Class OAuth2LoginAuthenticationFilter
java.lang.Object
org.springframework.web.filter.GenericFilterBean
org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter
- All Implemented Interfaces:
jakarta.servlet.Filter
,org.springframework.beans.factory.Aware
,org.springframework.beans.factory.BeanNameAware
,org.springframework.beans.factory.DisposableBean
,org.springframework.beans.factory.InitializingBean
,org.springframework.context.ApplicationEventPublisherAware
,org.springframework.context.EnvironmentAware
,org.springframework.context.MessageSourceAware
,org.springframework.core.env.EnvironmentCapable
,org.springframework.web.context.ServletContextAware
An implementation of an
AbstractAuthenticationProcessingFilter
for OAuth 2.0
Login.
This authentication Filter
handles the processing of an OAuth 2.0 Authorization
Response for the authorization code grant flow and delegates an
OAuth2LoginAuthenticationToken
to the AuthenticationManager
to log in
the End-User.
The OAuth 2.0 Authorization Response is processed as follows:
- Assuming the End-User (Resource Owner) has granted access to the Client, the
Authorization Server will append the
code
andstate
parameters to theredirect_uri
(provided in the Authorization Request) and redirect the End-User's user-agent back to thisFilter
(the Client). - This
Filter
will then create anOAuth2LoginAuthenticationToken
with thecode
received and delegate it to theAuthenticationManager
to authenticate. - Upon a successful authentication, an
OAuth2AuthenticationToken
is created (representing the End-UserPrincipal
) and associated to theAuthorized Client
using theOAuth2AuthorizedClientRepository
. - Finally, the
OAuth2AuthenticationToken
is returned and ultimately stored in theSecurityContextRepository
to complete the authentication processing.
- Since:
- 5.0
- See Also:
-
AbstractAuthenticationProcessingFilter
OAuth2LoginAuthenticationToken
OAuth2AuthenticationToken
OAuth2LoginAuthenticationProvider
OAuth2AuthorizationRequest
OAuth2AuthorizationResponse
AuthorizationRequestRepository
OAuth2AuthorizationRequestRedirectFilter
ClientRegistrationRepository
OAuth2AuthorizedClient
OAuth2AuthorizedClientRepository
- Section 4.1 Authorization Code Grant
- Section 4.1.2 Authorization Response
-
Field Summary
Modifier and TypeFieldDescriptionstatic final String
The defaultURI
where thisFilter
processes authentication requests.Fields inherited from class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
authenticationDetailsSource, eventPublisher, messages
Fields inherited from class org.springframework.web.filter.GenericFilterBean
logger
-
Constructor Summary
ConstructorDescriptionOAuth2LoginAuthenticationFilter
(ClientRegistrationRepository clientRegistrationRepository, OAuth2AuthorizedClientService authorizedClientService) Constructs anOAuth2LoginAuthenticationFilter
using the provided parameters.OAuth2LoginAuthenticationFilter
(ClientRegistrationRepository clientRegistrationRepository, OAuth2AuthorizedClientService authorizedClientService, String filterProcessesUrl) Constructs anOAuth2LoginAuthenticationFilter
using the provided parameters.OAuth2LoginAuthenticationFilter
(ClientRegistrationRepository clientRegistrationRepository, OAuth2AuthorizedClientRepository authorizedClientRepository, String filterProcessesUrl) Constructs anOAuth2LoginAuthenticationFilter
using the provided parameters. -
Method Summary
Modifier and TypeMethodDescriptionattemptAuthentication
(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) Performs actual authentication.final void
setAuthenticationResultConverter
(org.springframework.core.convert.converter.Converter<OAuth2LoginAuthenticationToken, OAuth2AuthenticationToken> authenticationResultConverter) Sets the converter responsible for converting fromOAuth2LoginAuthenticationToken
toOAuth2AuthenticationToken
authentication result.final void
setAuthorizationRequestRepository
(AuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository) Sets the repository for storedOAuth2AuthorizationRequest
's.Methods inherited from class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
