AuthenticationWebFilter (spring-security-web 5.1.11.RELEASE API)

java.lang.Object
- org.springframework.security.web.server.authentication.AuthenticationWebFilter

All Implemented Interfaces:

org.springframework.web.server.WebFilter
```
public class AuthenticationWebFilter
extends java.lang.Object
implements org.springframework.web.server.WebFilter
```
A WebFilter that performs authentication of a particular request. An outline of the logic:
- A request comes in and if it does not match setRequiresAuthenticationMatcher(ServerWebExchangeMatcher), then this filter does nothing and the WebFilterChain is continued. If it does match then...
- An attempt to convert the ServerWebExchange into an Authentication is made. If the result is empty, then the filter does nothing more and the WebFilterChain is continued. If it does create an Authentication...
- The ReactiveAuthenticationManager specified in AuthenticationWebFilter(ReactiveAuthenticationManager) is used to perform authentication.
- If authentication is successful, ServerAuthenticationSuccessHandler is invoked and the authentication is set on ReactiveSecurityContextHolder, else ServerAuthenticationFailureHandler is invoked
Since:

5.0

Constructor Summary

Constructors
Constructor and Description

AuthenticationWebFilter(org.springframework.security.authentication.ReactiveAuthenticationManager authenticationManager)
Creates an instance

Constructors
Constructor and Description
`AuthenticationWebFilter(org.springframework.security.authentication.ReactiveAuthenticationManager authenticationManager)` Creates an instance

Method Summary

All Methods Instance Methods Concrete Methods Deprecated Methods
Modifier and Type	Method and Description
`reactor.core.publisher.Mono<java.lang.Void>`	`filter(org.springframework.web.server.ServerWebExchange exchange, org.springframework.web.server.WebFilterChain chain)`
`protected reactor.core.publisher.Mono<java.lang.Void>`	`onAuthenticationSuccess(org.springframework.security.core.Authentication authentication, WebFilterExchange webFilterExchange)`
`void`	`setAuthenticationConverter(java.util.function.Function<org.springframework.web.server.ServerWebExchange,reactor.core.publisher.Mono<org.springframework.security.core.Authentication>> authenticationConverter)` Deprecated. As of 5.1 in favor of `setServerAuthenticationConverter(ServerAuthenticationConverter)`
`void`	`setAuthenticationFailureHandler(ServerAuthenticationFailureHandler authenticationFailureHandler)` Sets the failure handler used when authentication fails.
`void`	`setAuthenticationSuccessHandler(ServerAuthenticationSuccessHandler authenticationSuccessHandler)` Sets the authentication success handler.
`void`	`setRequiresAuthenticationMatcher(ServerWebExchangeMatcher requiresAuthenticationMatcher)` Sets the matcher used to determine when creating an `Authentication` from `setServerAuthenticationConverter(ServerAuthenticationConverter)` to be authentication.
`void`	`setSecurityContextRepository(ServerSecurityContextRepository securityContextRepository)` Sets the repository for persisting the SecurityContext.
`void`	`setServerAuthenticationConverter(ServerAuthenticationConverter authenticationConverter)` Sets the strategy used for converting from a `ServerWebExchange` to an `Authentication` used for authenticating with the provided `ReactiveAuthenticationManager`.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - AuthenticationWebFilter
```
public AuthenticationWebFilter(org.springframework.security.authentication.ReactiveAuthenticationManager authenticationManager)
```
    Creates an instance
    
    Parameters:
    
    authenticationManager - the authentication manager to use
- Method Detail
  - filter
```
public reactor.core.publisher.Mono<java.lang.Void> filter(org.springframework.web.server.ServerWebExchange exchange,
                                                          org.springframework.web.server.WebFilterChain chain)
```
    Specified by:
    
    filter in interface org.springframework.web.server.WebFilter
  - onAuthenticationSuccess
```
protected reactor.core.publisher.Mono<java.lang.Void> onAuthenticationSuccess(org.springframework.security.core.Authentication authentication,
                                                                              WebFilterExchange webFilterExchange)
```
  - setSecurityContextRepository
```
public void setSecurityContextRepository(ServerSecurityContextRepository securityContextRepository)
```
    Sets the repository for persisting the SecurityContext. Default is NoOpServerSecurityContextRepository
    
    Parameters:
    
    securityContextRepository - the repository to use
  - setAuthenticationSuccessHandler
```
public void setAuthenticationSuccessHandler(ServerAuthenticationSuccessHandler authenticationSuccessHandler)
```
    Sets the authentication success handler. Default is WebFilterChainServerAuthenticationSuccessHandler
    
    Parameters:
    
    authenticationSuccessHandler - the success handler to use
  - setAuthenticationConverter
```
@Deprecated
public void setAuthenticationConverter(java.util.function.Function<org.springframework.web.server.ServerWebExchange,reactor.core.publisher.Mono<org.springframework.security.core.Authentication>> authenticationConverter)
```
    Deprecated. As of 5.1 in favor of setServerAuthenticationConverter(ServerAuthenticationConverter)
    
    Sets the strategy used for converting from a ServerWebExchange to an Authentication used for authenticating with the provided ReactiveAuthenticationManager. If the result is empty, then it signals that no authentication attempt should be made. The default converter is ServerHttpBasicAuthenticationConverter
    
    Parameters:
    
    authenticationConverter - the converter to use
    
    See Also:
    
    setServerAuthenticationConverter(ServerAuthenticationConverter)
  - setServerAuthenticationConverter
```
public void setServerAuthenticationConverter(ServerAuthenticationConverter authenticationConverter)
```
    Sets the strategy used for converting from a ServerWebExchange to an Authentication used for authenticating with the provided ReactiveAuthenticationManager. If the result is empty, then it signals that no authentication attempt should be made. The default converter is ServerHttpBasicAuthenticationConverter
    
    Parameters:
    
    authenticationConverter - the converter to use
    
    Since:
    
    5.1
  - setAuthenticationFailureHandler
```
public void setAuthenticationFailureHandler(ServerAuthenticationFailureHandler authenticationFailureHandler)
```
    Sets the failure handler used when authentication fails. The default is to prompt for basic authentication.
    
    Parameters:
    
    authenticationFailureHandler - the handler to use. Cannot be null.
  - setRequiresAuthenticationMatcher
```
public void setRequiresAuthenticationMatcher(ServerWebExchangeMatcher requiresAuthenticationMatcher)
```
    Sets the matcher used to determine when creating an Authentication from setServerAuthenticationConverter(ServerAuthenticationConverter) to be authentication. If the converter returns an empty result, then no authentication is attempted. The default is any request
    
    Parameters:
    
    requiresAuthenticationMatcher - the matcher to use. Cannot be null.

Class AuthenticationWebFilter

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Detail

AuthenticationWebFilter

Method Detail

filter

onAuthenticationSuccess

setSecurityContextRepository

setAuthenticationSuccessHandler

setAuthenticationConverter

setServerAuthenticationConverter

setAuthenticationFailureHandler

setRequiresAuthenticationMatcher