Package org.springframework.security.oauth2.client.web

Class OAuth2LoginAuthenticationFilter

java.lang.Object
org.springframework.web.filter.GenericFilterBean
org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter
All Implemented Interfaces:
jakarta.servlet.Filter, org.springframework.beans.factory.Aware, org.springframework.beans.factory.BeanNameAware, org.springframework.beans.factory.DisposableBean, org.springframework.beans.factory.InitializingBean, org.springframework.context.ApplicationEventPublisherAware, org.springframework.context.EnvironmentAware, org.springframework.context.MessageSourceAware, org.springframework.core.env.EnvironmentCapable, org.springframework.web.context.ServletContextAware
public class OAuth2LoginAuthenticationFilter extends org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
An implementation of an AbstractAuthenticationProcessingFilter for OAuth 2.0 Login.

This authentication Filter handles the processing of an OAuth 2.0 Authorization Response for the authorization code grant flow and delegates an OAuth2LoginAuthenticationToken to the AuthenticationManager to log in the End-User.

The OAuth 2.0 Authorization Response is processed as follows:

  • Assuming the End-User (Resource Owner) has granted access to the Client, the Authorization Server will append the code and state parameters to the redirect_uri (provided in the Authorization Request) and redirect the End-User's user-agent back to this Filter (the Client).
  • This Filter will then create an OAuth2LoginAuthenticationToken with the code received and delegate it to the AuthenticationManager to authenticate.
  • Upon a successful authentication, an OAuth2AuthenticationToken is created (representing the End-User Principal) and associated to the Authorized Client using the OAuth2AuthorizedClientRepository.
  • Finally, the OAuth2AuthenticationToken is returned and ultimately stored in the SecurityContextRepository to complete the authentication processing.
Since:
5.0
See Also:

  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    static final String
    DEFAULT_FILTER_PROCESSES_URI
    The default URI where this Filter processes authentication requests.

    Fields inherited from class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

    authenticationDetailsSource, eventPublisher, messages

    Fields inherited from class org.springframework.web.filter.GenericFilterBean

    logger

  • Constructor Summary

    Constructors
    Constructor
    Description
    OAuth2LoginAuthenticationFilter(ClientRegistrationRepository clientRegistrationRepository, OAuth2AuthorizedClientService authorizedClientService)
    Constructs an OAuth2LoginAuthenticationFilter using the provided parameters.
    OAuth2LoginAuthenticationFilter(ClientRegistrationRepository clientRegistrationRepository, OAuth2AuthorizedClientService authorizedClientService, String filterProcessesUrl)
    Constructs an OAuth2LoginAuthenticationFilter using the provided parameters.
    OAuth2LoginAuthenticationFilter(ClientRegistrationRepository clientRegistrationRepository, OAuth2AuthorizedClientRepository authorizedClientRepository, String filterProcessesUrl)
    Constructs an OAuth2LoginAuthenticationFilter using the provided parameters.

  • Method Summary

    Modifier and Type
    Method
    Description
    org.springframework.security.core.Authentication
    attemptAuthentication(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response)
     
    final void
    setAuthenticationResultConverter(org.springframework.core.convert.converter.Converter<OAuth2LoginAuthenticationToken,OAuth2AuthenticationToken> authenticationResultConverter)
    Sets the converter responsible for converting from OAuth2LoginAuthenticationToken to OAuth2AuthenticationToken authentication result.
    final void
    setAuthorizationRequestRepository(AuthorizationRequestRepository<org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest> authorizationRequestRepository)
    Sets the repository for stored OAuth2AuthorizationRequest's.

    Methods inherited from class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

    afterPropertiesSet, doFilter, getAllowSessionCreation, getAuthenticationManager, getFailureHandler, getRememberMeServices, getSuccessHandler, requiresAuthentication, setAllowSessionCreation, setApplicationEventPublisher, setAuthenticationDetailsSource, setAuthenticationFailureHandler, setAuthenticationManager, setAuthenticationSuccessHandler, setContinueChainBeforeSuccessfulAuthentication, setFilterProcessesUrl, setMessageSource, setRememberMeServices, setRequiresAuthenticationRequestMatcher, setSecurityContextHolderStrategy, setSecurityContextRepository, setSessionAuthenticationStrategy, successfulAuthentication, unsuccessfulAuthentication

    Methods inherited from class org.springframework.web.filter.GenericFilterBean

    addRequiredProperty, createEnvironment, destroy, getEnvironment, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Field Details

    • DEFAULT_FILTER_PROCESSES_URI

      public static final String DEFAULT_FILTER_PROCESSES_URI
      The default URI where this Filter processes authentication requests.
      See Also:

  • Constructor Details

    • OAuth2LoginAuthenticationFilter

      public OAuth2LoginAuthenticationFilter(ClientRegistrationRepository clientRegistrationRepository, OAuth2AuthorizedClientService authorizedClientService)
      Constructs an OAuth2LoginAuthenticationFilter using the provided parameters.
      Parameters:
      clientRegistrationRepository - the repository of client registrations
      authorizedClientService - the authorized client service

    • OAuth2LoginAuthenticationFilter

      public OAuth2LoginAuthenticationFilter(ClientRegistrationRepository clientRegistrationRepository, OAuth2AuthorizedClientService authorizedClientService, String filterProcessesUrl)
      Constructs an OAuth2LoginAuthenticationFilter using the provided parameters.
      Parameters:
      clientRegistrationRepository - the repository of client registrations
      authorizedClientService - the authorized client service
      filterProcessesUrl - the URI where this Filter will process the authentication requests

    • OAuth2LoginAuthenticationFilter

      public OAuth2LoginAuthenticationFilter(ClientRegistrationRepository clientRegistrationRepository, OAuth2AuthorizedClientRepository authorizedClientRepository, String filterProcessesUrl)
      Constructs an OAuth2LoginAuthenticationFilter using the provided parameters.
      Parameters:
      clientRegistrationRepository - the repository of client registrations
      authorizedClientRepository - the authorized client repository
      filterProcessesUrl - the URI where this Filter will process the authentication requests
      Since:
      5.1

  • Method Details

    • attemptAuthentication

      public org.springframework.security.core.Authentication attemptAuthentication(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) throws org.springframework.security.core.AuthenticationException
      Specified by:
      attemptAuthentication in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
      Throws:
      org.springframework.security.core.AuthenticationException

    • setAuthorizationRequestRepository

      public final void setAuthorizationRequestRepository(AuthorizationRequestRepository<org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest> authorizationRequestRepository)
      Sets the repository for stored OAuth2AuthorizationRequest's.
      Parameters:
      authorizationRequestRepository - the repository for stored OAuth2AuthorizationRequest's

    • setAuthenticationResultConverter

      public final void setAuthenticationResultConverter(org.springframework.core.convert.converter.Converter<OAuth2LoginAuthenticationToken,OAuth2AuthenticationToken> authenticationResultConverter)
      Sets the converter responsible for converting from OAuth2LoginAuthenticationToken to OAuth2AuthenticationToken authentication result.
      Parameters:
      authenticationResultConverter - the converter for OAuth2AuthenticationToken's
      Since:
      5.6