public class AuthenticationWebFilter
extends java.lang.Object
implements org.springframework.web.server.WebFilter
WebFilter
that performs authentication of a particular request. An outline of the logic:
setRequiresAuthenticationMatcher(ServerWebExchangeMatcher)
,
then this filter does nothing and the WebFilterChain
is continued. If it does match then...
ServerWebExchange
into an Authentication
is made. If the result is
empty, then the filter does nothing more and the WebFilterChain
is continued. If it does create an
Authentication
...
ReactiveAuthenticationManager
specified in
AuthenticationWebFilter(ReactiveAuthenticationManager)
is used to perform authentication.
ReactiveAuthenticationManagerResolver
specified in
AuthenticationWebFilter(ReactiveAuthenticationManagerResolver)
is used to resolve the appropriate
authentication manager from context to perform authentication.
ServerAuthenticationSuccessHandler
is invoked and the authentication
is set on ReactiveSecurityContextHolder
, else ServerAuthenticationFailureHandler
is invoked
Constructor and Description |
---|
AuthenticationWebFilter(ReactiveAuthenticationManager authenticationManager)
Creates an instance
|
AuthenticationWebFilter(ReactiveAuthenticationManagerResolver<org.springframework.web.server.ServerWebExchange> authenticationManagerResolver)
Creates an instance
|
Modifier and Type | Method and Description |
---|---|
reactor.core.publisher.Mono<java.lang.Void> |
filter(org.springframework.web.server.ServerWebExchange exchange,
org.springframework.web.server.WebFilterChain chain) |
protected reactor.core.publisher.Mono<java.lang.Void> |
onAuthenticationSuccess(Authentication authentication,
WebFilterExchange webFilterExchange) |
void |
setAuthenticationConverter(java.util.function.Function<org.springframework.web.server.ServerWebExchange,reactor.core.publisher.Mono<Authentication>> authenticationConverter)
Deprecated.
As of 5.1 in favor of
setServerAuthenticationConverter(ServerAuthenticationConverter) |
void |
setAuthenticationFailureHandler(ServerAuthenticationFailureHandler authenticationFailureHandler)
Sets the failure handler used when authentication fails.
|
void |
setAuthenticationSuccessHandler(ServerAuthenticationSuccessHandler authenticationSuccessHandler)
Sets the authentication success handler.
|
void |
setRequiresAuthenticationMatcher(ServerWebExchangeMatcher requiresAuthenticationMatcher)
Sets the matcher used to determine when creating an
Authentication from
setServerAuthenticationConverter(ServerAuthenticationConverter) to be authentication. |
void |
setSecurityContextRepository(ServerSecurityContextRepository securityContextRepository)
Sets the repository for persisting the SecurityContext.
|
void |
setServerAuthenticationConverter(ServerAuthenticationConverter authenticationConverter)
Sets the strategy used for converting from a
ServerWebExchange to an Authentication used for
authenticating with the provided ReactiveAuthenticationManager . |
public AuthenticationWebFilter(ReactiveAuthenticationManager authenticationManager)
authenticationManager
- the authentication manager to usepublic AuthenticationWebFilter(ReactiveAuthenticationManagerResolver<org.springframework.web.server.ServerWebExchange> authenticationManagerResolver)
authenticationManagerResolver
- the authentication manager resolver to usepublic reactor.core.publisher.Mono<java.lang.Void> filter(org.springframework.web.server.ServerWebExchange exchange, org.springframework.web.server.WebFilterChain chain)
filter
in interface org.springframework.web.server.WebFilter
protected reactor.core.publisher.Mono<java.lang.Void> onAuthenticationSuccess(Authentication authentication, WebFilterExchange webFilterExchange)
public void setSecurityContextRepository(ServerSecurityContextRepository securityContextRepository)
NoOpServerSecurityContextRepository
securityContextRepository
- the repository to usepublic void setAuthenticationSuccessHandler(ServerAuthenticationSuccessHandler authenticationSuccessHandler)
WebFilterChainServerAuthenticationSuccessHandler
authenticationSuccessHandler
- the success handler to use@Deprecated public void setAuthenticationConverter(java.util.function.Function<org.springframework.web.server.ServerWebExchange,reactor.core.publisher.Mono<Authentication>> authenticationConverter)
setServerAuthenticationConverter(ServerAuthenticationConverter)
ServerWebExchange
to an Authentication
used for
authenticating with the provided ReactiveAuthenticationManager
. If the result is empty, then it signals
that no authentication attempt should be made. The default converter is
ServerHttpBasicAuthenticationConverter
authenticationConverter
- the converter to usesetServerAuthenticationConverter(ServerAuthenticationConverter)
public void setServerAuthenticationConverter(ServerAuthenticationConverter authenticationConverter)
ServerWebExchange
to an Authentication
used for
authenticating with the provided ReactiveAuthenticationManager
. If the result is empty, then it signals
that no authentication attempt should be made. The default converter is
ServerHttpBasicAuthenticationConverter
authenticationConverter
- the converter to usepublic void setAuthenticationFailureHandler(ServerAuthenticationFailureHandler authenticationFailureHandler)
authenticationFailureHandler
- the handler to use. Cannot be null.public void setRequiresAuthenticationMatcher(ServerWebExchangeMatcher requiresAuthenticationMatcher)
Authentication
from
setServerAuthenticationConverter(ServerAuthenticationConverter)
to be authentication. If the converter returns an empty
result, then no authentication is attempted. The default is any requestrequiresAuthenticationMatcher
- the matcher to use. Cannot be null.