Class AuthenticationFilter
java.lang.Object
org.springframework.web.filter.GenericFilterBean
org.springframework.web.filter.OncePerRequestFilter
org.springframework.security.web.authentication.AuthenticationFilter
- All Implemented Interfaces:
jakarta.servlet.Filter
,org.springframework.beans.factory.Aware
,org.springframework.beans.factory.BeanNameAware
,org.springframework.beans.factory.DisposableBean
,org.springframework.beans.factory.InitializingBean
,org.springframework.context.EnvironmentAware
,org.springframework.core.env.EnvironmentCapable
,org.springframework.web.context.ServletContextAware
public class AuthenticationFilter
extends org.springframework.web.filter.OncePerRequestFilter
A
Filter
that performs authentication of a particular request. An outline of
the logic:
- A request comes in and if it does not match
setRequestMatcher(RequestMatcher)
, then this filter does nothing and theFilterChain
is continued. If it does match then... - An attempt to convert the
HttpServletRequest
into anAuthentication
is made. If the result is empty, then the filter does nothing more and theFilterChain
is continued. If it does create anAuthentication
... - The
AuthenticationManager
specified inAuthenticationFilter(AuthenticationManager, AuthenticationConverter)
is used to perform authentication. - The
AuthenticationManagerResolver
specified inAuthenticationFilter(AuthenticationManagerResolver, AuthenticationConverter)
is used to resolve the appropriate authentication manager from context to perform authentication. - If authentication is successful,
AuthenticationSuccessHandler
is invoked and the authentication is set onSecurityContextHolder
, elseAuthenticationFailureHandler
is invoked
- Since:
- 5.2.0
-
Field Summary
Fields inherited from class org.springframework.web.filter.OncePerRequestFilter
ALREADY_FILTERED_SUFFIX
Fields inherited from class org.springframework.web.filter.GenericFilterBean
logger
-
Constructor Summary
ConstructorDescriptionAuthenticationFilter
(AuthenticationManagerResolver<jakarta.servlet.http.HttpServletRequest> authenticationManagerResolver, AuthenticationConverter authenticationConverter) AuthenticationFilter
(AuthenticationManager authenticationManager, AuthenticationConverter authenticationConverter) -
Method Summary
Modifier and TypeMethodDescriptionprotected void
doFilterInternal
(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, jakarta.servlet.FilterChain filterChain) AuthenticationManagerResolver<jakarta.servlet.http.HttpServletRequest>
void
setAuthenticationConverter
(AuthenticationConverter authenticationConverter) void
setAuthenticationManagerResolver
(AuthenticationManagerResolver<jakarta.servlet.http.HttpServletRequest> authenticationManagerResolver) void
setFailureHandler
(AuthenticationFailureHandler failureHandler) void
setRequestMatcher
(RequestMatcher requestMatcher) void
setSecurityContextHolderStrategy
(SecurityContextHolderStrategy securityContextHolderStrategy) Sets theSecurityContextHolderStrategy
to use.void
setSecurityContextRepository
(SecurityContextRepository securityContextRepository) Sets theSecurityContextRepository
to save theSecurityContext
on authentication success.void
setSuccessHandler
(AuthenticationSuccessHandler successHandler) Methods inherited from class org.springframework.web.filter.OncePerRequestFilter
doFilter, doFilterNestedErrorDispatch, getAlreadyFilteredAttributeName, isAsyncDispatch, isAsyncStarted, shouldNotFilter, shouldNotFilterAsyncDispatch, shouldNotFilterErrorDispatch
Methods inherited from class org.springframework.web.filter.GenericFilterBean
addRequiredProperty, afterPropertiesSet, createEnvironment, destroy, getEnvironment, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext
-
Constructor Details
-
AuthenticationFilter
public AuthenticationFilter(AuthenticationManager authenticationManager, AuthenticationConverter authenticationConverter) -
AuthenticationFilter
public AuthenticationFilter(AuthenticationManagerResolver<jakarta.servlet.http.HttpServletRequest> authenticationManagerResolver, AuthenticationConverter authenticationConverter)
-
-
Method Details
-
getRequestMatcher
-
setRequestMatcher
-
getAuthenticationConverter
-
setAuthenticationConverter
-
getSuccessHandler
-
setSuccessHandler
-
getFailureHandler
-
setFailureHandler
-
getAuthenticationManagerResolver
public AuthenticationManagerResolver<jakarta.servlet.http.HttpServletRequest> getAuthenticationManagerResolver() -
setAuthenticationManagerResolver
public void setAuthenticationManagerResolver(AuthenticationManagerResolver<jakarta.servlet.http.HttpServletRequest> authenticationManagerResolver) -
setSecurityContextRepository
Sets theSecurityContextRepository
to save theSecurityContext
on authentication success. The default action is not to save theSecurityContext
.- Parameters:
securityContextRepository
- theSecurityContextRepository
to use. Cannot be null.
-
setSecurityContextHolderStrategy
public void setSecurityContextHolderStrategy(SecurityContextHolderStrategy securityContextHolderStrategy) Sets theSecurityContextHolderStrategy
to use. The default action is to use theSecurityContextHolderStrategy
stored inSecurityContextHolder
.- Since:
- 5.8
-
doFilterInternal
protected void doFilterInternal(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, jakarta.servlet.FilterChain filterChain) throws jakarta.servlet.ServletException, IOException - Specified by:
doFilterInternal
in classorg.springframework.web.filter.OncePerRequestFilter
- Throws:
jakarta.servlet.ServletException
IOException
-