org.springframework.security.oauth2.provider.client

Class ClientCredentialsTokenEndpointFilter

java.lang.Object

org.springframework.web.filter.GenericFilterBean

org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter

All Implemented Interfaces:

javax.servlet.Filter, Aware, BeanNameAware, DisposableBean, InitializingBean, ApplicationEventPublisherAware, EnvironmentAware, MessageSourceAware, org.springframework.core.env.EnvironmentCapable, ServletContextAware

public class ClientCredentialsTokenEndpointFilter
extends org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

A filter and authentication endpoint for the OAuth2 Token Endpoint. Allows clients to authenticate using request parameters if included as a security filter, as permitted by the specification (but not recommended). It is recommended by the specification that you permit HTTP basic authentication for clients, and not use this filter at all.

Author:

Dave Syer

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
protected static class	ClientCredentialsTokenEndpointFilter.ClientCredentialsRequestMatcher

Field Summary

Fields inherited from class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

authenticationDetailsSource, eventPublisher, messages

Fields inherited from class org.springframework.web.filter.GenericFilterBean

logger

Constructor Summary

Constructors

Constructor and Description
ClientCredentialsTokenEndpointFilter()
ClientCredentialsTokenEndpointFilter(String path)

Method Summary

Methods

Modifier and Type	Method and Description
void	afterPropertiesSet()
org.springframework.security.core.Authentication	attemptAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
void	setAllowOnlyPost(boolean allowOnlyPost)
void	setAuthenticationEntryPoint(org.springframework.security.web.AuthenticationEntryPoint authenticationEntryPoint)
protected void	successfulAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, javax.servlet.FilterChain chain, org.springframework.security.core.Authentication authResult)

Methods inherited from class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

doFilter, getAllowSessionCreation, getAuthenticationManager, getFailureHandler, getRememberMeServices, getSuccessHandler, requiresAuthentication, setAllowSessionCreation, setApplicationEventPublisher, setAuthenticationDetailsSource, setAuthenticationFailureHandler, setAuthenticationManager, setAuthenticationSuccessHandler, setContinueChainBeforeSuccessfulAuthentication, setFilterProcessesUrl, setMessageSource, setRememberMeServices, setRequiresAuthenticationRequestMatcher, setSessionAuthenticationStrategy, unsuccessfulAuthentication

Methods inherited from class org.springframework.web.filter.GenericFilterBean

addRequiredProperty, createEnvironment, destroy, getEnvironment, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

ClientCredentialsTokenEndpointFilter

public ClientCredentialsTokenEndpointFilter()

ClientCredentialsTokenEndpointFilter

public ClientCredentialsTokenEndpointFilter(String path)

Method Detail

setAllowOnlyPost

public void setAllowOnlyPost(boolean allowOnlyPost)

setAuthenticationEntryPoint

public void setAuthenticationEntryPoint(org.springframework.security.web.AuthenticationEntryPoint authenticationEntryPoint)

Parameters:

authenticationEntryPoint - the authentication entry point to set

afterPropertiesSet

public void afterPropertiesSet()

Specified by:

afterPropertiesSet in interface InitializingBean

Overrides:

afterPropertiesSet in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

attemptAuthentication

public org.springframework.security.core.Authentication attemptAuthentication(javax.servlet.http.HttpServletRequest request,
                                                                     javax.servlet.http.HttpServletResponse response)
                                                                       throws org.springframework.security.core.AuthenticationException,
                                                                              IOException,
                                                                              javax.servlet.ServletException

Specified by:

attemptAuthentication in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

Throws:

org.springframework.security.core.AuthenticationException

IOException

javax.servlet.ServletException

successfulAuthentication

protected void successfulAuthentication(javax.servlet.http.HttpServletRequest request,
                            javax.servlet.http.HttpServletResponse response,
                            javax.servlet.FilterChain chain,
                            org.springframework.security.core.Authentication authResult)
                                 throws IOException,
                                        javax.servlet.ServletException

Overrides:

successfulAuthentication in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

Throws:

IOException

javax.servlet.ServletException