.authentication.AuthenticationManager authenticationManager, String tokenEndpointUri) Constructs anOAuth2TokenEndpointFilter
using the provided parameters.- Parameters:
authenticationManager
- the authentication managertokenEndpointUri
- the endpointURI
for access token requests
-
-
Method Details
-
doFilterInternal
protected void doFilterInternal(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, jakarta.servlet.FilterChain filterChain) throws jakarta.servlet.ServletException, IOException - Specified by:
doFilterInternal
in classorg.springframework.web.filter.OncePerRequestFilter
- Throws:
jakarta.servlet.ServletException
IOException
-
setAuthenticationDetailsSource
public void setAuthenticationDetailsSource(org.springframework.security.authentication.AuthenticationDetailsSource<jakarta.servlet.http.HttpServletRequest, ?> authenticationDetailsSource) Sets theAuthenticationDetailsSource
used for building an authentication details instance fromHttpServletRequest
.- Parameters:
authenticationDetailsSource
- theAuthenticationDetailsSource
used for building an authentication details instance fromHttpServletRequest
-
setAuthenticationConverter
public void setAuthenticationConverter(org.springframework.security.web.authentication.AuthenticationConverter authenticationConverter) Sets theAuthenticationConverter
used when attempting to extract an Access Token Request fromHttpServletRequest
to an instance ofOAuth2AuthorizationGrantAuthenticationToken
used for authenticating the authorization grant.- Parameters:
authenticationConverter
- theAuthenticationConverter
used when attempting to extract an Access Token Request fromHttpServletRequest
-
setAuthenticationSuccessHandler
public void setAuthenticationSuccessHandler(org.springframework.security.web.authentication.AuthenticationSuccessHandler authenticationSuccessHandler) Sets theAuthenticationSuccessHandler
used for handling anOAuth2AccessTokenAuthenticationToken
and returning theAccess Token Response
.- Parameters:
authenticationSuccessHandler
- theAuthenticationSuccessHandler
used for handling anOAuth2AccessTokenAuthenticationToken
-
setAuthenticationFailureHandler
public void setAuthenticationFailureHandler(org.springframework.security.web.authentication.AuthenticationFailureHandler authenticationFailureHandler) Sets theAuthenticationFailureHandler
used for handling anOAuth2AuthenticationException
and returning theError Response
.- Parameters:
authenticationFailureHandler
- theAuthenticationFailureHandler
used for handling anOAuth2AuthenticationException
-