public class AuthenticationWebFilter
extends java.lang.Object
implements org.springframework.web.server.WebFilter
WebFilter
that performs authentication of a particular request. An outline of
the logic:
setRequiresAuthenticationMatcher(ServerWebExchangeMatcher)
, then this filter
does nothing and the WebFilterChain
is continued. If it does match then...ServerWebExchange
into an Authentication
is made. If the result is empty, then the filter does nothing more and the
WebFilterChain
is continued. If it does create an Authentication
...
ReactiveAuthenticationManager
specified in
AuthenticationWebFilter(ReactiveAuthenticationManager)
is used to perform
authentication.ReactiveAuthenticationManagerResolver
specified in
AuthenticationWebFilter(ReactiveAuthenticationManagerResolver)
is used to
resolve the appropriate authentication manager from context to perform authentication.
ServerAuthenticationSuccessHandler
is
invoked and the authentication is set on ReactiveSecurityContextHolder
, else
ServerAuthenticationFailureHandler
is invokedConstructor and Description |
---|
AuthenticationWebFilter(ReactiveAuthenticationManager authenticationManager)
Creates an instance
|
AuthenticationWebFilter(ReactiveAuthenticationManagerResolver<org.springframework.web.server.ServerWebExchange> authenticationManagerResolver)
Creates an instance
|
Modifier and Type | Method and Description |
---|---|
reactor.core.publisher.Mono<java.lang.Void> |
filter(org.springframework.web.server.ServerWebExchange exchange,
org.springframework.web.server.WebFilterChain chain) |
protected reactor.core.publisher.Mono<java.lang.Void> |
onAuthenticationSuccess(Authentication authentication,
WebFilterExchange webFilterExchange) |
void |
setAuthenticationConverter(java.util.function.Function<org.springframework.web.server.ServerWebExchange,reactor.core.publisher.Mono<Authentication>> authenticationConverter)
Deprecated.
As of 5.1 in favor of
setServerAuthenticationConverter(ServerAuthenticationConverter) |
void |
setAuthenticationFailureHandler(ServerAuthenticationFailureHandler authenticationFailureHandler)
Sets the failure handler used when authentication fails.
|
void |
setAuthenticationSuccessHandler(ServerAuthenticationSuccessHandler authenticationSuccessHandler)
Sets the authentication success handler.
|
void |
setRequiresAuthenticationMatcher(ServerWebExchangeMatcher requiresAuthenticationMatcher)
Sets the matcher used to determine when creating an
Authentication from
setServerAuthenticationConverter(ServerAuthenticationConverter) to be
authentication. |
void |
setSecurityContextRepository(ServerSecurityContextRepository securityContextRepository)
Sets the repository for persisting the SecurityContext.
|
void |
setServerAuthenticationConverter(ServerAuthenticationConverter authenticationConverter)
Sets the strategy used for converting from a
ServerWebExchange to an
Authentication used for authenticating with the provided
ReactiveAuthenticationManager . |
public AuthenticationWebFilter(ReactiveAuthenticationManager authenticationManager)
authenticationManager
- the authentication manager to usepublic AuthenticationWebFilter(ReactiveAuthenticationManagerResolver<org.springframework.web.server.ServerWebExchange> authenticationManagerResolver)
authenticationManagerResolver
- the authentication manager resolver to usepublic reactor.core.publisher.Mono<java.lang.Void> filter(org.springframework.web.server.ServerWebExchange exchange, org.springframework.web.server.WebFilterChain chain)
filter
in interface org.springframework.web.server.WebFilter
protected reactor.core.publisher.Mono<java.lang.Void> onAuthenticationSuccess(Authentication authentication, WebFilterExchange webFilterExchange)
public void setSecurityContextRepository(ServerSecurityContextRepository securityContextRepository)
NoOpServerSecurityContextRepository
securityContextRepository
- the repository to usepublic void setAuthenticationSuccessHandler(ServerAuthenticationSuccessHandler authenticationSuccessHandler)
WebFilterChainServerAuthenticationSuccessHandler
authenticationSuccessHandler
- the success handler to use@Deprecated public void setAuthenticationConverter(java.util.function.Function<org.springframework.web.server.ServerWebExchange,reactor.core.publisher.Mono<Authentication>> authenticationConverter)
setServerAuthenticationConverter(ServerAuthenticationConverter)
ServerWebExchange
to an
Authentication
used for authenticating with the provided
ReactiveAuthenticationManager
. If the result is empty, then it signals that
no authentication attempt should be made. The default converter is
ServerHttpBasicAuthenticationConverter
authenticationConverter
- the converter to usesetServerAuthenticationConverter(ServerAuthenticationConverter)
public void setServerAuthenticationConverter(ServerAuthenticationConverter authenticationConverter)
ServerWebExchange
to an
Authentication
used for authenticating with the provided
ReactiveAuthenticationManager
. If the result is empty, then it signals that
no authentication attempt should be made. The default converter is
ServerHttpBasicAuthenticationConverter
authenticationConverter
- the converter to usepublic void setAuthenticationFailureHandler(ServerAuthenticationFailureHandler authenticationFailureHandler)
authenticationFailureHandler
- the handler to use. Cannot be null.public void setRequiresAuthenticationMatcher(ServerWebExchangeMatcher requiresAuthenticationMatcher)
Authentication
from
setServerAuthenticationConverter(ServerAuthenticationConverter)
to be
authentication. If the converter returns an empty result, then no authentication is
attempted. The default is any requestrequiresAuthenticationMatcher
- the matcher to use. Cannot be null.