Class OAuth2LoginAuthenticationFilter
- java.lang.Object
-
- org.springframework.web.filter.GenericFilterBean
-
- org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
-
- org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter
-
- All Implemented Interfaces:
javax.servlet.Filter
,org.springframework.beans.factory.Aware
,org.springframework.beans.factory.BeanNameAware
,org.springframework.beans.factory.DisposableBean
,org.springframework.beans.factory.InitializingBean
,org.springframework.context.ApplicationEventPublisherAware
,org.springframework.context.EnvironmentAware
,org.springframework.context.MessageSourceAware
,org.springframework.core.env.EnvironmentCapable
,org.springframework.web.context.ServletContextAware
public class OAuth2LoginAuthenticationFilter extends AbstractAuthenticationProcessingFilter
An implementation of anAbstractAuthenticationProcessingFilter
for OAuth 2.0 Login.This authentication
Filter
handles the processing of an OAuth 2.0 Authorization Response for the authorization code grant flow and delegates anOAuth2LoginAuthenticationToken
to theAuthenticationManager
to log in the End-User.The OAuth 2.0 Authorization Response is processed as follows:
- Assuming the End-User (Resource Owner) has granted access to the Client, the
Authorization Server will append the
code
andstate
parameters to theredirect_uri
(provided in the Authorization Request) and redirect the End-User's user-agent back to thisFilter
(the Client). - This
Filter
will then create anOAuth2LoginAuthenticationToken
with thecode
received and delegate it to theAuthenticationManager
to authenticate. - Upon a successful authentication, an
OAuth2AuthenticationToken
is created (representing the End-UserPrincipal
) and associated to theAuthorized Client
using theOAuth2AuthorizedClientRepository
. - Finally, the
OAuth2AuthenticationToken
is returned and ultimately stored in theSecurityContextRepository
to complete the authentication processing.
- Since:
- 5.0
- See Also:
AbstractAuthenticationProcessingFilter
,OAuth2LoginAuthenticationToken
,OAuth2AuthenticationToken
,OAuth2LoginAuthenticationProvider
,OAuth2AuthorizationRequest
,OAuth2AuthorizationResponse
,AuthorizationRequestRepository
,OAuth2AuthorizationRequestRedirectFilter
,ClientRegistrationRepository
,OAuth2AuthorizedClient
,OAuth2AuthorizedClientRepository
, Section 4.1 Authorization Code Grant, Section 4.1.2 Authorization Response
-
-
Field Summary
Fields Modifier and Type Field Description static java.lang.String
DEFAULT_FILTER_PROCESSES_URI
The defaultURI
where thisFilter
processes authentication requests.-
Fields inherited from class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
authenticationDetailsSource, eventPublisher, messages
-
-
Constructor Summary
Constructors Constructor Description OAuth2LoginAuthenticationFilter(ClientRegistrationRepository clientRegistrationRepository, OAuth2AuthorizedClientService authorizedClientService)
Constructs anOAuth2LoginAuthenticationFilter
using the provided parameters.OAuth2LoginAuthenticationFilter(ClientRegistrationRepository clientRegistrationRepository, OAuth2AuthorizedClientService authorizedClientService, java.lang.String filterProcessesUrl)
Constructs anOAuth2LoginAuthenticationFilter
using the provided parameters.OAuth2LoginAuthenticationFilter(ClientRegistrationRepository clientRegistrationRepository, OAuth2AuthorizedClientRepository authorizedClientRepository, java.lang.String filterProcessesUrl)
Constructs anOAuth2LoginAuthenticationFilter
using the provided parameters.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description Authentication
attemptAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
Performs actual authentication.void
setAuthenticationResultConverter(org.springframework.core.convert.converter.Converter<OAuth2LoginAuthenticationToken,OAuth2AuthenticationToken> authenticationResultConverter)
Sets the converter responsible for converting fromOAuth2LoginAuthenticationToken
toOAuth2AuthenticationToken
authentication result.void
setAuthorizationRequestRepository(AuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository)
Sets the repository for storedOAuth2AuthorizationRequest
's.-
Methods inherited from class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
