Class OAuth2AuthorizationRequestRedirectFilter
java.lang.Object
org.springframework.web.filter.GenericFilterBean
org.springframework.web.filter.OncePerRequestFilter
org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter
- All Implemented Interfaces:
jakarta.servlet.Filter,org.springframework.beans.factory.Aware,org.springframework.beans.factory.BeanNameAware,org.springframework.beans.factory.DisposableBean,org.springframework.beans.factory.InitializingBean,org.springframework.context.EnvironmentAware,org.springframework.core.env.EnvironmentCapable,org.springframework.web.context.ServletContextAware
public class OAuth2AuthorizationRequestRedirectFilter
extends org.springframework.web.filter.OncePerRequestFilter
This
Filter initiates the authorization code grant flow by redirecting the
End-User's user-agent to the Authorization Server's Authorization Endpoint.
It builds the OAuth 2.0 Authorization Request, which is used as the redirect
URI to the Authorization Endpoint. The redirect URI will include the
client identifier, requested scope(s), state, response type, and a redirection URI
which the authorization server will send the user-agent back to once access is granted
(or denied) by the End-User (Resource Owner).
By default, this Filter responds to authorization requests at the URI
/oauth2/authorization/{registrationId} using the default
OAuth2AuthorizationRequestResolver. The URI template variable
{registrationId} represents the registration identifier of the client that is used for initiating the OAuth 2.0
Authorization Request.
The default base URI /oauth2/authorization may be overridden via the
constructor
OAuth2AuthorizationRequestRedirectFilter(ClientRegistrationRepository, String),
or alternatively, an OAuth2AuthorizationRequestResolver may be provided to the
constructor
OAuth2AuthorizationRequestRedirectFilter(OAuth2AuthorizationRequestResolver)
to override the resolving of authorization requests.
- Since:
- 5.0
- See Also:
-
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final StringThe default baseURIused for authorization requests.Fields inherited from class org.springframework.web.filter.OncePerRequestFilter
ALREADY_FILTERED_SUFFIXFields inherited from class org.springframework.web.filter.GenericFilterBean
logger -
Constructor Summary
ConstructorsConstructorDescriptionOAuth2AuthorizationRequestRedirectFilter(ClientRegistrationRepository clientRegistrationRepository) Constructs anOAuth2AuthorizationRequestRedirectFilterusing the provided parameters.OAuth2AuthorizationRequestRedirectFilter(ClientRegistrationRepository clientRegistrationRepository, String authorizationRequestBaseUri) Constructs anOAuth2AuthorizationRequestRedirectFilterusing the provided parameters.OAuth2AuthorizationRequestRedirectFilter(OAuth2AuthorizationRequestResolver authorizationRequestResolver) Constructs anOAuth2AuthorizationRequestRedirectFilterusing the provided parameters. -
Method Summary
Modifier and TypeMethodDescriptionprotected voiddoFilterInternal(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, jakarta.servlet.FilterChain filterChain) voidsetAuthenticationFailureHandler(org.springframework.security.web.authentication.AuthenticationFailureHandler authenticationFailureHandler) Sets theAuthenticationFailureHandlerused to handle errors redirecting to the Authorization Server's Authorization Endpoint.voidsetAuthorizationRedirectStrategy(org.springframework.security.web.RedirectStrategy authorizationRedirectStrategy) Sets the redirect strategy for Authorization Endpoint redirect URI.final voidsetAuthorizationRequestRepository(AuthorizationRequestRepository<org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest> authorizationRequestRepository) Sets the repository used for storingOAuth2AuthorizationRequest's.final voidsetRequestCache(org.springframework.security.web.savedrequest.RequestCache requestCache) Sets theRequestCacheused for storing the current request before redirecting the OAuth 2.0 Authorization Request.Methods inherited from class org.springframework.web.filter.OncePerRequestFilter
doFilter, doFilterNestedErrorDispatch, getAlreadyFilteredAttributeName, isAsyncDispatch, isAsyncStarted, shouldNotFilter, shouldNotFilterAsyncDispatch, shouldNotFilterErrorDispatchMethods inherited from class org.springframework.web.filter.GenericFilterBean
addRequiredProperty, afterPropertiesSet, createEnvironment, destroy, getEnvironment, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext
-
Field Details
-
DEFAULT_AUTHORIZATION_REQUEST_BASE_URI
The default baseURIused for authorization requests.- See Also:
-
-
Constructor Details
-
OAuth2AuthorizationRequestRedirectFilter
public OAuth2AuthorizationRequestRedirectFilter(ClientRegistrationRepository clientRegistrationRepository) Constructs anOAuth2AuthorizationRequestRedirectFilterusing the provided parameters.- Parameters:
clientRegistrationRepository- the repository of client registrations
-
OAuth2AuthorizationRequestRedirectFilter
public OAuth2AuthorizationRequestRedirectFilter(ClientRegistrationRepository clientRegistrationRepository, String authorizationRequestBaseUri) Constructs anOAuth2AuthorizationRequestRedirectFilterusing the provided parameters.- Parameters:
clientRegistrationRepository- the repository of client registrationsauthorizationRequestBaseUri- the baseURIused for authorization requests
-
OAuth2AuthorizationRequestRedirectFilter
public OAuth2AuthorizationRequestRedirectFilter(OAuth2AuthorizationRequestResolver authorizationRequestResolver) Constructs anOAuth2AuthorizationRequestRedirectFilterusing the provided parameters.- Parameters:
authorizationRequestResolver- the resolver used for resolving authorization requests- Since:
- 5.1
-
-
Method Details
-
setAuthorizationRedirectStrategy
public void setAuthorizationRedirectStrategy(org.springframework.security.web.RedirectStrategy authorizationRedirectStrategy) Sets the redirect strategy for Authorization Endpoint redirect URI.- Parameters:
authorizationRedirectStrategy- the redirect strategy
-
setAuthorizationRequestRepository
public final void setAuthorizationRequestRepository(AuthorizationRequestRepository<org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest> authorizationRequestRepository) Sets the repository used for storingOAuth2AuthorizationRequest's.- Parameters:
authorizationRequestRepository- the repository used for storingOAuth2AuthorizationRequest's
-
setRequestCache
public final void setRequestCache(org.springframework.security.web.savedrequest.RequestCache requestCache) Sets theRequestCacheused for storing the current request before redirecting the OAuth 2.0 Authorization Request.- Parameters:
requestCache- the cache used for storing the current request
-
setAuthenticationFailureHandler
public void setAuthenticationFailureHandler(org.springframework.security.web.authentication.AuthenticationFailureHandler authenticationFailureHandler) Sets theAuthenticationFailureHandlerused to handle errors redirecting to the Authorization Server's Authorization Endpoint.- Parameters:
authenticationFailureHandler- theAuthenticationFailureHandlerused to handle errors redirecting to the Authorization Server's Authorization Endpoint- Since:
- 6.3
-
doFilterInternal
protected void doFilterInternal(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, jakarta.servlet.FilterChain filterChain) throws jakarta.servlet.ServletException, IOException - Specified by:
doFilterInternalin classorg.springframework.web.filter.OncePerRequestFilter- Throws:
jakarta.servlet.ServletExceptionIOException
-