java.lang.Object
- org.springframework.web.filter.GenericFilterBean
- - org.springframework.web.filter.OncePerRequestFilter
  - - org.springframework.security.oauth2.server.resource.web.BearerTokenAuthenticationFilter

All Implemented Interfaces:

javax.servlet.Filter, org.springframework.beans.factory.Aware, org.springframework.beans.factory.BeanNameAware, org.springframework.beans.factory.DisposableBean, org.springframework.beans.factory.InitializingBean, org.springframework.context.EnvironmentAware, org.springframework.core.env.EnvironmentCapable, org.springframework.web.context.ServletContextAware
```
public final class BearerTokenAuthenticationFilter
extends org.springframework.web.filter.OncePerRequestFilter
```
Authenticates requests that contain an OAuth 2.0 Bearer Token. This filter should be wired with an AuthenticationManager that can authenticate a BearerTokenAuthenticationToken.

Since:

5.1

See Also:

The OAuth 2.0 Authorization Framework: Bearer Token Usage, JwtAuthenticationProvider

Field Summary
- Fields inherited from class org.springframework.web.filter.OncePerRequestFilter
  ALREADY_FILTERED_SUFFIX
- Fields inherited from class org.springframework.web.filter.GenericFilterBean
  logger

Constructor Summary

Constructors
Constructor	Description
`BearerTokenAuthenticationFilter(AuthenticationManager authenticationManager)`	Construct a `BearerTokenAuthenticationFilter` using the provided parameter(s)
`BearerTokenAuthenticationFilter(AuthenticationManagerResolver<javax.servlet.http.HttpServletRequest> authenticationManagerResolver)`	Construct a `BearerTokenAuthenticationFilter` using the provided parameter(s)

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method	Description
`protected void`	`doFilterInternal(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, javax.servlet.FilterChain filterChain)`	Extract any Bearer Token from the request and attempt an authentication.
`void`	`setAuthenticationDetailsSource(AuthenticationDetailsSource<javax.servlet.http.HttpServletRequest,?> authenticationDetailsSource)`	Set the `AuthenticationDetailsSource` to use.
`void`	`setAuthenticationEntryPoint(AuthenticationEntryPoint authenticationEntryPoint)`	Set the `AuthenticationEntryPoint` to use.
`void`	`setAuthenticationFailureHandler(AuthenticationFailureHandler authenticationFailureHandler)`	Set the `AuthenticationFailureHandler` to use.
`void`	`setBearerTokenResolver(BearerTokenResolver bearerTokenResolver)`	Set the `BearerTokenResolver` to use.
`void`	`setSecurityContextHolderStrategy(SecurityContextHolderStrategy securityContextHolderStrategy)`	Sets the `SecurityContextHolderStrategy` to use.
`void`	`setSecurityContextRepository(SecurityContextRepository securityContextRepository)`	Sets the `SecurityContextRepository` to save the `SecurityContext` on authentication success.

Methods inherited from class org.springframework.web.filter.OncePerRequestFilter
doFilter, doFilterNestedErrorDispatch, getAlreadyFilteredAttributeName, isAsyncDispatch, isAsyncStarted, shouldNotFilter, shouldNotFilterAsyncDispatch, shouldNotFilterErrorDispatch

Methods inherited from class org.springframework.web.filter.GenericFilterBean
addRequiredProperty, afterPropertiesSet, createEnvironment, destroy, getEnvironment, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - BearerTokenAuthenticationFilter
```
public BearerTokenAuthenticationFilter(AuthenticationManagerResolver<javax.servlet.http.HttpServletRequest> authenticationManagerResolver)
```
    Construct a BearerTokenAuthenticationFilter using the provided parameter(s)
    
    Parameters:
    
    authenticationManagerResolver -
  - BearerTokenAuthenticationFilter
```
public BearerTokenAuthenticationFilter(AuthenticationManager authenticationManager)
```
    Construct a BearerTokenAuthenticationFilter using the provided parameter(s)
    
    Parameters:
    
    authenticationManager -
- Method Detail
  - doFilterInternal
```
protected void doFilterInternal(javax.servlet.http.HttpServletRequest request,
                                javax.servlet.http.HttpServletResponse response,
                                javax.servlet.FilterChain filterChain)
                         throws javax.servlet.ServletException,
                                java.io.IOException
```
    Extract any Bearer Token from the request and attempt an authentication.
    
    Specified by:
    
    doFilterInternal in class org.springframework.web.filter.OncePerRequestFilter
    
    Parameters:
    
    request -
    
    response -
    
    filterChain -
    
    Throws:
    
    javax.servlet.ServletException
    
    java.io.IOException
  - setSecurityContextHolderStrategy
```
public void setSecurityContextHolderStrategy(SecurityContextHolderStrategy securityContextHolderStrategy)
```
    Sets the SecurityContextHolderStrategy to use. The default action is to use the SecurityContextHolderStrategy stored in SecurityContextHolder.
    
    Since:
    
    5.8
  - setSecurityContextRepository
```
public void setSecurityContextRepository(SecurityContextRepository securityContextRepository)
```
    Sets the SecurityContextRepository to save the SecurityContext on authentication success. The default action is not to save the SecurityContext.
    
    Parameters:
    
    securityContextRepository - the SecurityContextRepository to use. Cannot be null.
  - setBearerTokenResolver
```
public void setBearerTokenResolver(BearerTokenResolver bearerTokenResolver)
```
    Set the BearerTokenResolver to use. Defaults to DefaultBearerTokenResolver.
    
    Parameters:
    
    bearerTokenResolver - the BearerTokenResolver to use
  - setAuthenticationEntryPoint
```
public void setAuthenticationEntryPoint(AuthenticationEntryPoint authenticationEntryPoint)
```
    Set the AuthenticationEntryPoint to use. Defaults to BearerTokenAuthenticationEntryPoint.
    
    Parameters:
    
    authenticationEntryPoint - the AuthenticationEntryPoint to use
  - setAuthenticationFailureHandler
```
public void setAuthenticationFailureHandler(AuthenticationFailureHandler authenticationFailureHandler)
```
    Set the AuthenticationFailureHandler to use. Default implementation invokes AuthenticationEntryPoint.
    
    Parameters:
    
    authenticationFailureHandler - the AuthenticationFailureHandler to use
    
    Since:
    
    5.2
  - setAuthenticationDetailsSource
```
public void setAuthenticationDetailsSource(AuthenticationDetailsSource<javax.servlet.http.HttpServletRequest,?> authenticationDetailsSource)
```
    Set the AuthenticationDetailsSource to use. Defaults to WebAuthenticationDetailsSource.
    
    Parameters:
    
    authenticationDetailsSource - the AuthenticationConverter to use
    
    Since:
    
    5.5

Class BearerTokenAuthenticationFilter

Field Summary

Fields inherited from class org.springframework.web.filter.OncePerRequestFilter

Fields inherited from class org.springframework.web.filter.GenericFilterBean

Constructor Summary

Method Summary

Methods inherited from class org.springframework.web.filter.OncePerRequestFilter

Methods inherited from class org.springframework.web.filter.GenericFilterBean

Methods inherited from class java.lang.Object

Constructor Detail

BearerTokenAuthenticationFilter

BearerTokenAuthenticationFilter

Method Detail

doFilterInternal

setSecurityContextHolderStrategy

setSecurityContextRepository

setBearerTokenResolver

setAuthenticationEntryPoint

setAuthenticationFailureHandler

setAuthenticationDetailsSource