Package org.keycloak.adapters.springsecurity.filter

Class KeycloakAuthenticationProcessingFilter

java.lang.Object
org.springframework.web.filter.GenericFilterBean
org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
org.keycloak.adapters.springsecurity.filter.KeycloakAuthenticationProcessingFilter
All Implemented Interfaces:
javax.servlet.Filter, org.springframework.beans.factory.Aware, org.springframework.beans.factory.BeanNameAware, org.springframework.beans.factory.DisposableBean, org.springframework.beans.factory.InitializingBean, org.springframework.context.ApplicationContextAware, org.springframework.context.ApplicationEventPublisherAware, org.springframework.context.EnvironmentAware, org.springframework.context.MessageSourceAware, org.springframework.core.env.EnvironmentCapable, org.springframework.web.context.ServletContextAware
public class KeycloakAuthenticationProcessingFilter extends org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter implements org.springframework.context.ApplicationContextAware
Provides a Keycloak authentication processing filter.
Version:
$Revision: 1 $
Author:
Scott Rossillo

  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    static final String
    AUTHORIZATION_HEADER
     
    static final org.springframework.security.web.util.matcher.RequestMatcher
    DEFAULT_REQUEST_MATCHER
    Request matcher that matches requests to the default login URI and any request with a Authorization header or an adapter state cookie.

    Fields inherited from class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

    authenticationDetailsSource, eventPublisher, messages

    Fields inherited from class org.springframework.web.filter.GenericFilterBean

    logger

  • Constructor Summary

    Constructors
    Constructor
    Description
    KeycloakAuthenticationProcessingFilter(org.springframework.security.authentication.AuthenticationManager authenticationManager)
    Creates a new Keycloak authentication processing filter with given AuthenticationManager and the default request matcher.
    KeycloakAuthenticationProcessingFilter(org.springframework.security.authentication.AuthenticationManager authenticationManager, org.springframework.security.web.util.matcher.RequestMatcher requiresAuthenticationRequestMatcher)
    Creates a new Keycloak authentication processing filter with given AuthenticationManager and RequestMatcher.

  • Method Summary

    Modifier and Type
    Method
    Description
    void
    afterPropertiesSet()
     
    org.springframework.security.core.Authentication
    attemptAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
     
    void
    setAdapterTokenStoreFactory(AdapterTokenStoreFactory adapterTokenStoreFactory)
    Sets the adapter token store factory to use when creating per-request adapter token stores.
    final void
    setAllowSessionCreation(boolean allowSessionCreation)
    This filter does not support explicitly enabling session creation.
    void
    setApplicationContext(org.springframework.context.ApplicationContext applicationContext)
     
    final void
    setContinueChainBeforeSuccessfulAuthentication(boolean continueChainBeforeSuccessfulAuthentication)
    This filter does not support explicitly setting a continue chain before success policy
    void
    setRequestAuthenticatorFactory(RequestAuthenticatorFactory requestAuthenticatorFactory)
    Sets the request authenticator factory to use when creating per-request authenticators.
    protected void
    successfulAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, javax.servlet.FilterChain chain, org.springframework.security.core.Authentication authResult)
     
    protected void
    unsuccessfulAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, org.springframework.security.core.AuthenticationException failed)
     

    Methods inherited from class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

    doFilter, getAllowSessionCreation, getAuthenticationManager, getFailureHandler, getRememberMeServices, getSuccessHandler, requiresAuthentication, setApplicationEventPublisher, setAuthenticationDetailsSource, setAuthenticationFailureHandler, setAuthenticationManager, setAuthenticationSuccessHandler, setFilterProcessesUrl, setMessageSource, setRememberMeServices, setRequiresAuthenticationRequestMatcher, setSessionAuthenticationStrategy

    Methods inherited from class org.springframework.web.filter.GenericFilterBean

    addRequiredProperty, createEnvironment, destroy, getEnvironment, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Field Details

    • AUTHORIZATION_HEADER

      public static final String AUTHORIZATION_HEADER
      See Also:

    • DEFAULT_REQUEST_MATCHER

      public static final org.springframework.security.web.util.matcher.RequestMatcher DEFAULT_REQUEST_MATCHER
      Request matcher that matches requests to the default login URI and any request with a Authorization header or an adapter state cookie.

