org.springframework.security.oauth2.server.authorization.web

Class OAuth2AuthorizationEndpointFilter

java.lang.Object

org.springframework.web.filter.GenericFilterBean

org.springframework.web.filter.OncePerRequestFilter

org.springframework.security.oauth2.server.authorization.web.OAuth2AuthorizationEndpointFilter

All Implemented Interfaces:

javax.servlet.Filter, org.springframework.beans.factory.Aware, org.springframework.beans.factory.BeanNameAware, org.springframework.beans.factory.DisposableBean, org.springframework.beans.factory.InitializingBean, org.springframework.context.EnvironmentAware, org.springframework.core.env.EnvironmentCapable, org.springframework.web.context.ServletContextAware

public final class OAuth2AuthorizationEndpointFilter
extends org.springframework.web.filter.OncePerRequestFilter

A Filter for the OAuth 2.0 Authorization Code Grant, which handles the processing of the OAuth 2.0 Authorization Request (and Consent).

Since:

0.0.1

See Also:

AuthenticationManager, OAuth2AuthorizationCodeRequestAuthenticationProvider, Section 4.1 Authorization Code Grant, Section 4.1.1 Authorization Request, Section 4.1.2 Authorization Response

Field Summary

Fields inherited from class org.springframework.web.filter.OncePerRequestFilter

ALREADY_FILTERED_SUFFIX

Fields inherited from class org.springframework.web.filter.GenericFilterBean

logger

Constructor Summary

Constructors

Constructor and Description
OAuth2AuthorizationEndpointFilter(org.springframework.security.authentication.AuthenticationManager authenticationManager) Constructs an OAuth2AuthorizationEndpointFilter using the provided parameters.
OAuth2AuthorizationEndpointFilter(org.springframework.security.authentication.AuthenticationManager authenticationManager, java.lang.String authorizationEndpointUri) Constructs an OAuth2AuthorizationEndpointFilter using the provided parameters.

Method Summary

Modifier and Type	Method and Description
protected void	doFilterInternal(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, javax.servlet.FilterChain filterChain)
void	setAuthenticationConverter(org.springframework.security.web.authentication.AuthenticationConverter authenticationConverter) Sets the AuthenticationConverter used when attempting to extract an Authorization Request (or Consent) from HttpServletRequest to an instance of OAuth2AuthorizationCodeRequestAuthenticationToken used for authenticating the request.
void	setAuthenticationDetailsSource(org.springframework.security.authentication.AuthenticationDetailsSource<javax.servlet.http.HttpServletRequest,?> authenticationDetailsSource) Sets the AuthenticationDetailsSource used for building an authentication details instance from HttpServletRequest.
void	setAuthenticationFailureHandler(org.springframework.security.web.authentication.AuthenticationFailureHandler authenticationFailureHandler) Sets the AuthenticationFailureHandler used for handling an OAuth2AuthorizationCodeRequestAuthenticationException and returning the Error Response.
void	setAuthenticationSuccessHandler(org.springframework.security.web.authentication.AuthenticationSuccessHandler authenticationSuccessHandler) Sets the AuthenticationSuccessHandler used for handling an OAuth2AuthorizationCodeRequestAuthenticationToken and returning the Authorization Response.
void	setConsentPage(java.lang.String consentPage) Specify the URI to redirect Resource Owners to if consent is required.

Methods inherited from class org.springframework.web.filter.OncePerRequestFilter

doFilter, doFilterNestedErrorDispatch, getAlreadyFilteredAttributeName, isAsyncDispatch, isAsyncStarted, shouldNotFilter, shouldNotFilterAsyncDispatch, shouldNotFilterErrorDispatch

Methods inherited from class org.springframework.web.filter.GenericFilterBean

addRequiredProperty, afterPropertiesSet, createEnvironment, destroy, getEnvironment, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

OAuth2AuthorizationEndpointFilter

public OAuth2AuthorizationEndpointFilter(org.springframework.security.authentication.AuthenticationManager authenticationManager)

Constructs an OAuth2AuthorizationEndpointFilter using the provided parameters.

Parameters:

authenticationManager - the authentication manager

OAuth2AuthorizationEndpointFilter

public OAuth2AuthorizationEndpointFilter(org.springframework.security.authentication.AuthenticationManager authenticationManager,
                                         java.lang.String authorizationEndpointUri)

Constructs an OAuth2AuthorizationEndpointFilter using the provided parameters.

Parameters:

authenticationManager - the authentication manager

authorizationEndpointUri - the endpoint URI for authorization requests

Method Detail

doFilterInternal

protected void doFilterInternal(javax.servlet.http.HttpServletRequest request,
                                javax.servlet.http.HttpServletResponse response,
                                javax.servlet.FilterChain filterChain)
                         throws javax.servlet.ServletException,
                                java.io.IOException

Specified by:

doFilterInternal in class org.springframework.web.filter.OncePerRequestFilter

Throws:

javax.servlet.ServletException

java.io.IOException

setAuthenticationDetailsSource

public void setAuthenticationDetailsSource(org.springframework.security.authentication.AuthenticationDetailsSource<javax.servlet.http.HttpServletRequest,?> authenticationDetailsSource)

Sets the AuthenticationDetailsSource used for building an authentication details instance from HttpServletRequest.

Parameters:

authenticationDetailsSource - the AuthenticationDetailsSource used for building an authentication details instance from HttpServletRequest

Since:

0.3.1

setAuthenticationConverter

public void setAuthenticationConverter(org.springframework.security.web.authentication.AuthenticationConverter authenticationConverter)

Sets the AuthenticationConverter used when attempting to extract an Authorization Request (or Consent) from HttpServletRequest to an instance of OAuth2AuthorizationCodeRequestAuthenticationToken used for authenticating the request.

Parameters:

authenticationConverter - the AuthenticationConverter used when attempting to extract an Authorization Request (or Consent) from HttpServletRequest

setAuthenticationSuccessHandler

public void setAuthenticationSuccessHandler(org.springframework.security.web.authentication.AuthenticationSuccessHandler authenticationSuccessHandler)

Sets the AuthenticationSuccessHandler used for handling an OAuth2AuthorizationCodeRequestAuthenticationToken and returning the Authorization Response.

Parameters:

authenticationSuccessHandler - the AuthenticationSuccessHandler used for handling an OAuth2AuthorizationCodeRequestAuthenticationToken

setAuthenticationFailureHandler

public void setAuthenticationFailureHandler(org.springframework.security.web.authentication.AuthenticationFailureHandler authenticationFailureHandler)

Sets the AuthenticationFailureHandler used for handling an OAuth2AuthorizationCodeRequestAuthenticationException and returning the Error Response.

Parameters:

authenticationFailureHandler - the AuthenticationFailureHandler used for handling an OAuth2AuthorizationCodeRequestAuthenticationException

setConsentPage

public void setConsentPage(java.lang.String consentPage)

Specify the URI to redirect Resource Owners to if consent is required. A default consent page will be generated when this attribute is not specified.

Parameters:

consentPage - the URI of the custom consent page to redirect to if consent is required (e.g. "/oauth2/consent")