Package org.springframework.security.web.server.authentication

Class AuthenticationWebFilter

java.lang.Object

org.springframework.security.web.server.authentication.AuthenticationWebFilter

All Implemented Interfaces:

org.springframework.web.server.WebFilter

public class AuthenticationWebFilter
extends java.lang.Object
implements org.springframework.web.server.WebFilter

A WebFilter that performs authentication of a particular request. An outline of the logic:

• A request comes in and if it does not match setRequiresAuthenticationMatcher(ServerWebExchangeMatcher), then this filter does nothing and the WebFilterChain is continued. If it does match then...
• An attempt to convert the ServerWebExchange into an Authentication is made. If the result is empty, then the filter does nothing more and the WebFilterChain is continued. If it does create an Authentication...
• The ReactiveAuthenticationManager specified in AuthenticationWebFilter(ReactiveAuthenticationManager) is used to perform authentication.
• The ReactiveAuthenticationManagerResolver specified in AuthenticationWebFilter(ReactiveAuthenticationManagerResolver) is used to resolve the appropriate authentication manager from context to perform authentication.
• If authentication is successful, ServerAuthenticationSuccessHandler is invoked and the authentication is set on ReactiveSecurityContextHolder, else ServerAuthenticationFailureHandler is invoked

Since:

5.0

Constructor Summary

Constructors

Constructor	Description
AuthenticationWebFilter(org.springframework.security.authentication.ReactiveAuthenticationManager authenticationManager)	Creates an instance
AuthenticationWebFilter(org.springframework.security.authentication.ReactiveAuthenticationManagerResolver<org.springframework.web.server.ServerWebExchange> authenticationManagerResolver)	Creates an instance

Method Summary

Modifier and Type	Method	Description
reactor.core.publisher.Mono<java.lang.Void>	filter(org.springframework.web.server.ServerWebExchange exchange, org.springframework.web.server.WebFilterChain chain)
protected reactor.core.publisher.Mono<java.lang.Void>	onAuthenticationSuccess(org.springframework.security.core.Authentication authentication, WebFilterExchange webFilterExchange)
void	setAuthenticationConverter(java.util.function.Function<org.springframework.web.server.ServerWebExchange,reactor.core.publisher.Mono<org.springframework.security.core.Authentication>> authenticationConverter)	Deprecated. As of 5.1 in favor of setServerAuthenticationConverter(ServerAuthenticationConverter)
void	setAuthenticationFailureHandler(ServerAuthenticationFailureHandler authenticationFailureHandler)	Sets the failure handler used when authentication fails.
void	setAuthenticationSuccessHandler(ServerAuthenticationSuccessHandler authenticationSuccessHandler)	Sets the authentication success handler.
void	setRequiresAuthenticationMatcher(ServerWebExchangeMatcher requiresAuthenticationMatcher)	Sets the matcher used to determine when creating an Authentication from setServerAuthenticationConverter(ServerAuthenticationConverter) to be authentication.
void	setSecurityContextRepository(ServerSecurityContextRepository securityContextRepository)	Sets the repository for persisting the SecurityContext.
void	setServerAuthenticationConverter(ServerAuthenticationConverter authenticationConverter)	Sets the strategy used for converting from a ServerWebExchange to an Authentication used for authenticating with the provided ReactiveAuthenticationManager.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

AuthenticationWebFilter

public AuthenticationWebFilter(org.springframework.security.authentication.ReactiveAuthenticationManager authenticationManager)

Creates an instance

Parameters:

authenticationManager - the authentication manager to use

AuthenticationWebFilter

public AuthenticationWebFilter(org.springframework.security.authentication.ReactiveAuthenticationManagerResolver<org.springframework.web.server.ServerWebExchange> authenticationManagerResolver)

Creates an instance

Parameters:

authenticationManagerResolver - the authentication manager resolver to use

Since:

5.3

Method Detail

filter

public reactor.core.publisher.Mono<java.lang.Void> filter(org.springframework.web.server.ServerWebExchange exchange,
                                                          org.springframework.web.server.WebFilterChain chain)

Specified by:

filter in interface org.springframework.web.server.WebFilter

onAuthenticationSuccess

protected reactor.core.publisher.Mono<java.lang.Void> onAuthenticationSuccess(org.springframework.security.core.Authentication authentication,
                                                                              WebFilterExchange webFilterExchange)

setSecurityContextRepository

public void setSecurityContextRepository(ServerSecurityContextRepository securityContextRepository)

Sets the repository for persisting the SecurityContext. Default is NoOpServerSecurityContextRepository

Parameters:

securityContextRepository - the repository to use

setAuthenticationSuccessHandler

public void setAuthenticationSuccessHandler(ServerAuthenticationSuccessHandler authenticationSuccessHandler)

Sets the authentication success handler. Default is WebFilterChainServerAuthenticationSuccessHandler

Parameters:

authenticationSuccessHandler - the success handler to use

setAuthenticationConverter

@Deprecated
public void setAuthenticationConverter(java.util.function.Function<org.springframework.web.server.ServerWebExchange,reactor.core.publisher.Mono<org.springframework.security.core.Authentication>> authenticationConverter)

Deprecated.

As of 5.1 in favor of setServerAuthenticationConverter(ServerAuthenticationConverter)

Sets the strategy used for converting from a ServerWebExchange to an Authentication used for authenticating with the provided ReactiveAuthenticationManager. If the result is empty, then it signals that no authentication attempt should be made. The default converter is ServerHttpBasicAuthenticationConverter

Parameters:

authenticationConverter - the converter to use

See Also:

setServerAuthenticationConverter(ServerAuthenticationConverter)

setServerAuthenticationConverter

public void setServerAuthenticationConverter(ServerAuthenticationConverter authenticationConverter)

Sets the strategy used for converting from a ServerWebExchange to an Authentication used for authenticating with the provided ReactiveAuthenticationManager. If the result is empty, then it signals that no authentication attempt should be made. The default converter is ServerHttpBasicAuthenticationConverter

Parameters:

authenticationConverter - the converter to use

Since:

5.1

setAuthenticationFailureHandler

public void setAuthenticationFailureHandler(ServerAuthenticationFailureHandler authenticationFailureHandler)

Sets the failure handler used when authentication fails. The default is to prompt for basic authentication.

Parameters:

authenticationFailureHandler - the handler to use. Cannot be null.

setRequiresAuthenticationMatcher

public void setRequiresAuthenticationMatcher(ServerWebExchangeMatcher requiresAuthenticationMatcher)

Sets the matcher used to determine when creating an Authentication from setServerAuthenticationConverter(ServerAuthenticationConverter) to be authentication. If the converter returns an empty result, then no authentication is attempted. The default is any request

Parameters:

requiresAuthenticationMatcher - the matcher to use. Cannot be null.