Class AuthenticationWebFilter
java.lang.Object
org.springframework.security.web.server.authentication.AuthenticationWebFilter
- All Implemented Interfaces:
org.springframework.web.server.WebFilter
- Direct Known Subclasses:
OAuth2LoginAuthenticationWebFilter
public class AuthenticationWebFilter
extends Object
implements org.springframework.web.server.WebFilter
A
WebFilter
that performs authentication of a particular request. An outline of
the logic:
- A request comes in and if it does not match
setRequiresAuthenticationMatcher(ServerWebExchangeMatcher)
, then this filter does nothing and theWebFilterChain
is continued. If it does match then... - An attempt to convert the
ServerWebExchange
into anAuthentication
is made. If the result is empty, then the filter does nothing more and theWebFilterChain
is continued. If it does create anAuthentication
... - The
ReactiveAuthenticationManager
specified inAuthenticationWebFilter(ReactiveAuthenticationManager)
is used to perform authentication. - The
ReactiveAuthenticationManagerResolver
specified inAuthenticationWebFilter(ReactiveAuthenticationManagerResolver)
is used to resolve the appropriate authentication manager from context to perform authentication. - If authentication is successful,
ServerAuthenticationSuccessHandler
is invoked and the authentication is set onReactiveSecurityContextHolder
, elseServerAuthenticationFailureHandler
is invoked
- Since:
- 5.0
-
Constructor Summary
ConstructorDescriptionAuthenticationWebFilter
(ReactiveAuthenticationManager authenticationManager) Creates an instanceAuthenticationWebFilter
(ReactiveAuthenticationManagerResolver<org.springframework.web.server.ServerWebExchange> authenticationManagerResolver) Creates an instance -
Method Summary
Modifier and TypeMethodDescriptionreactor.core.publisher.Mono<Void>
filter
(org.springframework.web.server.ServerWebExchange exchange, org.springframework.web.server.WebFilterChain chain) protected reactor.core.publisher.Mono<Void>
onAuthenticationSuccess
(Authentication authentication, WebFilterExchange webFilterExchange) void
setAuthenticationConverter
(Function<org.springframework.web.server.ServerWebExchange, reactor.core.publisher.Mono<Authentication>> authenticationConverter) Deprecated.void
setAuthenticationFailureHandler
(ServerAuthenticationFailureHandler authenticationFailureHandler) Sets the failure handler used when authentication fails.void
setAuthenticationSuccessHandler
(ServerAuthenticationSuccessHandler authenticationSuccessHandler) Sets the authentication success handler.void
setRequiresAuthenticationMatcher
(ServerWebExchangeMatcher requiresAuthenticationMatcher) Sets the matcher used to determine when creating anAuthentication
fromsetServerAuthenticationConverter(ServerAuthenticationConverter)
to be authentication.void
setSecurityContextRepository
(ServerSecurityContextRepository securityContextRepository) Sets the repository for persisting the SecurityContext.void
setServerAuthenticationConverter
(ServerAuthenticationConverter authenticationConverter) Sets the strategy used for converting from aServerWebExchange
to anAuthentication
used for authenticating with the providedReactiveAuthenticationManager
.
-
Constructor Details
-
AuthenticationWebFilter
Creates an instance- Parameters:
authenticationManager
- the authentication manager to use
-
AuthenticationWebFilter
public AuthenticationWebFilter(ReactiveAuthenticationManagerResolver<org.springframework.web.server.ServerWebExchange> authenticationManagerResolver) Creates an instance- Parameters:
authenticationManagerResolver
- the authentication manager resolver to use- Since:
- 5.3
-
-
Method Details
-
filter
public reactor.core.publisher.Mono<Void> filter(org.springframework.web.server.ServerWebExchange exchange, org.springframework.web.server.WebFilterChain chain) - Specified by:
filter
in interfaceorg.springframework.web.server.WebFilter
-
onAuthenticationSuccess
protected reactor.core.publisher.Mono<Void> onAuthenticationSuccess(Authentication authentication, WebFilterExchange webFilterExchange) -
setSecurityContextRepository
Sets the repository for persisting the SecurityContext. Default isNoOpServerSecurityContextRepository
- Parameters:
securityContextRepository
- the repository to use
-
setAuthenticationSuccessHandler
public void setAuthenticationSuccessHandler(ServerAuthenticationSuccessHandler authenticationSuccessHandler) Sets the authentication success handler. Default isWebFilterChainServerAuthenticationSuccessHandler
- Parameters:
authenticationSuccessHandler
- the success handler to use
-
setAuthenticationConverter
@Deprecated public void setAuthenticationConverter(Function<org.springframework.web.server.ServerWebExchange, reactor.core.publisher.Mono<Authentication>> authenticationConverter) Deprecated.As of 5.1 in favor ofsetServerAuthenticationConverter(ServerAuthenticationConverter)
Sets the strategy used for converting from aServerWebExchange
to anAuthentication
used for authenticating with the providedReactiveAuthenticationManager
. If the result is empty, then it signals that no authentication attempt should be made. The default converter isServerHttpBasicAuthenticationConverter
- Parameters:
authenticationConverter
- the converter to use- See Also:
-
setServerAuthenticationConverter
Sets the strategy used for converting from aServerWebExchange
to anAuthentication
used for authenticating with the providedReactiveAuthenticationManager
. If the result is empty, then it signals that no authentication attempt should be made. The default converter isServerHttpBasicAuthenticationConverter
- Parameters:
authenticationConverter
- the converter to use- Since:
- 5.1
-
setAuthenticationFailureHandler
public void setAuthenticationFailureHandler(ServerAuthenticationFailureHandler authenticationFailureHandler) Sets the failure handler used when authentication fails. The default is to prompt for basic authentication.- Parameters:
authenticationFailureHandler
- the handler to use. Cannot be null.
-
setRequiresAuthenticationMatcher
public void setRequiresAuthenticationMatcher(ServerWebExchangeMatcher requiresAuthenticationMatcher) Sets the matcher used to determine when creating anAuthentication
fromsetServerAuthenticationConverter(ServerAuthenticationConverter)
to be authentication. If the converter returns an empty result, then no authentication is attempted. The default is any request- Parameters:
requiresAuthenticationMatcher
- the matcher to use. Cannot be null.
-
setServerAuthenticationConverter(ServerAuthenticationConverter)