afterPropertiesSet, doFilter, getAllowSessionCreation, getAuthenticationManager, getFailureHandler, getRememberMeServices, getSuccessHandler, requiresAuthentication, setAllowSessionCreation, setApplicationEventPublisher, setAuthenticationDetailsSource, setAuthenticationFailureHandler, setAuthenticationManager, setAuthenticationSuccessHandler, setContinueChainBeforeSuccessfulAuthentication, setFilterProcessesUrl, setMessageSource, setRememberMeServices, setRequiresAuthenticationRequestMatcher, setSecurityContextRepository, setSessionAuthenticationStrategy, successfulAuthentication, unsuccessfulAuthentication
Methods inherited from class org.springframework.web.filter.GenericFilterBean
addRequiredProperty, createEnvironment, destroy, getEnvironment, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext
-
Field Details
-
DEFAULT_FILTER_PROCESSES_URI
The defaultURI
where thisFilter
processes authentication requests.- See Also:
-
-
Constructor Details
-
OAuth2LoginAuthenticationFilter
public OAuth2LoginAuthenticationFilter(ClientRegistrationRepository clientRegistrationRepository, OAuth2AuthorizedClientService authorizedClientService) Constructs anOAuth2LoginAuthenticationFilter
using the provided parameters.- Parameters:
clientRegistrationRepository
- the repository of client registrationsauthorizedClientService
- the authorized client service
-
OAuth2LoginAuthenticationFilter
public OAuth2LoginAuthenticationFilter(ClientRegistrationRepository clientRegistrationRepository, OAuth2AuthorizedClientService authorizedClientService, String filterProcessesUrl) Constructs anOAuth2LoginAuthenticationFilter
using the provided parameters.- Parameters:
clientRegistrationRepository
- the repository of client registrationsauthorizedClientService
- the authorized client servicefilterProcessesUrl
- theURI
where thisFilter
will process the authentication requests
-
OAuth2LoginAuthenticationFilter
public OAuth2LoginAuthenticationFilter(ClientRegistrationRepository clientRegistrationRepository, OAuth2AuthorizedClientRepository authorizedClientRepository, String filterProcessesUrl) Constructs anOAuth2LoginAuthenticationFilter
using the provided parameters.- Parameters:
clientRegistrationRepository
- the repository of client registrationsauthorizedClientRepository
- the authorized client repositoryfilterProcessesUrl
- theURI
where thisFilter
will process the authentication requests- Since:
- 5.1
-
-
Method Details
-
attemptAuthentication
public Authentication attemptAuthentication(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) throws AuthenticationException Description copied from class:AbstractAuthenticationProcessingFilter
Performs actual authentication.The implementation should do one of the following:
- Return a populated authentication token for the authenticated user, indicating successful authentication
- Return null, indicating that the authentication process is still in progress. Before returning, the implementation should perform any additional work required to complete the process.
- Throw an AuthenticationException if the authentication process fails
- Specified by:
attemptAuthentication
in classAbstractAuthenticationProcessingFilter
- Parameters:
request
- from which to extract parameters and perform the authenticationresponse
- the response, which may be needed if the implementation has to do a redirect as part of a multi-stage authentication process (such as OIDC).- Returns:
- the authenticated user token, or null if authentication is incomplete.
- Throws:
AuthenticationException
- if authentication fails.
-
setAuthorizationRequestRepository
public final void setAuthorizationRequestRepository(AuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository) Sets the repository for storedOAuth2AuthorizationRequest
's.- Parameters:
authorizationRequestRepository
- the repository for storedOAuth2AuthorizationRequest
's
-
setAuthenticationResultConverter
public final void setAuthenticationResultConverter(org.springframework.core.convert.converter.Converter<OAuth2LoginAuthenticationToken, OAuth2AuthenticationToken> authenticationResultConverter) Sets the converter responsible for converting fromOAuth2LoginAuthenticationToken
toOAuth2AuthenticationToken
authentication result.- Parameters:
authenticationResultConverter
- the converter forOAuth2AuthenticationToken
's- Since:
- 5.6
-