afterPropertiesSet, doFilter, getAllowSessionCreation, getAuthenticationManager, getFailureHandler, getRememberMeServices, getSuccessHandler, requiresAuthentication, setAllowSessionCreation, setApplicationEventPublisher, setAuthenticationDetailsSource, setAuthenticationFailureHandler, setAuthenticationManager, setAuthenticationSuccessHandler, setContinueChainBeforeSuccessfulAuthentication, setFilterProcessesUrl, setMessageSource, setRememberMeServices, setRequiresAuthenticationRequestMatcher, setSessionAuthenticationStrategy, successfulAuthentication, unsuccessfulAuthentication
-
-
-
-
Field Detail
-
DEFAULT_FILTER_PROCESSES_URI
public static final java.lang.String DEFAULT_FILTER_PROCESSES_URI
The defaultURI
where thisFilter
processes authentication requests.- See Also:
- Constant Field Values
-
-
Constructor Detail
-
OAuth2LoginAuthenticationFilter
public OAuth2LoginAuthenticationFilter(ClientRegistrationRepository clientRegistrationRepository, OAuth2AuthorizedClientService authorizedClientService)
Constructs anOAuth2LoginAuthenticationFilter
using the provided parameters.- Parameters:
clientRegistrationRepository
- the repository of client registrationsauthorizedClientService
- the authorized client service
-
OAuth2LoginAuthenticationFilter
public OAuth2LoginAuthenticationFilter(ClientRegistrationRepository clientRegistrationRepository, OAuth2AuthorizedClientService authorizedClientService, java.lang.String filterProcessesUrl)
Constructs anOAuth2LoginAuthenticationFilter
using the provided parameters.- Parameters:
clientRegistrationRepository
- the repository of client registrationsauthorizedClientService
- the authorized client servicefilterProcessesUrl
- theURI
where thisFilter
will process the authentication requests
-
OAuth2LoginAuthenticationFilter
public OAuth2LoginAuthenticationFilter(ClientRegistrationRepository clientRegistrationRepository, OAuth2AuthorizedClientRepository authorizedClientRepository, java.lang.String filterProcessesUrl)
Constructs anOAuth2LoginAuthenticationFilter
using the provided parameters.- Parameters:
clientRegistrationRepository
- the repository of client registrationsauthorizedClientRepository
- the authorized client repositoryfilterProcessesUrl
- theURI
where thisFilter
will process the authentication requests- Since:
- 5.1
-
-
Method Detail
-
attemptAuthentication
public Authentication attemptAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws AuthenticationException
Description copied from class:AbstractAuthenticationProcessingFilter
Performs actual authentication.The implementation should do one of the following:
- Return a populated authentication token for the authenticated user, indicating successful authentication
- Return null, indicating that the authentication process is still in progress. Before returning, the implementation should perform any additional work required to complete the process.
- Throw an AuthenticationException if the authentication process fails
- Specified by:
attemptAuthentication
in classAbstractAuthenticationProcessingFilter
- Parameters:
request
- from which to extract parameters and perform the authenticationresponse
- the response, which may be needed if the implementation has to do a redirect as part of a multi-stage authentication process (such as OpenID).- Returns:
- the authenticated user token, or null if authentication is incomplete.
- Throws:
AuthenticationException
- if authentication fails.
-
setAuthorizationRequestRepository
public final void setAuthorizationRequestRepository(AuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository)
Sets the repository for storedOAuth2AuthorizationRequest
's.- Parameters:
authorizationRequestRepository
- the repository for storedOAuth2AuthorizationRequest
's
-
setAuthenticationResultConverter
public final void setAuthenticationResultConverter(org.springframework.core.convert.converter.Converter<OAuth2LoginAuthenticationToken,OAuth2AuthenticationToken> authenticationResultConverter)
Sets the converter responsible for converting fromOAuth2LoginAuthenticationToken
toOAuth2AuthenticationToken
authentication result.- Parameters:
authenticationResultConverter
- the converter forOAuth2AuthenticationToken
's- Since:
- 5.6
-
-