Class BasicAuthenticationEntryPoint

java.lang.Object

org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint

All Implemented Interfaces:

org.springframework.beans.factory.InitializingBean, AuthenticationEntryPoint

public class BasicAuthenticationEntryPoint
extends Object
implements AuthenticationEntryPoint, org.springframework.beans.factory.InitializingBean

Used by the ExceptionTranslationFilter to commence authentication via the BasicAuthenticationFilter.

Once a user agent is authenticated using BASIC authentication, logout requires that the browser be closed or an unauthorized (401) header be sent. The simplest way of achieving the latter is to call the commence(HttpServletRequest, HttpServletResponse, AuthenticationException) method below. This will indicate to the browser its credentials are no longer authorized, causing it to prompt the user to login again.

Constructor Summary

Constructors

Constructor	Description
BasicAuthenticationEntryPoint()

Method Summary

Modifier and Type	Method	Description
void	afterPropertiesSet()
void	commence(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, AuthenticationException authException)	Commences an authentication scheme.
@Nullable String	getRealmName()
void	setCharset(@Nullable Charset charset)	Sets the charset to include in the WWW-Authenticate response header.
void	setRealmName(String realmName)

Methods inherited from class Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

BasicAuthenticationEntryPoint

public BasicAuthenticationEntryPoint()

Method Details

afterPropertiesSet

public void afterPropertiesSet()

Specified by:

afterPropertiesSet in interface org.springframework.beans.factory.InitializingBean

commence

public void commence(jakarta.servlet.http.HttpServletRequest request,
 jakarta.servlet.http.HttpServletResponse response,
 AuthenticationException authException)
              throws IOException

Description copied from interface: AuthenticationEntryPoint

Commences an authentication scheme.

ExceptionTranslationFilter will populate the HttpSession attribute named AbstractAuthenticationProcessingFilter.SPRING_SECURITY_SAVED_REQUEST_KEY with the requested target URL before calling this method.

Implementations should modify the headers on the ServletResponse as necessary to commence the authentication process.

Specified by:

commence in interface AuthenticationEntryPoint

Parameters:

request - that resulted in an AuthenticationException

response - so that the user agent can begin authentication

authException - that caused the invocation

Throws:

IOException

getRealmName

public @Nullable String getRealmName()

setRealmName

public void setRealmName(String realmName)

setCharset

public void setCharset(@Nullable Charset charset)

Sets the charset to include in the WWW-Authenticate response header. By default, it is set to StandardCharsets.UTF_8. Set to null to omit the charset attribute from the header. As per RFC 7617, only UTF-8 is permitted.

Parameters:

charset - the charset to use (StandardCharsets.UTF_8 is the only accepted value), or null to remove the charset attribute

Since:

7.1