Class BearerTokenAuthenticationFilter
- java.lang.Object
-
- org.springframework.web.filter.GenericFilterBean
-
- org.springframework.web.filter.OncePerRequestFilter
-
- org.springframework.security.oauth2.server.resource.web.authentication.BearerTokenAuthenticationFilter
-
- All Implemented Interfaces:
javax.servlet.Filter
,org.springframework.beans.factory.Aware
,org.springframework.beans.factory.BeanNameAware
,org.springframework.beans.factory.DisposableBean
,org.springframework.beans.factory.InitializingBean
,org.springframework.context.EnvironmentAware
,org.springframework.core.env.EnvironmentCapable
,org.springframework.web.context.ServletContextAware
- Direct Known Subclasses:
BearerTokenAuthenticationFilter
public class BearerTokenAuthenticationFilter extends org.springframework.web.filter.OncePerRequestFilter
Authenticates requests that contain an OAuth 2.0 Bearer Token. This filter should be wired with anAuthenticationManager
that can authenticate aBearerTokenAuthenticationToken
.- Since:
- 5.1
- See Also:
- The OAuth 2.0
Authorization Framework: Bearer Token Usage,
JwtAuthenticationProvider
-
-
Constructor Summary
Constructors Constructor Description BearerTokenAuthenticationFilter(AuthenticationManager authenticationManager)
Construct aBearerTokenAuthenticationFilter
using the provided parameter(s)BearerTokenAuthenticationFilter(AuthenticationManagerResolver<javax.servlet.http.HttpServletRequest> authenticationManagerResolver)
Construct aBearerTokenAuthenticationFilter
using the provided parameter(s)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected void
doFilterInternal(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, javax.servlet.FilterChain filterChain)
Extract any Bearer Token from the request and attempt an authentication.void
setAuthenticationDetailsSource(AuthenticationDetailsSource<javax.servlet.http.HttpServletRequest,?> authenticationDetailsSource)
Set theAuthenticationDetailsSource
to use.void
setAuthenticationEntryPoint(AuthenticationEntryPoint authenticationEntryPoint)
Set theAuthenticationEntryPoint
to use.void
setAuthenticationFailureHandler(AuthenticationFailureHandler authenticationFailureHandler)
Set theAuthenticationFailureHandler
to use.void
setBearerTokenResolver(BearerTokenResolver bearerTokenResolver)
Set theBearerTokenResolver
to use.void
setSecurityContextHolderStrategy(SecurityContextHolderStrategy securityContextHolderStrategy)
Sets theSecurityContextHolderStrategy
to use.void
setSecurityContextRepository(SecurityContextRepository securityContextRepository)
Sets theSecurityContextRepository
to save theSecurityContext
on authentication success.-
Methods inherited from class org.springframework.web.filter.OncePerRequestFilter
doFilter, doFilterNestedErrorDispatch, getAlreadyFilteredAttributeName, isAsyncDispatch, isAsyncStarted, shouldNotFilter, shouldNotFilterAsyncDispatch, shouldNotFilterErrorDispatch
-
-
-
-
Constructor Detail
-
BearerTokenAuthenticationFilter
public BearerTokenAuthenticationFilter(AuthenticationManagerResolver<javax.servlet.http.HttpServletRequest> authenticationManagerResolver)
Construct aBearerTokenAuthenticationFilter
using the provided parameter(s)- Parameters:
authenticationManagerResolver
-
-
BearerTokenAuthenticationFilter
public BearerTokenAuthenticationFilter(AuthenticationManager authenticationManager)
Construct aBearerTokenAuthenticationFilter
using the provided parameter(s)- Parameters:
authenticationManager
-
-
-
Method Detail
-
doFilterInternal
protected void doFilterInternal(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, javax.servlet.FilterChain filterChain) throws javax.servlet.ServletException, java.io.IOException
Extract any Bearer Token from the request and attempt an authentication.- Specified by:
doFilterInternal
in classorg.springframework.web.filter.OncePerRequestFilter
- Parameters:
request
-response
-filterChain
-- Throws:
javax.servlet.ServletException
java.io.IOException
-
setSecurityContextHolderStrategy
public void setSecurityContextHolderStrategy(SecurityContextHolderStrategy securityContextHolderStrategy)
Sets theSecurityContextHolderStrategy
to use. The default action is to use theSecurityContextHolderStrategy
stored inSecurityContextHolder
.- Since:
- 5.8
-
setSecurityContextRepository
public void setSecurityContextRepository(SecurityContextRepository securityContextRepository)
Sets theSecurityContextRepository
to save theSecurityContext
on authentication success. The default action is not to save theSecurityContext
.- Parameters:
securityContextRepository
- theSecurityContextRepository
to use. Cannot be null.
-
setBearerTokenResolver
public void setBearerTokenResolver(BearerTokenResolver bearerTokenResolver)
Set theBearerTokenResolver
to use. Defaults toDefaultBearerTokenResolver
.- Parameters:
bearerTokenResolver
- theBearerTokenResolver
to use
-
setAuthenticationEntryPoint
public void setAuthenticationEntryPoint(AuthenticationEntryPoint authenticationEntryPoint)
Set theAuthenticationEntryPoint
to use. Defaults toBearerTokenAuthenticationEntryPoint
.- Parameters:
authenticationEntryPoint
- theAuthenticationEntryPoint
to use
-
setAuthenticationFailureHandler
public void setAuthenticationFailureHandler(AuthenticationFailureHandler authenticationFailureHandler)
Set theAuthenticationFailureHandler
to use. Default implementation invokesAuthenticationEntryPoint
.- Parameters:
authenticationFailureHandler
- theAuthenticationFailureHandler
to use- Since:
- 5.2
-
setAuthenticationDetailsSource
public void setAuthenticationDetailsSource(AuthenticationDetailsSource<javax.servlet.http.HttpServletRequest,?> authenticationDetailsSource)
Set theAuthenticationDetailsSource
to use. Defaults toWebAuthenticationDetailsSource
.- Parameters:
authenticationDetailsSource
- theAuthenticationConverter
to use- Since:
- 5.5
-
-