Class OneTimeTokenAuthenticationFilter

java.lang.Object
org.springframework.web.filter.GenericFilterBean
org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
org.springframework.security.web.authentication.ott.OneTimeTokenAuthenticationFilter
All Implemented Interfaces:
jakarta.servlet.Filter, org.springframework.beans.factory.Aware, org.springframework.beans.factory.BeanNameAware, org.springframework.beans.factory.DisposableBean, org.springframework.beans.factory.InitializingBean, org.springframework.context.ApplicationEventPublisherAware, org.springframework.context.EnvironmentAware, org.springframework.context.MessageSourceAware, org.springframework.core.env.EnvironmentCapable, org.springframework.web.context.ServletContextAware

public final class OneTimeTokenAuthenticationFilter extends AbstractAuthenticationProcessingFilter
Filter that processes a one-time token for log in.

By default, it uses OneTimeTokenAuthenticationConverter to extract the token from the request.

Since:
6.5
  • Field Details

  • Constructor Details

    • OneTimeTokenAuthenticationFilter

      public OneTimeTokenAuthenticationFilter()
  • Method Details

    • attemptAuthentication

      public Authentication attemptAuthentication(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) throws AuthenticationException, IOException, jakarta.servlet.ServletException
      Description copied from class: AbstractAuthenticationProcessingFilter
      Performs actual authentication.

      The implementation should do one of the following:

      1. Return a populated authentication token for the authenticated user, indicating successful authentication
      2. Return null, indicating that the authentication process is still in progress. Before returning, the implementation should perform any additional work required to complete the process.
      3. Throw an AuthenticationException if the authentication process fails
      Specified by:
      attemptAuthentication in class AbstractAuthenticationProcessingFilter
      Parameters:
      request - from which to extract parameters and perform the authentication
      response - the response, which may be needed if the implementation has to do a redirect as part of a multi-stage authentication process (such as OIDC).
      Returns:
      the authenticated user token, or null if authentication is incomplete.
      Throws:
      AuthenticationException - if authentication fails.
      IOException
      jakarta.servlet.ServletException
    • setAuthenticationConverter

      public void setAuthenticationConverter(AuthenticationConverter authenticationConverter)
      Use this AuthenticationConverter when converting incoming requests to an Authentication. By default, the OneTimeTokenAuthenticationConverter is used.
      Parameters:
      authenticationConverter - the AuthenticationConverter to use