Package org.keycloak.adapters.springsecurity.filter

Class KeycloakAuthenticationProcessingFilter

  • All Implemented Interfaces:
    javax.servlet.Filter, org.springframework.beans.factory.Aware, org.springframework.beans.factory.BeanNameAware, org.springframework.beans.factory.DisposableBean, org.springframework.beans.factory.InitializingBean, org.springframework.context.ApplicationContextAware, org.springframework.context.ApplicationEventPublisherAware, org.springframework.context.EnvironmentAware, org.springframework.context.MessageSourceAware, org.springframework.core.env.EnvironmentCapable, org.springframework.web.context.ServletContextAware
    public class KeycloakAuthenticationProcessingFilter
extends org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
implements org.springframework.context.ApplicationContextAware
    Provides a Keycloak authentication processing filter.
    Version:
    $Revision: 1 $
    Author:
    Scott Rossillo

    • Field Summary

      Fields 
      Modifier and Type Field Description
      static String AUTHORIZATION_HEADER  
      static org.springframework.security.web.util.matcher.RequestMatcher DEFAULT_REQUEST_MATCHER
      Request matcher that matches requests to the default login URI and any request with a Authorization header or an adapter state cookie.

      • Fields inherited from class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

        authenticationDetailsSource, eventPublisher, messages

      • Fields inherited from class org.springframework.web.filter.GenericFilterBean

        logger

    • Constructor Summary

      Constructors 
      Constructor Description
      KeycloakAuthenticationProcessingFilter​(org.springframework.security.authentication.AuthenticationManager authenticationManager)
      Creates a new Keycloak authentication processing filter with given AuthenticationManager and the default request matcher.
      KeycloakAuthenticationProcessingFilter​(org.springframework.security.authentication.AuthenticationManager authenticationManager, org.springframework.security.web.util.matcher.RequestMatcher requiresAuthenticationRequestMatcher)
      Creates a new Keycloak authentication processing filter with given AuthenticationManager and RequestMatcher.

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      void afterPropertiesSet()  
      org.springframework.security.core.Authentication attemptAuthentication​(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)  
      void setAdapterTokenStoreFactory​(AdapterTokenStoreFactory adapterTokenStoreFactory)
      Sets the adapter token store factory to use when creating per-request adapter token stores.
      void setAllowSessionCreation​(boolean allowSessionCreation)
      This filter does not support explicitly enabling session creation.
      void setApplicationContext​(org.springframework.context.ApplicationContext applicationContext)  
      void setContinueChainBeforeSuccessfulAuthentication​(boolean continueChainBeforeSuccessfulAuthentication)
      This filter does not support explicitly setting a continue chain before success policy
      void setRequestAuthenticatorFactory​(RequestAuthenticatorFactory requestAuthenticatorFactory)
      Sets the request authenticator factory to use when creating per-request authenticators.
      protected void successfulAuthentication​(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, javax.servlet.FilterChain chain, org.springframework.security.core.Authentication authResult)  
      protected void unsuccessfulAuthentication​(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, org.springframework.security.core.AuthenticationException failed)  

      • Methods inherited from class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

        doFilter, getAllowSessionCreation, getAuthenticationManager, getFailureHandler, getRememberMeServices, getSuccessHandler, requiresAuthentication, setApplicationEventPublisher, setAuthenticationDetailsSource, setAuthenticationFailureHandler, setAuthenticationManager, setAuthenticationSuccessHandler, setFilterProcessesUrl, setMessageSource, setRememberMeServices, setRequiresAuthenticationRequestMatcher, setSessionAuthenticationStrategy

      • Methods inherited from class org.springframework.web.filter.GenericFilterBean

        addRequiredProperty, createEnvironment, destroy, getEnvironment, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext

    • Field Detail

      • DEFAULT_REQUEST_MATCHER

        public static final org.springframework.security.web.util.matcher.RequestMatcher DEFAULT_REQUEST_MATCHER
        Request matcher that matches requests to the default login URI and any request with a Authorization header or an adapter state cookie.

