Package org.springframework.security.oauth2.server.resource.web.authentication

Class BearerTokenAuthenticationFilter

java.lang.Object

org.springframework.web.filter.GenericFilterBean

org.springframework.web.filter.OncePerRequestFilter

org.springframework.security.oauth2.server.resource.web.authentication.BearerTokenAuthenticationFilter

All Implemented Interfaces:

jakarta.servlet.Filter, org.springframework.beans.factory.Aware, org.springframework.beans.factory.BeanNameAware, org.springframework.beans.factory.DisposableBean, org.springframework.beans.factory.InitializingBean, org.springframework.context.EnvironmentAware, org.springframework.core.env.EnvironmentCapable, org.springframework.web.context.ServletContextAware

Direct Known Subclasses:

BearerTokenAuthenticationFilter

public class BearerTokenAuthenticationFilter
extends org.springframework.web.filter.OncePerRequestFilter

Authenticates requests that contain an OAuth 2.0 Bearer Token. This filter should be wired with an AuthenticationManager that can authenticate a BearerTokenAuthenticationToken.

Since:

5.1

See Also:

• The OAuth 2.0 Authorization Framework: Bearer Token Usage
• JwtAuthenticationProvider

Field Summary

Fields inherited from class org.springframework.web.filter.OncePerRequestFilter

ALREADY_FILTERED_SUFFIX

Fields inherited from class org.springframework.web.filter.GenericFilterBean

logger

Constructor Summary

Constructors

Constructor	Description
BearerTokenAuthenticationFilter(AuthenticationManager authenticationManager)	Construct a BearerTokenAuthenticationFilter using the provided parameter(s)
BearerTokenAuthenticationFilter(AuthenticationManagerResolver<jakarta.servlet.http.HttpServletRequest> authenticationManagerResolver)	Construct a BearerTokenAuthenticationFilter using the provided parameter(s)

Method Summary

Modifier and Type	Method	Description
protected void	doFilterInternal(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, jakarta.servlet.FilterChain filterChain)	Extract any Bearer Token from the request and attempt an authentication.
void	setAuthenticationDetailsSource(AuthenticationDetailsSource<jakarta.servlet.http.HttpServletRequest,?> authenticationDetailsSource)	Set the AuthenticationDetailsSource to use.
void	setAuthenticationEntryPoint(AuthenticationEntryPoint authenticationEntryPoint)	Set the AuthenticationEntryPoint to use.
void	setAuthenticationFailureHandler(AuthenticationFailureHandler authenticationFailureHandler)	Set the AuthenticationFailureHandler to use.
void	setBearerTokenResolver(BearerTokenResolver bearerTokenResolver)	Set the BearerTokenResolver to use.
void	setSecurityContextHolderStrategy(SecurityContextHolderStrategy securityContextHolderStrategy)	Sets the SecurityContextHolderStrategy to use.
void	setSecurityContextRepository(SecurityContextRepository securityContextRepository)	Sets the SecurityContextRepository to save the SecurityContext on authentication success.

Methods inherited from class org.springframework.web.filter.OncePerRequestFilter

doFilter, doFilterNestedErrorDispatch, getAlreadyFilteredAttributeName, isAsyncDispatch, isAsyncStarted, shouldNotFilter, shouldNotFilterAsyncDispatch, shouldNotFilterErrorDispatch

Methods inherited from class org.springframework.web.filter.GenericFilterBean

addRequiredProperty, afterPropertiesSet, createEnvironment, destroy, getEnvironment, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

BearerTokenAuthenticationFilter

public BearerTokenAuthenticationFilter(AuthenticationManagerResolver<jakarta.servlet.http.HttpServletRequest> authenticationManagerResolver)

Construct a BearerTokenAuthenticationFilter using the provided parameter(s)

Parameters:

authenticationManagerResolver -

BearerTokenAuthenticationFilter

public BearerTokenAuthenticationFilter(AuthenticationManager authenticationManager)

Construct a BearerTokenAuthenticationFilter using the provided parameter(s)

Parameters:

authenticationManager -

Method Details

doFilterInternal

protected void doFilterInternal(jakarta.servlet.http.HttpServletRequest request,
 jakarta.servlet.http.HttpServletResponse response,
 jakarta.servlet.FilterChain filterChain)
                         throws jakarta.servlet.ServletException,
IOException

Extract any Bearer Token from the request and attempt an authentication.

Specified by:

doFilterInternal in class org.springframework.web.filter.OncePerRequestFilter

Parameters:

request -

response -

filterChain -

Throws:

jakarta.servlet.ServletException

IOException

setSecurityContextHolderStrategy

public void setSecurityContextHolderStrategy(SecurityContextHolderStrategy securityContextHolderStrategy)

Sets the SecurityContextHolderStrategy to use. The default action is to use the SecurityContextHolderStrategy stored in SecurityContextHolder.

Since:

5.8

setSecurityContextRepository

public void setSecurityContextRepository(SecurityContextRepository securityContextRepository)

Sets the SecurityContextRepository to save the SecurityContext on authentication success. The default action is not to save the SecurityContext.

Parameters:

securityContextRepository - the SecurityContextRepository to use. Cannot be null.

setBearerTokenResolver

public void setBearerTokenResolver(BearerTokenResolver bearerTokenResolver)

Set the BearerTokenResolver to use. Defaults to DefaultBearerTokenResolver.

Parameters:

bearerTokenResolver - the BearerTokenResolver to use

setAuthenticationEntryPoint

public void setAuthenticationEntryPoint(AuthenticationEntryPoint authenticationEntryPoint)

Set the AuthenticationEntryPoint to use. Defaults to BearerTokenAuthenticationEntryPoint.

Parameters:

authenticationEntryPoint - the AuthenticationEntryPoint to use

setAuthenticationFailureHandler

public void setAuthenticationFailureHandler(AuthenticationFailureHandler authenticationFailureHandler)

Set the AuthenticationFailureHandler to use. Default implementation invokes AuthenticationEntryPoint.

Parameters:

authenticationFailureHandler - the AuthenticationFailureHandler to use

Since:

5.2

setAuthenticationDetailsSource

public void setAuthenticationDetailsSource(AuthenticationDetailsSource<jakarta.servlet.http.HttpServletRequest,?> authenticationDetailsSource)

Set the AuthenticationDetailsSource to use. Defaults to WebAuthenticationDetailsSource.

Parameters:

authenticationDetailsSource - the AuthenticationConverter to use

Since:

5.5