Class OpenIDAuthenticationFilter
java.lang.Object
org.springframework.web.filter.GenericFilterBean
org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
org.springframework.security.openid.OpenIDAuthenticationFilter
- All Implemented Interfaces:
jakarta.servlet.Filter
,org.springframework.beans.factory.Aware
,org.springframework.beans.factory.BeanNameAware
,org.springframework.beans.factory.DisposableBean
,org.springframework.beans.factory.InitializingBean
,org.springframework.context.ApplicationEventPublisherAware
,org.springframework.context.EnvironmentAware
,org.springframework.context.MessageSourceAware
,org.springframework.core.env.EnvironmentCapable
,org.springframework.web.context.ServletContextAware
Deprecated.
Filter which processes OpenID authentication requests.
The OpenID authentication involves two stages.
Submission of OpenID identity
The user's OpenID identity is submitted via a login form, just as it would be for a normal form login. At this stage the filter will extract the identity from the submitted request (by default, the parameter is called openid_identifier, as recommended by the OpenID 2.0 Specification). It then passes the identity to the configured OpenIDConsumer, which returns the URL to which the request should be redirected for authentication. A "return_to" URL is also supplied, which matches the URL processed by this filter, to allow the filter to handle the request once the user has been successfully authenticated. The OpenID server will then authenticate the user and redirect back to the application.Processing the Redirect from the OpenID Server
Once the user has been authenticated externally, the redirected request will be passed to the OpenIDConsumer again for validation. The returned OpenIDAuthentication will be passed to the AuthenticationManager where it should (normally) be processed by an OpenIDAuthenticationProvider in order to load the authorities for the user.- Since:
- 2.0
- See Also:
-
Field Summary
Fields inherited from class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
authenticationDetailsSource, eventPublisher, messages
Fields inherited from class org.springframework.web.filter.GenericFilterBean
logger
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionvoid
Deprecated.attemptAuthentication
(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) Deprecated.Authentication has two phases.protected String
buildReturnToUrl
(jakarta.servlet.http.HttpServletRequest request) Deprecated.Builds the return_to URL that will be sent to the OpenID service provider.protected String
lookupRealm
(String returnToUrl) Deprecated.protected String
obtainUsername
(jakarta.servlet.http.HttpServletRequest req) Deprecated.Reads the claimedIdentityFieldName from the submitted request.void
setClaimedIdentityFieldName
(String claimedIdentityFieldName) Deprecated.The name of the request parameter containing the OpenID identity, as submitted from the initial login form.void
setConsumer
(OpenIDConsumer consumer) Deprecated.void
setRealmMapping
(Map<String, String> realmMapping) Deprecated.Maps the return_to url to a realm, for example:void
setReturnToUrlParameters
(Set<String> returnToUrlParameters) Deprecated.Specifies any extra parameters submitted along with the identity field which should be appended to thereturn_to
URL which is assembled bybuildReturnToUrl(jakarta.servlet.http.HttpServletRequest)
.Methods inherited from class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
doFilter, getAllowSessionCreation, getAuthenticationManager, getFailureHandler, getRememberMeServices, getSuccessHandler, requiresAuthentication, setAllowSessionCreation, setApplicationEventPublisher, setAuthenticationDetailsSource, setAuthenticationFailureHandler, setAuthenticationManager, setAuthenticationSuccessHandler, setContinueChainBeforeSuccessfulAuthentication, setFilterProcessesUrl, setMessageSource, setRememberMeServices, setRequiresAuthenticationRequestMatcher, setSessionAuthenticationStrategy, successfulAuthentication, unsuccessfulAuthentication
Methods inherited from class org.springframework.web.filter.GenericFilterBean
addRequiredProperty, createEnvironment, destroy, getEnvironment, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext
-
Field Details
-
DEFAULT_CLAIMED_IDENTITY_FIELD
Deprecated.- See Also:
-
-
Constructor Details
-
OpenIDAuthenticationFilter
public OpenIDAuthenticationFilter()Deprecated.
-
-
Method Details
-
afterPropertiesSet
public void afterPropertiesSet()Deprecated.- Specified by:
afterPropertiesSet
in interfaceorg.springframework.beans.factory.InitializingBean
- Overrides:
afterPropertiesSet
in classAbstractAuthenticationProcessingFilter
-
attemptAuthentication
public Authentication attemptAuthentication(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) throws AuthenticationException, IOException Deprecated.Authentication has two phases.- The initial submission of the claimed OpenID. A redirect to the URL returned from the consumer will be performed and null will be returned.
- The redirection from the OpenID server to the return_to URL, once it has authenticated the user
- Specified by:
attemptAuthentication
in classAbstractAuthenticationProcessingFilter
- Parameters:
request
- from which to extract parameters and perform the authenticationresponse
- the response, which may be needed if the implementation has to do a redirect as part of a multi-stage authentication process (such as OpenID).- Returns:
- the authenticated user token, or null if authentication is incomplete.
- Throws:
AuthenticationException
- if authentication fails.IOException
-
lookupRealm
Deprecated. -
buildReturnToUrl
Deprecated.Builds the return_to URL that will be sent to the OpenID service provider. By default returns the URL of the current request.- Parameters:
request
- the current request which is being processed by this filter- Returns:
- The return_to URL.
-
obtainUsername
Deprecated.Reads the claimedIdentityFieldName from the submitted request. -
setRealmMapping
Deprecated.Maps the return_to url to a realm, for example:https://www.example.com/login/openid -> https://www.example.com/realm
If no mapping is provided then the returnToUrl will be parsed to extract the protocol, hostname and port followed by a trailing slash. This means that https://foo.example.com/login/openid will automatically become http://foo.example.com:80/- Parameters:
realmMapping
- containing returnToUrl -> realm mappings
-
setClaimedIdentityFieldName
Deprecated.The name of the request parameter containing the OpenID identity, as submitted from the initial login form.- Parameters:
claimedIdentityFieldName
- defaults to "openid_identifier"
-
setConsumer
Deprecated. -
setReturnToUrlParameters
Deprecated.Specifies any extra parameters submitted along with the identity field which should be appended to thereturn_to
URL which is assembled bybuildReturnToUrl(jakarta.servlet.http.HttpServletRequest)
.- Parameters:
returnToUrlParameters
- the set of parameter names. If not set, it will default to the parameter name used by theRememberMeServices
obtained from the parent class (if one is set).
-
spring-security-oauth2
.