Package org.springframework.security.oauth2.server.resource.web.authentication

Class BearerTokenAuthenticationFilter

java.lang.Object
org.springframework.web.filter.GenericFilterBean
org.springframework.web.filter.OncePerRequestFilter
org.springframework.security.oauth2.server.resource.web.authentication.BearerTokenAuthenticationFilter
All Implemented Interfaces:
jakarta.servlet.Filter, org.springframework.beans.factory.Aware, org.springframework.beans.factory.BeanNameAware, org.springframework.beans.factory.DisposableBean, org.springframework.beans.factory.InitializingBean, org.springframework.context.EnvironmentAware, org.springframework.core.env.EnvironmentCapable, org.springframework.web.context.ServletContextAware
Direct Known Subclasses:
BearerTokenAuthenticationFilter
public class BearerTokenAuthenticationFilter extends org.springframework.web.filter.OncePerRequestFilter
Authenticates requests that contain an OAuth 2.0 Bearer Token. This filter should be wired with an AuthenticationManager that can authenticate a BearerTokenAuthenticationToken.
Since:
5.1
See Also:

  • Field Summary

    Fields inherited from class org.springframework.web.filter.OncePerRequestFilter

    ALREADY_FILTERED_SUFFIX

    Fields inherited from class org.springframework.web.filter.GenericFilterBean

    logger

  • Constructor Summary

    Constructors
    Constructor
    Description
    BearerTokenAuthenticationFilter(org.springframework.security.authentication.AuthenticationManager authenticationManager)
    Construct a BearerTokenAuthenticationFilter using the provided parameter(s)
    BearerTokenAuthenticationFilter(org.springframework.security.authentication.AuthenticationManagerResolver<jakarta.servlet.http.HttpServletRequest> authenticationManagerResolver)
    Construct a BearerTokenAuthenticationFilter using the provided parameter(s)

  • Method Summary

    Modifier and Type
    Method
    Description
    protected void
    doFilterInternal(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, jakarta.servlet.FilterChain filterChain)
    Extract any Bearer Token from the request and attempt an authentication.
    void
    setAuthenticationDetailsSource(org.springframework.security.authentication.AuthenticationDetailsSource<jakarta.servlet.http.HttpServletRequest,?> authenticationDetailsSource)
    Set the AuthenticationDetailsSource to use.
    void
    setAuthenticationEntryPoint(org.springframework.security.web.AuthenticationEntryPoint authenticationEntryPoint)
    Set the AuthenticationEntryPoint to use.
    void
    setAuthenticationFailureHandler(org.springframework.security.web.authentication.AuthenticationFailureHandler authenticationFailureHandler)
    Set the AuthenticationFailureHandler to use.
    void
    setBearerTokenResolver(BearerTokenResolver bearerTokenResolver)
    Set the BearerTokenResolver to use.
    void
    setSecurityContextHolderStrategy(org.springframework.security.core.context.SecurityContextHolderStrategy securityContextHolderStrategy)
    Sets the SecurityContextHolderStrategy to use.
    void
    setSecurityContextRepository(org.springframework.security.web.context.SecurityContextRepository securityContextRepository)
    Sets the SecurityContextRepository to save the SecurityContext on authentication success.

    Methods inherited from class org.springframework.web.filter.OncePerRequestFilter

    doFilter, doFilterNestedErrorDispatch, getAlreadyFilteredAttributeName, isAsyncDispatch, isAsyncStarted, shouldNotFilter, shouldNotFilterAsyncDispatch, shouldNotFilterErrorDispatch

    Methods inherited from class org.springframework.web.filter.GenericFilterBean

    addRequiredProperty, afterPropertiesSet, createEnvironment, destroy, getEnvironment, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Constructor Details

    • BearerTokenAuthenticationFilter

      public BearerTokenAuthenticationFilter(org.springframework.security.authentication.AuthenticationManagerResolver<jakarta.servlet.http.HttpServletRequest> authenticationManagerResolver)
      Construct a BearerTokenAuthenticationFilter using the provided parameter(s)
      Parameters:
      authenticationManagerResolver -

    • BearerTokenAuthenticationFilter

      public BearerTokenAuthenticationFilter(org.springframework.security.authentication.AuthenticationManager authenticationManager)
      Construct a BearerTokenAuthenticationFilter using the provided parameter(s)
      Parameters:
      authenticationManager -

  • Method Details

    • doFilterInternal

      protected void doFilterInternal(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, jakarta.servlet.FilterChain filterChain) throws jakarta.servlet.ServletException, IOException
      Extract any Bearer Token from the request and attempt an authentication.
      Specified by:
      doFilterInternal in class org.springframework.web.filter.OncePerRequestFilter
      Parameters:
      request -
      response -
      filterChain -
      Throws:
      jakarta.servlet.ServletException
      IOException

    • setSecurityContextHolderStrategy

      public void setSecurityContextHolderStrategy(org.springframework.security.core.context.SecurityContextHolderStrategy securityContextHolderStrategy)
      Sets the SecurityContextHolderStrategy to use. The default action is to use the SecurityContextHolderStrategy stored in SecurityContextHolder.
      Since:
      5.8

    • setSecurityContextRepository

      public void setSecurityContextRepository(org.springframework.security.web.context.SecurityContextRepository securityContextRepository)
      Sets the SecurityContextRepository to save the SecurityContext on authentication success. The default action is not to save the SecurityContext.
      Parameters:
      securityContextRepository - the SecurityContextRepository to use. Cannot be null.

    • setBearerTokenResolver

      public void setBearerTokenResolver(BearerTokenResolver bearerTokenResolver)
      Set the BearerTokenResolver to use. Defaults to DefaultBearerTokenResolver.
      Parameters:
      bearerTokenResolver - the BearerTokenResolver to use

    • setAuthenticationEntryPoint

      public void setAuthenticationEntryPoint(org.springframework.security.web.AuthenticationEntryPoint authenticationEntryPoint)
      Set the AuthenticationEntryPoint to use. Defaults to BearerTokenAuthenticationEntryPoint.
      Parameters:
      authenticationEntryPoint - the AuthenticationEntryPoint to use

    • setAuthenticationFailureHandler

      public void setAuthenticationFailureHandler(org.springframework.security.web.authentication.AuthenticationFailureHandler authenticationFailureHandler)
      Set the AuthenticationFailureHandler to use. Default implementation invokes AuthenticationEntryPoint.
      Parameters:
      authenticationFailureHandler - the AuthenticationFailureHandler to use
      Since:
      5.2

    • setAuthenticationDetailsSource

      public void setAuthenticationDetailsSource(org.springframework.security.authentication.AuthenticationDetailsSource<jakarta.servlet.http.HttpServletRequest,?> authenticationDetailsSource)
      Set the AuthenticationDetailsSource to use. Defaults to WebAuthenticationDetailsSource.
      Parameters:
      authenticationDetailsSource - the AuthenticationConverter to use
      Since:
      5.5