    • Constructor Detail

      • KeycloakAuthenticationProcessingFilter

        public KeycloakAuthenticationProcessingFilter​(org.springframework.security.authentication.AuthenticationManager authenticationManager)
        Creates a new Keycloak authentication processing filter with given AuthenticationManager and the default request matcher.
        Parameters:
        authenticationManager - the AuthenticationManager to authenticate requests (cannot be null)
        See Also:
        DEFAULT_REQUEST_MATCHER

      • KeycloakAuthenticationProcessingFilter

        public KeycloakAuthenticationProcessingFilter​(org.springframework.security.authentication.AuthenticationManager authenticationManager,
                                              org.springframework.security.web.util.matcher.RequestMatcher requiresAuthenticationRequestMatcher)
        Creates a new Keycloak authentication processing filter with given AuthenticationManager and RequestMatcher.

        Note: the given request matcher must support matching the Authorization header if bearer token authentication is to be accepted.

        Parameters:
        authenticationManager - the AuthenticationManager to authenticate requests (cannot be null)
        requiresAuthenticationRequestMatcher - the RequestMatcher used to determine if authentication is required (cannot be null)
        See Also:
        RequestHeaderRequestMatcher, OrRequestMatcher

    • Method Detail

      • afterPropertiesSet

        public void afterPropertiesSet()
        Specified by:
        afterPropertiesSet in interface org.springframework.beans.factory.InitializingBean
        Overrides:
        afterPropertiesSet in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

      • attemptAuthentication

        public org.springframework.security.core.Authentication attemptAuthentication​(javax.servlet.http.HttpServletRequest request,
                                                                              javax.servlet.http.HttpServletResponse response)
                                                                       throws org.springframework.security.core.AuthenticationException,
                                                                              IOException,
                                                                              javax.servlet.ServletException
        Specified by:
        attemptAuthentication in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
        Throws:
        org.springframework.security.core.AuthenticationException
        IOException
        javax.servlet.ServletException

      • successfulAuthentication

        protected void successfulAuthentication​(javax.servlet.http.HttpServletRequest request,
                                        javax.servlet.http.HttpServletResponse response,
                                        javax.servlet.FilterChain chain,
                                        org.springframework.security.core.Authentication authResult)
                                 throws IOException,
                                        javax.servlet.ServletException
        Overrides:
        successfulAuthentication in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
        Throws:
        IOException
        javax.servlet.ServletException

      • unsuccessfulAuthentication

        protected void unsuccessfulAuthentication​(javax.servlet.http.HttpServletRequest request,
                                          javax.servlet.http.HttpServletResponse response,
                                          org.springframework.security.core.AuthenticationException failed)
                                   throws IOException,
                                          javax.servlet.ServletException
        Overrides:
        unsuccessfulAuthentication in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
        Throws:
        IOException
        javax.servlet.ServletException

      • setApplicationContext

        public void setApplicationContext​(org.springframework.context.ApplicationContext applicationContext)
                           throws org.springframework.beans.BeansException
        Specified by:
        setApplicationContext in interface org.springframework.context.ApplicationContextAware
        Throws:
        org.springframework.beans.BeansException

      • setAdapterTokenStoreFactory

        public void setAdapterTokenStoreFactory​(AdapterTokenStoreFactory adapterTokenStoreFactory)
        Sets the adapter token store factory to use when creating per-request adapter token stores.
        Parameters:
        adapterTokenStoreFactory - the AdapterTokenStoreFactory to use

      • setAllowSessionCreation

        public final void setAllowSessionCreation​(boolean allowSessionCreation)
        This filter does not support explicitly enabling session creation.
        Overrides:
        setAllowSessionCreation in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
        Throws:
        UnsupportedOperationException - this filter does not support explicitly enabling session creation.

      • setContinueChainBeforeSuccessfulAuthentication

        public final void setContinueChainBeforeSuccessfulAuthentication​(boolean continueChainBeforeSuccessfulAuthentication)
        This filter does not support explicitly setting a continue chain before success policy
        Overrides:
        setContinueChainBeforeSuccessfulAuthentication in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
        Throws:
        UnsupportedOperationException - this filter does not support explicitly setting a continue chain before success policy

      • setRequestAuthenticatorFactory

        public void setRequestAuthenticatorFactory​(RequestAuthenticatorFactory requestAuthenticatorFactory)
        Sets the request authenticator factory to use when creating per-request authenticators.
        Parameters:
        requestAuthenticatorFactory - the RequestAuthenticatorFactory to use