Class BearerTokenAuthenticationFilter
java.lang.Object
org.springframework.web.filter.GenericFilterBean
org.springframework.web.filter.OncePerRequestFilter
org.springframework.security.oauth2.server.resource.web.authentication.BearerTokenAuthenticationFilter
- All Implemented Interfaces:
jakarta.servlet.Filter
,org.springframework.beans.factory.Aware
,org.springframework.beans.factory.BeanNameAware
,org.springframework.beans.factory.DisposableBean
,org.springframework.beans.factory.InitializingBean
,org.springframework.context.EnvironmentAware
,org.springframework.core.env.EnvironmentCapable
,org.springframework.web.context.ServletContextAware
- Direct Known Subclasses:
BearerTokenAuthenticationFilter
public class BearerTokenAuthenticationFilter
extends org.springframework.web.filter.OncePerRequestFilter
Authenticates requests that contain an OAuth 2.0
Bearer
Token.
This filter should be wired with an
AuthenticationManager
that can authenticate
a BearerTokenAuthenticationToken
.- Since:
- 5.1
- See Also:
-
Field Summary
Fields inherited from class org.springframework.web.filter.OncePerRequestFilter
ALREADY_FILTERED_SUFFIX
Fields inherited from class org.springframework.web.filter.GenericFilterBean
logger
-
Constructor Summary
ConstructorDescriptionBearerTokenAuthenticationFilter
(AuthenticationManager authenticationManager) Construct aBearerTokenAuthenticationFilter
using the provided parameter(s)BearerTokenAuthenticationFilter
(AuthenticationManagerResolver<jakarta.servlet.http.HttpServletRequest> authenticationManagerResolver) Construct aBearerTokenAuthenticationFilter
using the provided parameter(s) -
Method Summary
Modifier and TypeMethodDescriptionprotected void
doFilterInternal
(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, jakarta.servlet.FilterChain filterChain) Extract any Bearer Token from the request and attempt an authentication.void
setAuthenticationDetailsSource
(AuthenticationDetailsSource<jakarta.servlet.http.HttpServletRequest, ?> authenticationDetailsSource) Set theAuthenticationDetailsSource
to use.void
setAuthenticationEntryPoint
(AuthenticationEntryPoint authenticationEntryPoint) Set theAuthenticationEntryPoint
to use.void
setAuthenticationFailureHandler
(AuthenticationFailureHandler authenticationFailureHandler) Set theAuthenticationFailureHandler
to use.void
setBearerTokenResolver
(BearerTokenResolver bearerTokenResolver) Set theBearerTokenResolver
to use.void
setSecurityContextHolderStrategy
(SecurityContextHolderStrategy securityContextHolderStrategy) Sets theSecurityContextHolderStrategy
to use.void
setSecurityContextRepository
(SecurityContextRepository securityContextRepository) Sets theSecurityContextRepository
to save theSecurityContext
on authentication success.Methods inherited from class org.springframework.web.filter.OncePerRequestFilter
doFilter, doFilterNestedErrorDispatch, getAlreadyFilteredAttributeName, isAsyncDispatch, isAsyncStarted, shouldNotFilter, shouldNotFilterAsyncDispatch, shouldNotFilterErrorDispatch
Methods inherited from class org.springframework.web.filter.GenericFilterBean
addRequiredProperty, afterPropertiesSet, createEnvironment, destroy, getEnvironment, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext
-
Constructor Details
-
BearerTokenAuthenticationFilter
public BearerTokenAuthenticationFilter(AuthenticationManagerResolver<jakarta.servlet.http.HttpServletRequest> authenticationManagerResolver) Construct aBearerTokenAuthenticationFilter
using the provided parameter(s)- Parameters:
authenticationManagerResolver
-
-
BearerTokenAuthenticationFilter
Construct aBearerTokenAuthenticationFilter
using the provided parameter(s)- Parameters:
authenticationManager
-
-
-
Method Details
-
doFilterInternal
protected void doFilterInternal(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, jakarta.servlet.FilterChain filterChain) throws jakarta.servlet.ServletException, IOException Extract any Bearer Token from the request and attempt an authentication.- Specified by:
doFilterInternal
in classorg.springframework.web.filter.OncePerRequestFilter
- Parameters:
request
-response
-filterChain
-- Throws:
jakarta.servlet.ServletException
IOException
-
setSecurityContextHolderStrategy
public void setSecurityContextHolderStrategy(SecurityContextHolderStrategy securityContextHolderStrategy) Sets theSecurityContextHolderStrategy
to use. The default action is to use theSecurityContextHolderStrategy
stored inSecurityContextHolder
.- Since:
- 5.8
-
setSecurityContextRepository
Sets theSecurityContextRepository
to save theSecurityContext
on authentication success. The default action is not to save theSecurityContext
.- Parameters:
securityContextRepository
- theSecurityContextRepository
to use. Cannot be null.
-
setBearerTokenResolver
Set theBearerTokenResolver
to use. Defaults toDefaultBearerTokenResolver
.- Parameters:
bearerTokenResolver
- theBearerTokenResolver
to use
-
setAuthenticationEntryPoint
Set theAuthenticationEntryPoint
to use. Defaults toBearerTokenAuthenticationEntryPoint
.- Parameters:
authenticationEntryPoint
- theAuthenticationEntryPoint
to use
-
setAuthenticationFailureHandler
public void setAuthenticationFailureHandler(AuthenticationFailureHandler authenticationFailureHandler) Set theAuthenticationFailureHandler
to use. Default implementation invokesAuthenticationEntryPoint
.- Parameters:
authenticationFailureHandler
- theAuthenticationFailureHandler
to use- Since:
- 5.2
-
setAuthenticationDetailsSource
public void setAuthenticationDetailsSource(AuthenticationDetailsSource<jakarta.servlet.http.HttpServletRequest, ?> authenticationDetailsSource) Set theAuthenticationDetailsSource
to use. Defaults toWebAuthenticationDetailsSource
.- Parameters:
authenticationDetailsSource
- theAuthenticationConverter
to use- Since:
- 5.5
-