Class AuthenticationFilter
java.lang.Object
org.springframework.web.filter.GenericFilterBean
org.springframework.web.filter.OncePerRequestFilter
org.springframework.security.web.authentication.AuthenticationFilter
- All Implemented Interfaces:
jakarta.servlet.Filter,org.springframework.beans.factory.Aware,org.springframework.beans.factory.BeanNameAware,org.springframework.beans.factory.DisposableBean,org.springframework.beans.factory.InitializingBean,org.springframework.context.EnvironmentAware,org.springframework.core.env.EnvironmentCapable,org.springframework.web.context.ServletContextAware
public class AuthenticationFilter
extends org.springframework.web.filter.OncePerRequestFilter
A
Filter that performs authentication of a particular request. An outline of
the logic:
- A request comes in and if it does not match
setRequestMatcher(RequestMatcher), then this filter does nothing and theFilterChainis continued. If it does match then... - An attempt to convert the
HttpServletRequestinto anAuthenticationis made. If the result is empty, then the filter does nothing more and theFilterChainis continued. If it does create anAuthentication... - The
AuthenticationManagerspecified inAuthenticationFilter(AuthenticationManager, AuthenticationConverter)is used to perform authentication. - The
AuthenticationManagerResolverspecified inAuthenticationFilter(AuthenticationManagerResolver, AuthenticationConverter)is used to resolve the appropriate authentication manager from context to perform authentication. - If authentication is successful,
AuthenticationSuccessHandleris invoked and the authentication is set onSecurityContextHolder, elseAuthenticationFailureHandleris invoked
- Since:
- 5.2.0
-
Field Summary
Fields inherited from class org.springframework.web.filter.OncePerRequestFilter
ALREADY_FILTERED_SUFFIXFields inherited from class org.springframework.web.filter.GenericFilterBean
logger -
Constructor Summary
ConstructorsConstructorDescriptionAuthenticationFilter(org.springframework.security.authentication.AuthenticationManagerResolver<jakarta.servlet.http.HttpServletRequest> authenticationManagerResolver, AuthenticationConverter authenticationConverter) AuthenticationFilter(org.springframework.security.authentication.AuthenticationManager authenticationManager, AuthenticationConverter authenticationConverter) -
Method Summary
Modifier and TypeMethodDescriptionprotected voiddoFilterInternal(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, jakarta.servlet.FilterChain filterChain) org.springframework.security.authentication.AuthenticationManagerResolver<jakarta.servlet.http.HttpServletRequest>voidsetAuthenticationConverter(AuthenticationConverter authenticationConverter) voidsetAuthenticationManagerResolver(org.springframework.security.authentication.AuthenticationManagerResolver<jakarta.servlet.http.HttpServletRequest> authenticationManagerResolver) voidsetFailureHandler(AuthenticationFailureHandler failureHandler) voidsetRequestMatcher(RequestMatcher requestMatcher) voidsetSecurityContextHolderStrategy(org.springframework.security.core.context.SecurityContextHolderStrategy securityContextHolderStrategy) Sets theSecurityContextHolderStrategyto use.voidsetSecurityContextRepository(SecurityContextRepository securityContextRepository) Sets theSecurityContextRepositoryto save theSecurityContexton authentication success.voidsetSuccessHandler(AuthenticationSuccessHandler successHandler) Methods inherited from class org.springframework.web.filter.OncePerRequestFilter
doFilter, doFilterNestedErrorDispatch, getAlreadyFilteredAttributeName, isAsyncDispatch, isAsyncStarted, shouldNotFilter, shouldNotFilterAsyncDispatch, shouldNotFilterErrorDispatchMethods inherited from class org.springframework.web.filter.GenericFilterBean
addRequiredProperty, afterPropertiesSet, createEnvironment, destroy, getEnvironment, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext
-
Constructor Details
-
AuthenticationFilter
public AuthenticationFilter(org.springframework.security.authentication.AuthenticationManager authenticationManager, AuthenticationConverter authenticationConverter) -
AuthenticationFilter
public AuthenticationFilter(org.springframework.security.authentication.AuthenticationManagerResolver<jakarta.servlet.http.HttpServletRequest> authenticationManagerResolver, AuthenticationConverter authenticationConverter)
-
-
Method Details
-
getRequestMatcher
-
setRequestMatcher
-
getAuthenticationConverter
-
setAuthenticationConverter
-
getSuccessHandler
-
setSuccessHandler
-
getFailureHandler
-
setFailureHandler
-
getAuthenticationManagerResolver
public org.springframework.security.authentication.AuthenticationManagerResolver<jakarta.servlet.http.HttpServletRequest> getAuthenticationManagerResolver() -
setAuthenticationManagerResolver
public void setAuthenticationManagerResolver(org.springframework.security.authentication.AuthenticationManagerResolver<jakarta.servlet.http.HttpServletRequest> authenticationManagerResolver) -
setSecurityContextRepository
Sets theSecurityContextRepositoryto save theSecurityContexton authentication success. The default action is not to save theSecurityContext.- Parameters:
securityContextRepository- theSecurityContextRepositoryto use. Cannot be null.
-
setSecurityContextHolderStrategy
public void setSecurityContextHolderStrategy(org.springframework.security.core.context.SecurityContextHolderStrategy securityContextHolderStrategy) Sets theSecurityContextHolderStrategyto use. The default action is to use theSecurityContextHolderStrategystored inSecurityContextHolder.- Since:
- 5.8
-
doFilterInternal
protected void doFilterInternal(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, jakarta.servlet.FilterChain filterChain) throws jakarta.servlet.ServletException, IOException - Specified by:
doFilterInternalin classorg.springframework.web.filter.OncePerRequestFilter- Throws:
jakarta.servlet.ServletExceptionIOException
-