org.springframework.security.web.authentication

Class AuthenticationFilter

java.lang.Object

org.springframework.web.filter.GenericFilterBean

org.springframework.web.filter.OncePerRequestFilter

org.springframework.security.web.authentication.AuthenticationFilter

All Implemented Interfaces:

javax.servlet.Filter, org.springframework.beans.factory.Aware, org.springframework.beans.factory.BeanNameAware, org.springframework.beans.factory.DisposableBean, org.springframework.beans.factory.InitializingBean, org.springframework.context.EnvironmentAware, org.springframework.core.env.EnvironmentCapable, org.springframework.web.context.ServletContextAware

public class AuthenticationFilter
extends org.springframework.web.filter.OncePerRequestFilter

A Filter that performs authentication of a particular request. An outline of the logic:

• A request comes in and if it does not match setRequestMatcher(RequestMatcher), then this filter does nothing and the FilterChain is continued. If it does match then...
• An attempt to convert the HttpServletRequest into an Authentication is made. If the result is empty, then the filter does nothing more and the FilterChain is continued. If it does create an Authentication...
• The AuthenticationManager specified in #GenericAuthenticationFilter(AuthenticationManager) is used to perform authentication.
• The AuthenticationManagerResolver specified in #GenericAuthenticationFilter(AuthenticationManagerResolver) is used to resolve the appropriate authentication manager from context to perform authentication.
• If authentication is successful, AuthenticationSuccessHandler is invoked and the authentication is set on SecurityContextHolder, else AuthenticationFailureHandler is invoked

Since:

5.2.0

Field Summary

Fields inherited from class org.springframework.web.filter.OncePerRequestFilter

ALREADY_FILTERED_SUFFIX

Fields inherited from class org.springframework.web.filter.GenericFilterBean

logger

Constructor Summary

Constructors

Constructor and Description
AuthenticationFilter(org.springframework.security.authentication.AuthenticationManager authenticationManager, AuthenticationConverter authenticationConverter)
AuthenticationFilter(org.springframework.security.authentication.AuthenticationManagerResolver<javax.servlet.http.HttpServletRequest> authenticationManagerResolver, AuthenticationConverter authenticationConverter)

Method Summary

Modifier and Type	Method and Description
protected void	doFilterInternal(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, javax.servlet.FilterChain filterChain)
AuthenticationConverter	getAuthenticationConverter()
org.springframework.security.authentication.AuthenticationManagerResolver<javax.servlet.http.HttpServletRequest>	getAuthenticationManagerResolver()
AuthenticationFailureHandler	getFailureHandler()
RequestMatcher	getRequestMatcher()
AuthenticationSuccessHandler	getSuccessHandler()
void	setAuthenticationConverter(AuthenticationConverter authenticationConverter)
void	setAuthenticationManagerResolver(org.springframework.security.authentication.AuthenticationManagerResolver<javax.servlet.http.HttpServletRequest> authenticationManagerResolver)
void	setFailureHandler(AuthenticationFailureHandler failureHandler)
void	setRequestMatcher(RequestMatcher requestMatcher)
void	setSuccessHandler(AuthenticationSuccessHandler successHandler)

Methods inherited from class org.springframework.web.filter.OncePerRequestFilter

doFilter, doFilterNestedErrorDispatch, getAlreadyFilteredAttributeName, isAsyncDispatch, isAsyncStarted, shouldNotFilter, shouldNotFilterAsyncDispatch, shouldNotFilterErrorDispatch

Methods inherited from class org.springframework.web.filter.GenericFilterBean

addRequiredProperty, afterPropertiesSet, createEnvironment, destroy, getEnvironment, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

AuthenticationFilter

public AuthenticationFilter(org.springframework.security.authentication.AuthenticationManager authenticationManager,
                            AuthenticationConverter authenticationConverter)

AuthenticationFilter

public AuthenticationFilter(org.springframework.security.authentication.AuthenticationManagerResolver<javax.servlet.http.HttpServletRequest> authenticationManagerResolver,
                            AuthenticationConverter authenticationConverter)

Method Detail

getRequestMatcher

public RequestMatcher getRequestMatcher()

setRequestMatcher

public void setRequestMatcher(RequestMatcher requestMatcher)

getAuthenticationConverter

public AuthenticationConverter getAuthenticationConverter()

setAuthenticationConverter

public void setAuthenticationConverter(AuthenticationConverter authenticationConverter)

getSuccessHandler

public AuthenticationSuccessHandler getSuccessHandler()

setSuccessHandler

public void setSuccessHandler(AuthenticationSuccessHandler successHandler)

getFailureHandler

public AuthenticationFailureHandler getFailureHandler()

setFailureHandler

public void setFailureHandler(AuthenticationFailureHandler failureHandler)

getAuthenticationManagerResolver

public org.springframework.security.authentication.AuthenticationManagerResolver<javax.servlet.http.HttpServletRequest> getAuthenticationManagerResolver()

setAuthenticationManagerResolver

public void setAuthenticationManagerResolver(org.springframework.security.authentication.AuthenticationManagerResolver<javax.servlet.http.HttpServletRequest> authenticationManagerResolver)

doFilterInternal

protected void doFilterInternal(javax.servlet.http.HttpServletRequest request,
                                javax.servlet.http.HttpServletResponse response,
                                javax.servlet.FilterChain filterChain)
                         throws javax.servlet.ServletException,
                                java.io.IOException

Specified by:

doFilterInternal in class org.springframework.web.filter.OncePerRequestFilter

Throws:

javax.servlet.ServletException

java.io.IOException