org.springframework.security.oauth2.server.resource.web

Class BearerTokenAuthenticationFilter

java.lang.Object

org.springframework.web.filter.GenericFilterBean

org.springframework.web.filter.OncePerRequestFilter

org.springframework.security.oauth2.server.resource.web.BearerTokenAuthenticationFilter

All Implemented Interfaces:

javax.servlet.Filter, org.springframework.beans.factory.Aware, org.springframework.beans.factory.BeanNameAware, org.springframework.beans.factory.DisposableBean, org.springframework.beans.factory.InitializingBean, org.springframework.context.EnvironmentAware, org.springframework.core.env.EnvironmentCapable, org.springframework.web.context.ServletContextAware

public final class BearerTokenAuthenticationFilter
extends org.springframework.web.filter.OncePerRequestFilter

Authenticates requests that contain an OAuth 2.0 Bearer Token. This filter should be wired with an AuthenticationManager that can authenticate a BearerTokenAuthenticationToken.

Since:

5.1

See Also:

The OAuth 2.0 Authorization Framework: Bearer Token Usage, JwtAuthenticationProvider

Field Summary

Fields inherited from class org.springframework.web.filter.OncePerRequestFilter

ALREADY_FILTERED_SUFFIX

Fields inherited from class org.springframework.web.filter.GenericFilterBean

logger

Constructor Summary

Constructors

Constructor and Description
BearerTokenAuthenticationFilter(org.springframework.security.authentication.AuthenticationManager authenticationManager) Construct a BearerTokenAuthenticationFilter using the provided parameter(s)
BearerTokenAuthenticationFilter(org.springframework.security.authentication.AuthenticationManagerResolver<javax.servlet.http.HttpServletRequest> authenticationManagerResolver) Construct a BearerTokenAuthenticationFilter using the provided parameter(s)

Method Summary

Modifier and Type	Method and Description
protected void	doFilterInternal(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, javax.servlet.FilterChain filterChain) Extract any Bearer Token from the request and attempt an authentication.
void	setAuthenticationEntryPoint(org.springframework.security.web.AuthenticationEntryPoint authenticationEntryPoint) Set the AuthenticationEntryPoint to use.
void	setAuthenticationFailureHandler(org.springframework.security.web.authentication.AuthenticationFailureHandler authenticationFailureHandler) Set the AuthenticationFailureHandler to use.
void	setBearerTokenResolver(BearerTokenResolver bearerTokenResolver) Set the BearerTokenResolver to use.

Methods inherited from class org.springframework.web.filter.OncePerRequestFilter

doFilter, doFilterNestedErrorDispatch, getAlreadyFilteredAttributeName, isAsyncDispatch, isAsyncStarted, shouldNotFilter, shouldNotFilterAsyncDispatch, shouldNotFilterErrorDispatch

Methods inherited from class org.springframework.web.filter.GenericFilterBean

addRequiredProperty, afterPropertiesSet, createEnvironment, destroy, getEnvironment, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

BearerTokenAuthenticationFilter

public BearerTokenAuthenticationFilter(org.springframework.security.authentication.AuthenticationManagerResolver<javax.servlet.http.HttpServletRequest> authenticationManagerResolver)

Construct a BearerTokenAuthenticationFilter using the provided parameter(s)

Parameters:

authenticationManagerResolver -

BearerTokenAuthenticationFilter

public BearerTokenAuthenticationFilter(org.springframework.security.authentication.AuthenticationManager authenticationManager)

Construct a BearerTokenAuthenticationFilter using the provided parameter(s)

Parameters:

authenticationManager -

Method Detail

doFilterInternal

protected void doFilterInternal(javax.servlet.http.HttpServletRequest request,
                                javax.servlet.http.HttpServletResponse response,
                                javax.servlet.FilterChain filterChain)
                         throws javax.servlet.ServletException,
                                java.io.IOException

Extract any Bearer Token from the request and attempt an authentication.

Specified by:

doFilterInternal in class org.springframework.web.filter.OncePerRequestFilter

Parameters:

request -

response -

filterChain -

Throws:

javax.servlet.ServletException

java.io.IOException

setBearerTokenResolver

public void setBearerTokenResolver(BearerTokenResolver bearerTokenResolver)

Set the BearerTokenResolver to use. Defaults to DefaultBearerTokenResolver.

Parameters:

bearerTokenResolver - the BearerTokenResolver to use

setAuthenticationEntryPoint

public void setAuthenticationEntryPoint(org.springframework.security.web.AuthenticationEntryPoint authenticationEntryPoint)

Set the AuthenticationEntryPoint to use. Defaults to BearerTokenAuthenticationEntryPoint.

Parameters:

authenticationEntryPoint - the AuthenticationEntryPoint to use

setAuthenticationFailureHandler

public void setAuthenticationFailureHandler(org.springframework.security.web.authentication.AuthenticationFailureHandler authenticationFailureHandler)

Set the AuthenticationFailureHandler to use. Default implementation invokes AuthenticationEntryPoint.

Parameters:

authenticationFailureHandler - the AuthenticationFailureHandler to use

Since:

5.2