  • Constructor Details

    • KeycloakAuthenticationProcessingFilter

      public KeycloakAuthenticationProcessingFilter(org.springframework.security.authentication.AuthenticationManager authenticationManager)
      Creates a new Keycloak authentication processing filter with given AuthenticationManager and the default request matcher.
      Parameters:
      authenticationManager - the AuthenticationManager to authenticate requests (cannot be null)
      See Also:

    • KeycloakAuthenticationProcessingFilter

      public KeycloakAuthenticationProcessingFilter(org.springframework.security.authentication.AuthenticationManager authenticationManager, org.springframework.security.web.util.matcher.RequestMatcher requiresAuthenticationRequestMatcher)
      Creates a new Keycloak authentication processing filter with given AuthenticationManager and RequestMatcher.

      Note: the given request matcher must support matching the Authorization header if bearer token authentication is to be accepted.

      Parameters:
      authenticationManager - the AuthenticationManager to authenticate requests (cannot be null)
      requiresAuthenticationRequestMatcher - the RequestMatcher used to determine if authentication is required (cannot be null)
      See Also:
      • RequestHeaderRequestMatcher
      • OrRequestMatcher

  • Method Details

    • afterPropertiesSet

      public void afterPropertiesSet()
      Specified by:
      afterPropertiesSet in interface org.springframework.beans.factory.InitializingBean
      Overrides:
      afterPropertiesSet in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

    • attemptAuthentication

      public org.springframework.security.core.Authentication attemptAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws org.springframework.security.core.AuthenticationException, IOException, javax.servlet.ServletException
      Specified by:
      attemptAuthentication in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
      Throws:
      org.springframework.security.core.AuthenticationException
      IOException
      javax.servlet.ServletException

    • successfulAuthentication

      protected void successfulAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, javax.servlet.FilterChain chain, org.springframework.security.core.Authentication authResult) throws IOException, javax.servlet.ServletException
      Overrides:
      successfulAuthentication in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
      Throws:
      IOException
      javax.servlet.ServletException

    • unsuccessfulAuthentication

      protected void unsuccessfulAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, org.springframework.security.core.AuthenticationException failed) throws IOException, javax.servlet.ServletException
      Overrides:
      unsuccessfulAuthentication in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
      Throws:
      IOException
      javax.servlet.ServletException

    • setApplicationContext

      public void setApplicationContext(org.springframework.context.ApplicationContext applicationContext) throws org.springframework.beans.BeansException
      Specified by:
      setApplicationContext in interface org.springframework.context.ApplicationContextAware
      Throws:
      org.springframework.beans.BeansException

    • setAdapterTokenStoreFactory

      public void setAdapterTokenStoreFactory(AdapterTokenStoreFactory adapterTokenStoreFactory)
      Sets the adapter token store factory to use when creating per-request adapter token stores.
      Parameters:
      adapterTokenStoreFactory - the AdapterTokenStoreFactory to use

    • setAllowSessionCreation

      public final void setAllowSessionCreation(boolean allowSessionCreation)
      This filter does not support explicitly enabling session creation.
      Overrides:
      setAllowSessionCreation in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
      Throws:
      UnsupportedOperationException - this filter does not support explicitly enabling session creation.

    • setContinueChainBeforeSuccessfulAuthentication

      public final void setContinueChainBeforeSuccessfulAuthentication(boolean continueChainBeforeSuccessfulAuthentication)
      This filter does not support explicitly setting a continue chain before success policy
      Overrides:
      setContinueChainBeforeSuccessfulAuthentication in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
      Throws:
      UnsupportedOperationException - this filter does not support explicitly setting a continue chain before success policy

    • setRequestAuthenticatorFactory

      public void setRequestAuthenticatorFactory(RequestAuthenticatorFactory requestAuthenticatorFactory)
      Sets the request authenticator factory to use when creating per-request authenticators.
      Parameters:
      requestAuthenticatorFactory - the RequestAuthenticatorFactory to use