Class AuthenticationFilter
java.lang.Object
org.springframework.web.filter.GenericFilterBean
org.springframework.web.filter.OncePerRequestFilter
org.springframework.security.web.authentication.AuthenticationFilter
- All Implemented Interfaces:
jakarta.servlet.Filter
,org.springframework.beans.factory.Aware
,org.springframework.beans.factory.BeanNameAware
,org.springframework.beans.factory.DisposableBean
,org.springframework.beans.factory.InitializingBean
,org.springframework.context.EnvironmentAware
,org.springframework.core.env.EnvironmentCapable
,org.springframework.web.context.ServletContextAware
public class AuthenticationFilter
extends org.springframework.web.filter.OncePerRequestFilter
A
Filter
that performs authentication of a particular request. An outline of
the logic:
- A request comes in and if it does not match
setRequestMatcher(RequestMatcher)
, then this filter does nothing and theFilterChain
is continued. If it does match then... - An attempt to convert the
HttpServletRequest
into anAuthentication
is made. If the result is empty, then the filter does nothing more and theFilterChain
is continued. If it does create anAuthentication
... - The
AuthenticationManager
specified inAuthenticationFilter(AuthenticationManager, AuthenticationConverter)
is used to perform authentication. - The
AuthenticationManagerResolver
specified inAuthenticationFilter(AuthenticationManagerResolver, AuthenticationConverter)
is used to resolve the appropriate authentication manager from context to perform authentication. - If authentication is successful,
AuthenticationSuccessHandler
is invoked and the authentication is set onSecurityContextHolder
, elseAuthenticationFailureHandler
is invoked
- Since:
- 5.2.0
-
Field Summary
Fields inherited from class org.springframework.web.filter.OncePerRequestFilter
ALREADY_FILTERED_SUFFIX
Fields inherited from class org.springframework.web.filter.GenericFilterBean
logger
-
Constructor Summary
ConstructorDescriptionAuthenticationFilter
(org.springframework.security.authentication.AuthenticationManagerResolver<jakarta.servlet.http.HttpServletRequest> authenticationManagerResolver, AuthenticationConverter authenticationConverter) AuthenticationFilter
(org.springframework.security.authentication.AuthenticationManager authenticationManager, AuthenticationConverter authenticationConverter) -
Method Summary
Modifier and TypeMethodDescriptionprotected void
doFilterInternal
(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, jakarta.servlet.FilterChain filterChain) org.springframework.security.authentication.AuthenticationManagerResolver<jakarta.servlet.http.HttpServletRequest>
void
setAuthenticationConverter
(AuthenticationConverter authenticationConverter) void
setAuthenticationManagerResolver
(org.springframework.security.authentication.AuthenticationManagerResolver<jakarta.servlet.http.HttpServletRequest> authenticationManagerResolver) void
setFailureHandler
(AuthenticationFailureHandler failureHandler) void
setRequestMatcher
(RequestMatcher requestMatcher) void
setSecurityContextHolderStrategy
(org.springframework.security.core.context.SecurityContextHolderStrategy securityContextHolderStrategy) Sets theSecurityContextHolderStrategy
to use.void
setSecurityContextRepository
(SecurityContextRepository securityContextRepository) Sets theSecurityContextRepository
to save theSecurityContext
on authentication success.void
setSuccessHandler
(AuthenticationSuccessHandler successHandler) Methods inherited from class org.springframework.web.filter.OncePerRequestFilter
doFilter, doFilterNestedErrorDispatch, getAlreadyFilteredAttributeName, isAsyncDispatch, isAsyncStarted, shouldNotFilter, shouldNotFilterAsyncDispatch, shouldNotFilterErrorDispatch
Methods inherited from class org.springframework.web.filter.GenericFilterBean
addRequiredProperty, afterPropertiesSet, createEnvironment, destroy, getEnvironment, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext
-
Constructor Details
-
AuthenticationFilter
public AuthenticationFilter(org.springframework.security.authentication.AuthenticationManager authenticationManager, AuthenticationConverter authenticationConverter) -
AuthenticationFilter
public AuthenticationFilter(org.springframework.security.authentication.AuthenticationManagerResolver<jakarta.servlet.http.HttpServletRequest> authenticationManagerResolver, AuthenticationConverter authenticationConverter)
-
-
Method Details
-
getRequestMatcher
-
setRequestMatcher
-
getAuthenticationConverter
-
setAuthenticationConverter
-
getSuccessHandler
-
setSuccessHandler
-
getFailureHandler
-
setFailureHandler
-
getAuthenticationManagerResolver
public org.springframework.security.authentication.AuthenticationManagerResolver<jakarta.servlet.http.HttpServletRequest> getAuthenticationManagerResolver() -
setAuthenticationManagerResolver
public void setAuthenticationManagerResolver(org.springframework.security.authentication.AuthenticationManagerResolver<jakarta.servlet.http.HttpServletRequest> authenticationManagerResolver) -
setSecurityContextRepository
Sets theSecurityContextRepository
to save theSecurityContext
on authentication success. The default action is not to save theSecurityContext
.- Parameters:
securityContextRepository
- theSecurityContextRepository
to use. Cannot be null.
-
setSecurityContextHolderStrategy
public void setSecurityContextHolderStrategy(org.springframework.security.core.context.SecurityContextHolderStrategy securityContextHolderStrategy) Sets theSecurityContextHolderStrategy
to use. The default action is to use theSecurityContextHolderStrategy
stored inSecurityContextHolder
.- Since:
- 5.8
-
doFilterInternal
protected void doFilterInternal(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, jakarta.servlet.FilterChain filterChain) throws jakarta.servlet.ServletException, IOException - Specified by:
doFilterInternal
in classorg.springframework.web.filter.OncePerRequestFilter
- Throws:
jakarta.servlet.ServletException
IOException
-