Package org.springframework.security.web.authentication

Class AuthenticationFilter

  • All Implemented Interfaces:
    javax.servlet.Filter, org.springframework.beans.factory.Aware, org.springframework.beans.factory.BeanNameAware, org.springframework.beans.factory.DisposableBean, org.springframework.beans.factory.InitializingBean, org.springframework.context.EnvironmentAware, org.springframework.core.env.EnvironmentCapable, org.springframework.web.context.ServletContextAware
    public class AuthenticationFilter
extends org.springframework.web.filter.OncePerRequestFilter
    A Filter that performs authentication of a particular request. An outline of the logic:
    • A request comes in and if it does not match setRequestMatcher(RequestMatcher), then this filter does nothing and the FilterChain is continued. If it does match then...
    • An attempt to convert the HttpServletRequest into an Authentication is made. If the result is empty, then the filter does nothing more and the FilterChain is continued. If it does create an Authentication...
    • The AuthenticationManager specified in #GenericAuthenticationFilter(AuthenticationManager) is used to perform authentication.
    • The AuthenticationManagerResolver specified in #GenericAuthenticationFilter(AuthenticationManagerResolver) is used to resolve the appropriate authentication manager from context to perform authentication.
    • If authentication is successful, AuthenticationSuccessHandler is invoked and the authentication is set on SecurityContextHolder, else AuthenticationFailureHandler is invoked
    Since:
    5.2.0

    • Constructor Detail

      • AuthenticationFilter

        public AuthenticationFilter​(org.springframework.security.authentication.AuthenticationManager authenticationManager,
                            AuthenticationConverter authenticationConverter)

      • AuthenticationFilter

        public AuthenticationFilter​(org.springframework.security.authentication.AuthenticationManagerResolver<javax.servlet.http.HttpServletRequest> authenticationManagerResolver,
                            AuthenticationConverter authenticationConverter)

    • Method Detail

      • setRequestMatcher

        public void setRequestMatcher​(RequestMatcher requestMatcher)

      • setAuthenticationConverter

        public void setAuthenticationConverter​(AuthenticationConverter authenticationConverter)

      • getAuthenticationManagerResolver

        public org.springframework.security.authentication.AuthenticationManagerResolver<javax.servlet.http.HttpServletRequest> getAuthenticationManagerResolver()

      • setAuthenticationManagerResolver

        public void setAuthenticationManagerResolver​(org.springframework.security.authentication.AuthenticationManagerResolver<javax.servlet.http.HttpServletRequest> authenticationManagerResolver)

      • doFilterInternal

        protected void doFilterInternal​(javax.servlet.http.HttpServletRequest request,
                                javax.servlet.http.HttpServletResponse response,
                                javax.servlet.FilterChain filterChain)
                         throws javax.servlet.ServletException,
                                java.io.IOException
        Specified by:
        doFilterInternal in class org.springframework.web.filter.OncePerRequestFilter
        Throws:
        javax.servlet.ServletException
        java.io.IOException